Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I still don't know what all has taken over my computer


  • This topic is locked This topic is locked
35 replies to this topic

#1 Sinamons2013

Sinamons2013

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 12 June 2014 - 08:06 AM

Computer  puts itself into Airplane Mode almost daily, When I ran "Hijack This"  the other day I could  not fix anything because an "error message" said I had no internet connection and I wasn online These ar just a few of the things listed. Disableing of Regedit with Policies,,autoloading Registry entries, Breaking of Internet access by New.Net or WebHancer, Hijack of default URL prefixes, Fixed lots and lots of 'unexpected error' bugs, Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's.

Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart,  Added a new regval to check for from Whazit hijack (Start Page_bak). Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921  BrowserJavaVersion: 10.60.2
Run by Me at 3:59:54 on 2014-06-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3554.1937 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Windows\splwow64.exe
C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HijackThis startup scan] C:\Users\Donna\Downloads\HijackThis.exe /startupscan
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Donna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CAC8C7B4-D8E2-4963-85A4-A251DD47500E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2014-4-30 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-21 199008]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-6-10 127752]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-21 2451456]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-3-23 225792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-21 269968]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-21 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2013-6-27 20800]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;C:\Windows\System32\Drivers\AGUx64.sys [2008-8-6 1077760]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-21 690832]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-21 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-21 43832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2013-3-18 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-06-12 02:01:18    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB5B3D02-4713-49A7-A3F5-29601CB9B683}\mpengine.dll
2014-06-11 01:32:59    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-06-11 01:32:22    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-06-11 01:17:19    --------    d-----w-    C:\Program Files\HitmanPro
2014-06-11 01:14:55    --------    d-----w-    C:\ProgramData\HitmanPro
2014-06-10 23:35:53    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-10 23:35:45    2862080    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-10 23:35:44    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-06-10 23:34:46    3246592    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-06-10 23:34:46    235520    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-06-10 23:34:45    1301504    ----a-w-    C:\Windows\System32\gdi32.dll
2014-06-10 23:34:45    1023488    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-06-10 23:34:34    619008    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-06-10 23:34:34    328024    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2014-06-10 23:34:33    309760    ----a-w-    C:\Windows\System32\wusa.exe
2014-06-10 23:34:33    305152    ----a-w-    C:\Windows\SysWow64\wusa.exe
2014-06-10 22:00:15    --------    d-----w-    C:\Users\Donna\AppData\Local\Adobe
2014-06-10 21:13:55    2233176    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-06-10 21:13:52    1845760    ----a-w-    C:\Windows\System32\msxml3.dll
2014-06-10 21:13:52    1419264    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-06-10 21:08:58    --------    d-----w-    C:\ProgramData\Oracle
2014-06-10 21:08:43    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-10 15:14:50    --------    d-----w-    C:\Program Files (x86)\ClipGrab
2014-06-10 09:28:53    --------    d-----w-    C:\Users\Donna\AppData\Local\{6CF064A2-16A6-4136-BD8D-B01EA18BE1CE}
2014-06-09 17:38:31    --------    d-----w-    C:\Program Files\iPod
2014-06-09 17:38:29    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 17:38:29    --------    d-----w-    C:\Program Files\iTunes
2014-06-09 17:38:29    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-05-30 13:44:36    --------    d-----w-    C:\Users\Donna\AppData\Local\{1E838EC2-FE73-4212-A8A6-F768F8982E0C}
2014-05-29 21:25:33    --------    d-----w-    C:\Users\Donna\AppData\Local\CrashDumps
2014-05-29 17:45:20    --------    d-----w-    C:\ProgramData\Visan
2014-05-29 17:45:20    --------    d-----w-    C:\ProgramData\HP Photo Creations
2014-05-29 17:45:20    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2014-05-29 17:43:36    --------    d-----w-    C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-29 17:43:31    762400    ------w-    C:\Windows\System32\HPDiscoPMC611.dll
2014-05-29 17:41:38    --------    d-----w-    C:\Program Files (x86)\HP
2014-05-29 17:40:51    --------    d-----w-    C:\Program Files\HP
2014-05-29 17:36:45    --------    d-----w-    C:\Users\Donna\AppData\Local\HP
2014-05-25 03:38:10    --------    d-----w-    C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-17 04:28:42    703992    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-17 04:28:42    105464    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-17 02:57:19    1287168    ----a-w-    C:\Windows\System32\schedsvc.dll
2014-05-16 16:23:20    --------    d-----w-    C:\Users\Donna\.FamilySearchIndexing
2014-05-16 16:22:17    --------    d-----w-    C:\Program Files (x86)\FamilySearch Indexing
2014-05-16 14:56:22    --------    d-----w-    C:\Users\Donna\AppData\Local\{E0898E60-D785-44AE-BE27-6F36362D17E6}
2014-05-14 07:44:24    --------    d-----w-    C:\Users\Donna\AppData\Local\{9083A3A4-3404-4C2B-9E1F-E168E5F33640}
2014-05-14 04:32:04    649504    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
.
==================== Find3M  ====================
.
2014-06-09 11:58:37    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-24 02:47:54    2239488    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-24 02:47:45    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2014-05-24 02:47:44    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2014-05-24 02:46:07    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54    1766400    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-24 01:26:46    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2014-05-24 01:25:49    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-23 22:37:13    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2014-05-17 21:35:11    369168    ----a-w-    C:\Windows\System32\wpcap.dll
2014-05-17 21:35:10    96784    ----a-w-    C:\Windows\SysWow64\packet.dll
2014-05-17 21:35:10    35344    ----a-w-    C:\Windows\System32\drivers\npf.sys
2014-05-17 21:35:10    281104    ----a-w-    C:\Windows\SysWow64\wpcap.dll
2014-05-17 21:35:10    106000    ----a-w-    C:\Windows\System32\packet.dll
2014-05-12 14:26:14    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-12 14:26:00    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 14:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-01 06:02:40    192240    ----a-w-    C:\Windows\System32\SynTPCo18.dll
2014-05-01 06:02:40    151280    ----a-w-    C:\Windows\SysWow64\SynTPCom.dll
2014-05-01 06:02:39    495856    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2014-05-01 06:02:39    264432    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2014-05-01 06:02:24    544496    ----a-w-    C:\Windows\SysWow64\SynCom.dll
2014-05-01 06:02:24    1060080    ----a-w-    C:\Windows\System32\SynCOM.dll
2014-05-01 05:03:50    671744    ------w-    C:\Windows\System32\stapi64.dll
2014-05-01 05:03:50    6085632    ----a-w-    C:\Windows\System32\stlang64.dll
2014-05-01 05:03:50    542208    ----a-w-    C:\Windows\System32\drivers\stwrt64.sys
2014-05-01 05:03:50    499200    ----a-w-    C:\Windows\System32\stcplx64.dll
2014-05-01 05:03:50    255488    ----a-w-    C:\Windows\System32\st646425.dll
2014-05-01 05:03:50    2188800    ----a-w-    C:\Windows\System32\stapo64.dll
2014-05-01 05:03:50    1664000    ----a-w-    C:\Windows\sttray64.exe
2014-05-01 05:03:49    1821184    ----a-w-    C:\Windows\System32\IDTNC64.cpl
2014-05-01 05:03:48    426328    ----a-w-    C:\Windows\System32\EED64A.dll
2014-05-01 05:03:48    3308376    ----a-w-    C:\Windows\System32\EEP64A.dll
2014-05-01 05:03:48    136024    ----a-w-    C:\Windows\System32\EEL64A.dll
2014-05-01 05:03:48    118104    ----a-w-    C:\Windows\System32\EEA64A.dll
2014-04-19 09:39:36    628024    ----a-w-    C:\Windows\System32\NotificationUI.exe
2014-04-19 08:45:39    693760    ----a-w-    C:\Windows\System32\WSShared.dll
2014-04-19 08:45:39    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57:49    566784    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-04-19 06:57:49    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-15 09:34:10    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 09:27:03    172888    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31    578048    ----a-w-    C:\Windows\System32\winlogon.exe
2014-04-12 09:09:43    208896    ----a-w-    C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39    1043968    ----a-w-    C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34    94720    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37    318464    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17    439808    ----a-w-    C:\Windows\System32\lsm.dll
2014-04-12 09:08:17    1281536    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10    827904    ----a-w-    C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36    20480    ----a-w-    C:\Windows\System32\credssp.dll
2014-04-12 07:23:59    178688    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52    961536    ----a-w-    C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49    76800    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14    273920    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58    666624    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06    14848    ----a-w-    C:\Windows\System32\workerdd.dll
2014-03-28 19:19:38    35856    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-03-23 22:11:52    269592    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2014-03-21 13:59:50    147456    ----a-w-    C:\Windows\SysWow64\bzpdfc.dll
.
============= FINISH:  4:00:57.27 ===============



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 12 June 2014 - 01:10 PM

Hello and Welcome on board Sinamons2013 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 13 June 2014 - 06:09 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Me (administrator) on MINEMINEMINE on 13-06-2014 02:41:53
Running from C:\Users\Donna\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-04-30] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
HKU\S-1-5-21-4139982201-1462167991-693713747-1002\...\Run: [HijackThis startup scan] => C:\Users\Donna\Downloads\HijackThis.exe [388608 2014-06-10] (Trend Micro Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-17] (CACE Technologies, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 02:41 - 2014-06-13 02:42 - 00010323 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-13 01:25 - 2014-06-13 01:25 - 00001088 _____ () C:\Users\Donna\Desktop\FRST64 - Shortcut.lnk
2014-06-13 01:24 - 2014-06-13 01:24 - 00001861 _____ () C:\Users\Donna\Desktop\Safe mode-.txt
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-12 21:00 - 2014-06-13 01:08 - 00000000 ____D () C:\Users\Donna\Desktop\Hijack This
2014-06-12 20:04 - 2014-06-13 02:41 - 00000000 ____D () C:\FRST
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 20:26 - 2014-06-12 23:05 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:26 - 2014-06-09 09:19 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-11 20:26 - 2014-05-27 21:54 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-06-11 20:26 - 2014-05-16 20:20 - 00001658 _____ () C:\Users\Donna\Desktop\Print\Documents\Recuva.lnk
2014-06-11 20:26 - 2014-05-16 19:00 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\JVC
2014-06-11 20:26 - 2014-02-19 01:56 - 00608409 _____ () C:\Users\Donna\Desktop\Print\Documents\taxReturn.tax2013
2014-06-11 00:20 - 2014-06-11 00:39 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:03 - 2014-06-11 00:04 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:42 - 2014-06-12 06:16 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-10 20:41 - 2014-06-11 02:17 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-10 18:32 - 2014-06-11 01:15 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-10 18:32 - 2014-01-19 00:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 18:14 - 2014-06-10 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 18:13 - 2014-06-10 18:14 - 09741664 _____ (SurfRight B.V.) C:\Users\Donna\Downloads\HitmanPro_x64.exe
2014-06-10 16:36 - 2014-05-23 19:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:36 - 2014-05-23 19:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 19:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 18:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:36 - 2014-05-23 18:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 18:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 15:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-10 16:34 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 16:34 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-10 16:34 - 2014-04-29 15:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-10 16:34 - 2014-04-29 15:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-10 16:34 - 2014-04-03 04:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-10 16:34 - 2014-04-02 20:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-10 16:34 - 2014-03-31 15:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-10 16:34 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-10 16:34 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-10 15:28 - 2014-06-10 16:10 - 112616784 _____ (Apple Inc.) C:\Users\Donna\Downloads\iTunes64Setup(1).exe
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:13 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:13 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 14:13 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:06 - 2014-06-10 08:09 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 02:28 - 2014-06-10 02:29 - 00000000 ____D () C:\Users\Donna\AppData\Local\{6CF064A2-16A6-4136-BD8D-B01EA18BE1CE}
2014-06-10 01:45 - 2014-06-11 01:27 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-06-09 05:32 - 2014-06-09 05:32 - 00410112 _____ (Farbar) C:\Users\Donna\Downloads\FSS.exe
2014-05-30 06:44 - 2014-05-30 06:44 - 00000000 ____D () C:\Users\Donna\AppData\Local\{1E838EC2-FE73-4212-A8A6-F768F8982E0C}
2014-05-30 04:23 - 2014-05-30 04:24 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:13 - 2014-05-30 03:15 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 14:25 - 2014-06-10 14:34 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:43 - 2014-06-13 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-29 10:43 - 2014-06-07 15:15 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC611.dll
2014-05-29 10:41 - 2014-05-29 10:43 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 10:39 - 2014-05-29 10:41 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:36 - 2014-05-29 10:50 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 08:34 - 2014-06-13 02:39 - 00013800 _____ () C:\Windows\PFRO.log
2014-05-29 08:34 - 2014-06-13 01:50 - 01066624 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-23 16:58 - 2014-05-24 20:41 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-23 16:58 - 2014-05-24 20:41 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-18 16:57 - 2014-05-18 16:59 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-17 16:58 - 2014-06-10 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 21:28 - 2014-05-30 22:16 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 21:28 - 2014-05-30 22:16 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 21:16 - 2014-05-16 21:16 - 01682336 _____ (ESET) C:\Users\Donna\Downloads\eset_nod32_antivirus_live_installer.exe
2014-05-16 20:29 - 2014-05-16 20:33 - 22154766 _____ () C:\Users\Donna\Downloads\EmsisoftEmergencyKit.exe.part
2014-05-16 20:29 - 2014-05-16 20:29 - 00000000 _____ () C:\Users\Donna\Downloads\EmsisoftEmergencyKit.exe
2014-05-16 20:19 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 20:19 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 20:18 - 2014-05-16 20:20 - 04210920 _____ (Piriform Ltd) C:\Users\Donna\Downloads\rcsetup151.exe
2014-05-16 20:18 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-16 20:18 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-16 20:12 - 2014-06-13 02:39 - 00000000 ____D () C:\Program Files\Recuva
2014-05-16 19:58 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 19:58 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 19:58 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-16 19:58 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-16 19:58 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 19:58 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 19:58 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 19:58 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 19:58 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-16 19:58 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 19:58 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 19:58 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-16 19:58 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-16 19:58 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 19:58 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 19:58 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 19:58 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 19:58 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 19:58 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-16 19:58 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 19:58 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 19:58 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 19:58 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 19:58 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 19:58 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 19:58 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 19:58 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 19:58 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-16 19:58 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 19:58 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-16 19:57 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-16 09:23 - 2014-05-16 09:23 - 00000110 _____ () C:\Users\Donna\jobq.dat
2014-05-16 09:23 - 2014-05-16 09:23 - 00000000 ____D () C:\Users\Donna\.FamilySearchIndexing
2014-05-16 09:22 - 2014-05-16 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
2014-05-16 09:22 - 2014-05-16 09:22 - 00000000 ____D () C:\Program Files (x86)\FamilySearch Indexing
2014-05-16 07:56 - 2014-05-16 07:56 - 00000000 ____D () C:\Users\Donna\AppData\Local\{E0898E60-D785-44AE-BE27-6F36362D17E6}
2014-05-14 00:44 - 2014-05-14 00:44 - 00000000 ____D () C:\Users\Donna\AppData\Local\{9083A3A4-3404-4C2B-9E1F-E168E5F33640}

==================== One Month Modified Files and Folders =======

2014-06-13 02:42 - 2014-06-13 02:41 - 00010323 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-13 02:42 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna\AppData\Local\Temp
2014-06-13 02:41 - 2014-06-12 20:04 - 00000000 ____D () C:\FRST
2014-06-13 02:39 - 2014-05-29 08:34 - 00013800 _____ () C:\Windows\PFRO.log
2014-06-13 02:39 - 2014-05-16 20:12 - 00000000 ____D () C:\Program Files\Recuva
2014-06-13 02:39 - 2014-04-30 14:34 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4139982201-1462167991-693713747-1002
2014-06-13 02:23 - 2014-05-01 07:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 02:05 - 2014-05-03 01:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 02:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-13 01:55 - 2014-05-29 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-13 01:50 - 2014-05-29 08:34 - 01066624 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 01:29 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 01:25 - 2014-06-13 01:25 - 00001088 _____ () C:\Users\Donna\Desktop\FRST64 - Shortcut.lnk
2014-06-13 01:24 - 2014-06-13 01:24 - 00001861 _____ () C:\Users\Donna\Desktop\Safe mode-.txt
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-13 01:08 - 2014-06-12 21:00 - 00000000 ____D () C:\Users\Donna\Desktop\Hijack This
2014-06-12 23:05 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 19:39 - 2014-04-29 23:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D201726-324C-4162-BA82-0649E7DF7D9D}
2014-06-12 06:17 - 2014-04-30 18:19 - 00000000 ___RD () C:\Users\Donna\Desktop\Dropbox
2014-06-12 06:16 - 2014-06-10 20:42 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 21:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:21 - 2014-04-30 13:49 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Dropbox
2014-06-11 20:15 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 20:14 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\DropboxMaster
2014-06-11 20:00 - 2014-05-01 07:35 - 00000000 ____D () C:\Users\Donna\AppData\Local\NETGEARGenie
2014-06-11 20:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 08:36 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-11 08:25 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Facebook
2014-06-11 02:17 - 2014-06-10 20:41 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-11 02:12 - 2014-04-30 19:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-11 02:11 - 2014-04-30 19:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 01:27 - 2014-06-10 01:45 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-11 01:15 - 2014-06-10 18:32 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-11 00:39 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:04 - 2014-06-11 00:03 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:23 - 2014-06-10 18:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 18:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-10 18:30 - 2014-04-29 23:27 - 00000000 ____D () C:\Users\Donna\AppData\Local\VirtualStore
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 18:14 - 2014-06-10 18:13 - 09741664 _____ (SurfRight B.V.) C:\Users\Donna\Downloads\HitmanPro_x64.exe
2014-06-10 16:37 - 2014-04-30 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 16:10 - 2014-06-10 15:28 - 112616784 _____ (Apple Inc.) C:\Users\Donna\Downloads\iTunes64Setup(1).exe
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:34 - 2014-05-29 14:25 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-06-10 14:23 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-10 14:17 - 2014-05-01 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:15 - 2014-05-01 08:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:56 - 2014-05-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 13:51 - 2014-05-03 01:50 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:09 - 2014-06-10 08:06 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 02:29 - 2014-06-10 02:28 - 00000000 ____D () C:\Users\Donna\AppData\Local\{6CF064A2-16A6-4136-BD8D-B01EA18BE1CE}
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 23:45 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Donna\AppData\Local\Hewlett-Packard
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 09:19 - 2014-06-11 20:26 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-06-09 05:32 - 2014-06-09 05:32 - 00410112 _____ (Farbar) C:\Users\Donna\Downloads\FSS.exe
2014-06-09 04:57 - 2014-05-01 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 04:57 - 2014-05-01 07:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-08 21:58 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-07 15:15 - 2014-05-29 10:43 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-06-04 04:00 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Pinterest
2014-05-30 22:16 - 2014-05-16 21:28 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-30 22:16 - 2014-05-16 21:28 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 06:44 - 2014-05-30 06:44 - 00000000 ____D () C:\Users\Donna\AppData\Local\{1E838EC2-FE73-4212-A8A6-F768F8982E0C}
2014-05-30 04:24 - 2014-05-30 04:23 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:15 - 2014-05-30 03:13 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 13:12 - 2012-08-16 21:26 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-29 10:50 - 2014-05-29 10:36 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 10:50 - 2014-04-29 23:33 - 00000000 ___RD () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:45 - 2012-08-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2014-05-29 10:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:41 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-29 03:01 - 2014-02-20 21:32 - 00000000 ____D () C:\Users\Donna\Desktop\Harleysgirlz2@gmail.com
2014-05-27 22:33 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 21:54 - 2014-06-11 20:26 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-05-27 21:54 - 2014-05-01 01:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-24 20:41 - 2014-05-23 16:58 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-24 20:41 - 2014-05-23 16:58 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-24 20:41 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna
2014-05-24 20:40 - 2012-08-16 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-24 20:40 - 2012-08-16 21:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-24 20:36 - 2012-08-16 21:28 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-05-24 20:35 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-05-23 19:48 - 2014-06-10 16:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-23 19:47 - 2014-06-10 16:36 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-23 19:45 - 2014-06-10 16:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-23 18:25 - 2014-06-10 16:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-23 18:09 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-23 18:03 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-23 15:37 - 2014-06-10 16:36 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-05-18 16:59 - 2014-05-18 16:57 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-18 16:52 - 2014-04-30 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-18 15:45 - 2012-09-21 15:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-05-18 15:44 - 2012-08-16 21:33 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-18 15:26 - 2012-09-21 16:12 - 00000000 ____D () C:\ProgramData\Norton
2014-05-18 15:25 - 2014-05-03 15:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-17 14:35 - 2014-05-01 07:34 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-05-17 14:35 - 2014-05-01 07:34 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2014-05-16 21:33 - 2014-04-29 23:33 - 00000000 ___RD () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 21:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 21:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 21:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 21:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 21:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 21:16 - 2014-05-16 21:16 - 01682336 _____ (ESET) C:\Users\Donna\Downloads\eset_nod32_antivirus_live_installer.exe
2014-05-16 20:33 - 2014-05-16 20:29 - 22154766 _____ () C:\Users\Donna\Downloads\EmsisoftEmergencyKit.exe.part
2014-05-16 20:29 - 2014-05-16 20:29 - 00000000 _____ () C:\Users\Donna\Downloads\EmsisoftEmergencyKit.exe
2014-05-16 20:20 - 2014-06-11 20:26 - 00001658 _____ () C:\Users\Donna\Desktop\Print\Documents\Recuva.lnk
2014-05-16 20:20 - 2014-05-16 20:18 - 04210920 _____ (Piriform Ltd) C:\Users\Donna\Downloads\rcsetup151.exe
2014-05-16 19:20 - 2012-08-03 15:28 - 00000000 ____D () C:\Users\Administrator
2014-05-16 19:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 19:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\ras
2014-05-16 19:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-05-16 19:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-05-16 19:19 - 2012-07-26 00:52 - 00000000 ____D () C:\Windows\ShellNew
2014-05-16 19:19 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-16 19:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-05-16 19:12 - 2014-05-03 15:48 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-16 19:12 - 2014-05-03 15:38 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-16 19:12 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-16 19:12 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-05-16 19:03 - 2014-05-01 07:34 - 00000000 ____D () C:\Program Files (x86)\NETGEAR Genie
2014-05-16 19:02 - 2014-05-08 00:21 - 00000000 ____D () C:\Program Files (x86)\Digital Photo Navigator 1.5
2014-05-16 19:00 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\JVC
2014-05-16 18:56 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-05-16 09:23 - 2014-05-16 09:23 - 00000110 _____ () C:\Users\Donna\jobq.dat
2014-05-16 09:23 - 2014-05-16 09:23 - 00000000 ____D () C:\Users\Donna\.FamilySearchIndexing
2014-05-16 09:22 - 2014-05-16 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
2014-05-16 09:22 - 2014-05-16 09:22 - 00000000 ____D () C:\Program Files (x86)\FamilySearch Indexing
2014-05-16 07:56 - 2014-05-16 07:56 - 00000000 ____D () C:\Users\Donna\AppData\Local\{E0898E60-D785-44AE-BE27-6F36362D17E6}
2014-05-14 00:44 - 2014-05-14 00:44 - 00000000 ____D () C:\Users\Donna\AppData\Local\{9083A3A4-3404-4C2B-9E1F-E168E5F33640}

Files to move or delete:
====================
C:\Users\Donna\jobq.dat


Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpskghu8.dll
C:\Users\Donna\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2014-06-08 22:11

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Me at 2014-06-13 02:42:51
Running from C:\Users\Donna\Downloads
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.4.0.2240 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.4.0.2240 - Bullzip)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
ClipGrab 3.4.3 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2.5712 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2110 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{3AD2C353-825B-47E6-9396-3C2F78D194FE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{29B1CB33-32C3-4762-85DA-8CEADDC36EA7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.7.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.24 - NETGEAR Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points  =========================

25-05-2014 03:38:27 Installed HP Support Assistant
01-06-2014 10:02:25 Scheduled Checkpoint
09-06-2014 05:14:49 Scheduled Checkpoint
10-06-2014 20:56:16 Installed Windows Media Player Firefox Plugin
13-06-2014 08:45:10 Removed Product Improvement Study for HP Officejet 4630 series

==================== Hosts content: ==========================

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03AF07F2-3167-4F8B-AF6C-5902A5DE37AA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20C5550C-D916-42C3-9284-E5A95F21A5D5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2BEB0703-271C-4D03-B2B6-6054B2387AEE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {2C2F853F-535A-4962-894D-F7A244851384} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-10] (Adobe Systems Incorporated)
Task: {370A8B42-A6D7-403F-80B5-A6D136BE935D} - System32\Tasks\HPCeeScheduleForMe => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {502D23FB-119F-4144-B83D-FDFF17313A32} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5E314ACF-42B8-449B-A43B-028C9A4F3098} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {91AAD141-4425-43F5-8414-17715696A3DF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe
Task: {A1E3DA37-B188-4AB0-A586-B1DCCD3B2557} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B18C6337-A6AF-4A14-B354-EB7FBB382C97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B2BC792F-A4FC-4CA5-AB60-8E5861D4157F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C90A6842-C14D-43FD-B293-6F0FCF6CF6E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-30] (Synaptics Incorporated)
Task: {CFD6184C-FDB3-4844-9E5F-D801E0FB4B5C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-10] (Microsoft Corporation)
Task: {E2FA4B11-A9FD-4B42-9757-097325CBB4CE} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {E398F378-68B7-498D-9F1D-F930AF5857E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ECC33701-04BE-4967-822F-399BABEA538E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {EFDBF36F-6CB4-4094-88B9-B1DDE1AAF158} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F5DC8D92-5FEA-44A1-8D32-08823DFC8E17} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ANIWZCS2Service"
HKLM\...\StartupApproved\Run32: => "D-Link RangeBooster G WUA-2340"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Power2GoExpress8"

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 01:22:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional 2010; Error = 0x8007043c).

Error: (06/13/2014 01:22:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional 2010; Error = 0x8007043c).

Error: (06/13/2014 01:22:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional 2010; Error = 0x8007043c).

Error: (06/13/2014 00:28:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:28:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/13/2014 00:16:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:16:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/13/2014 00:06:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:06:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/12/2014 11:59:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.


System errors:
=============
Error: (06/13/2014 02:41:44 AM) (Source: DCOM) (EventID: 10005) (User: MINEMINEMINE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2014 02:41:19 AM) (Source: DCOM) (EventID: 10005) (User: MINEMINEMINE)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (06/13/2014 02:41:19 AM) (Source: DCOM) (EventID: 10005) (User: MINEMINEMINE)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (06/13/2014 02:41:19 AM) (Source: DCOM) (EventID: 10005) (User: MINEMINEMINE)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (06/13/2014 02:41:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/13/2014 01:22:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional 20100x8007043c

Error: (06/13/2014 01:22:16 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional 20100x8007043c

Error: (06/13/2014 01:22:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional 20100x8007043c

Error: (06/13/2014 00:28:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:28:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/13/2014 00:16:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:16:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/13/2014 00:06:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.

Error: (06/13/2014 00:06:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353   22 4.1.168.192.in-addr.arpa. PTR MineMineMine-2.local.

Error: (06/12/2014 11:59:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 4.1.168.192.in-addr.arpa. PTR MineMineMine.local.


CodeIntegrity Errors:
===================================
  Date: 2014-05-01 06:40:46.506
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\ANIO64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-30 20:40:54.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:40:27.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:18:38.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:18:33.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:17:44.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:17:44.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:11:52.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:10:15.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-30 20:09:44.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 3554.26 MB
Available physical RAM: 2657.89 MB
Total Pagefile: 4194.26 MB
Available Pagefile: 3336.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.89 GB) (Free:337.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.1 GB) (Free:3 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1AD5C5A9)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 13 June 2014 - 07:04 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 16 June 2014 - 05:11 AM

Should I have run these in "Safe Mode" ? 

I stopped after the first two reports, Junkware Removal Tool asked that I shut down protection software so I thought I'd better ask.

 

# AdwCleaner v3.212 - Report created 16/06/2014 at 02:23:19
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Me - MINEMINEMINE
# Running from : C:\Users\Donna\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


[ File : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2515 octets] - [16/06/2014 01:29:50]
AdwCleaner[R1].txt - [2635 octets] - [16/06/2014 02:07:52]
AdwCleaner[S0].txt - [2576 octets] - [16/06/2014 01:30:40]
AdwCleaner[S1].txt - [2556 octets] - [16/06/2014 02:23:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2616 octets] ##########
 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/16/2014

Scan Time: 2:33:57 AM

Logfile: MBAM 06-16

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.16.03

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Me

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 317843

Time Elapsed: 17 min, 50 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Disabled

Rootkits: Enabled

Heuristics: Disabled

PUP: Disabled

PUM: Disabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/16/2014

Scan Time: 2:33:57 AM

Logfile: MBAM 06-16

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.16.03

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Me

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 317843

Time Elapsed: 17 min, 50 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Disabled

Rootkits: Enabled

Heuristics: Disabled

PUP: Disabled

PUM: Disabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 16 June 2014 - 05:53 AM

No run this in Normal Mode. Disable your real time protection and proceed with the other steps.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 16 June 2014 - 05:53 AM

And , Happy Birthday. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 16 June 2014 - 07:43 AM

Wow, you guy's are AWESOME!   ~  I'm getting better help here at Bleeping Computer  than any of the places I've been in the past paid or not        And thank you for the "Birthday Wish"

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Me on Mon 06/16/2014 at  4:56:50.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{1E838EC2-FE73-4212-A8A6-F768F8982E0C}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{2AAE0864-5972-4363-803E-8CA7DE8A1B4A}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{4312A61B-9EE0-404A-A171-15C8D44DAC20}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{6CF064A2-16A6-4136-BD8D-B01EA18BE1CE}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{9083A3A4-3404-4C2B-9E1F-E168E5F33640}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{A4FEA07B-0C66-4C12-9616-E6A25AEE2842}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{B0B61B57-B861-406B-9100-5C3CA2EA1EB5}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{E0380872-50D9-4724-BB54-EAAB12831733}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{E0898E60-D785-44AE-BE27-6F36362D17E6}
Successfully deleted: [Empty Folder] C:\Users\Donna\appdata\local\{F3E4A3DE-E269-4D97-B473-ECAB68A05646}



~~~ FireFox

Emptied folder: C:\Users\Donna\AppData\Roaming\mozilla\firefox\profiles\498jellj.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/16/2014 at  5:03:36.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Me (administrator) on MINEMINEMINE on 16-06-2014 05:25:41
Running from C:\Users\Donna\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Farbar) C:\Users\Donna\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-04-30] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
HKU\S-1-5-21-4139982201-1462167991-693713747-1002\...\Run: [HijackThis startup scan] => C:\Users\Donna\Downloads\HijackThis.exe [388608 2014-06-10] (Trend Micro Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-17] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 05:23 - 2014-06-16 05:23 - 02081280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64(1).exe
2014-06-16 05:18 - 2014-06-16 05:18 - 00001811 _____ () C:\Users\Donna\Desktop\JRT 06-16-14.txt
2014-06-16 05:03 - 2014-06-16 05:03 - 00001811 _____ () C:\Users\Donna\Desktop\JRT.txt
2014-06-16 04:56 - 2014-06-16 04:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 04:52 - 2014-06-16 04:52 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\DIY Pain Rubs
2014-06-16 03:16 - 2014-06-16 03:17 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Fundraising on Facebook
2014-06-16 02:32 - 2014-06-16 02:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 02:31 - 2014-05-12 07:35 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 02:31 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 02:29 - 2014-06-16 02:31 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup.exe
2014-06-16 02:22 - 2014-06-16 03:44 - 00000000 ____D () C:\Users\Donna\Desktop\Salt Dough Ideas
2014-06-16 02:02 - 2014-06-16 02:03 - 01016261 _____ (Thisisu) C:\Users\Donna\Downloads\JRT.exe
2014-06-16 01:29 - 2014-06-16 02:23 - 00000000 ____D () C:\AdwCleaner
2014-06-16 01:21 - 2014-06-16 01:21 - 01333465 _____ () C:\Users\Donna\Downloads\AdwCleaner.exe
2014-06-16 00:18 - 2014-06-16 04:51 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Backrounds
2014-06-15 21:37 - 2014-06-16 04:50 - 00000000 ____D () C:\Users\Donna\Desktop\Kid Stuff
2014-06-15 03:03 - 2014-06-15 03:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Cyberlink
2014-06-15 03:00 - 2014-06-15 03:00 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\WebApp
2014-06-15 02:48 - 2014-06-15 02:48 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\CyberLink
2014-06-14 16:03 - 2014-06-14 16:03 - 00000000 ____D () C:\Users\Donna\Desktop\Danee-Taffy
2014-06-13 02:42 - 2014-06-13 02:43 - 00038618 _____ () C:\Users\Donna\Downloads\Addition.txt
2014-06-13 02:41 - 2014-06-16 05:25 - 00012872 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-12 20:04 - 2014-06-16 05:25 - 00000000 ____D () C:\FRST
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 20:26 - 2014-06-12 23:05 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:26 - 2014-06-09 09:19 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-11 20:26 - 2014-05-27 21:54 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-06-11 20:26 - 2014-05-16 20:20 - 00001658 _____ () C:\Users\Donna\Desktop\Print\Documents\Recuva.lnk
2014-06-11 20:26 - 2014-05-16 19:00 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\JVC
2014-06-11 20:26 - 2014-02-19 01:56 - 00608409 _____ () C:\Users\Donna\Desktop\Print\Documents\taxReturn.tax2013
2014-06-11 00:20 - 2014-06-11 00:39 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:03 - 2014-06-11 00:04 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:42 - 2014-06-16 03:16 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-10 20:41 - 2014-06-11 02:17 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-10 18:32 - 2014-06-11 01:15 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-10 18:32 - 2014-01-19 00:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 18:14 - 2014-06-10 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 16:36 - 2014-05-23 19:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:36 - 2014-05-23 19:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 19:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 18:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:36 - 2014-05-23 18:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 18:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 15:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-10 16:34 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 16:34 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-10 16:34 - 2014-04-29 15:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-10 16:34 - 2014-04-29 15:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-10 16:34 - 2014-04-03 04:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-10 16:34 - 2014-04-02 20:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-10 16:34 - 2014-03-31 15:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-10 16:34 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-10 16:34 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:13 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:13 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 14:13 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:06 - 2014-06-10 08:09 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 01:45 - 2014-06-11 01:27 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-05-30 04:23 - 2014-05-30 04:24 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:13 - 2014-05-30 03:15 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 14:25 - 2014-06-13 18:42 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:43 - 2014-06-13 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-29 10:43 - 2014-06-07 15:15 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC611.dll
2014-05-29 10:41 - 2014-05-29 10:43 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 10:39 - 2014-05-29 10:41 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:36 - 2014-05-29 10:50 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 08:34 - 2014-06-16 04:07 - 01554008 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 08:34 - 2014-06-16 02:24 - 00014916 _____ () C:\Windows\PFRO.log
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-23 16:58 - 2014-05-24 20:41 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-23 16:58 - 2014-05-24 20:41 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-18 16:57 - 2014-05-18 16:59 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-17 16:58 - 2014-06-10 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-16 05:26 - 2014-06-13 02:41 - 00012872 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-16 05:26 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna\AppData\Local\Temp
2014-06-16 05:25 - 2014-06-12 20:04 - 00000000 ____D () C:\FRST
2014-06-16 05:23 - 2014-06-16 05:23 - 02081280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64(1).exe
2014-06-16 05:18 - 2014-06-16 05:18 - 00001811 _____ () C:\Users\Donna\Desktop\JRT 06-16-14.txt
2014-06-16 05:05 - 2014-05-03 01:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 05:03 - 2014-06-16 05:03 - 00001811 _____ () C:\Users\Donna\Desktop\JRT.txt
2014-06-16 04:56 - 2014-06-16 04:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 04:52 - 2014-06-16 04:52 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\DIY Pain Rubs
2014-06-16 04:51 - 2014-06-16 00:18 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Backrounds
2014-06-16 04:50 - 2014-06-15 21:37 - 00000000 ____D () C:\Users\Donna\Desktop\Kid Stuff
2014-06-16 04:07 - 2014-05-29 08:34 - 01554008 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 04:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-16 03:44 - 2014-06-16 02:22 - 00000000 ____D () C:\Users\Donna\Desktop\Salt Dough Ideas
2014-06-16 03:17 - 2014-06-16 03:16 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Fundraising on Facebook
2014-06-16 03:16 - 2014-06-10 20:42 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-16 02:33 - 2014-06-16 02:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:29 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup.exe
2014-06-16 02:24 - 2014-05-29 08:34 - 00014916 _____ () C:\Windows\PFRO.log
2014-06-16 02:24 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 02:23 - 2014-06-16 01:29 - 00000000 ____D () C:\AdwCleaner
2014-06-16 02:23 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-16 02:03 - 2014-06-16 02:02 - 01016261 _____ (Thisisu) C:\Users\Donna\Downloads\JRT.exe
2014-06-16 01:21 - 2014-06-16 01:21 - 01333465 _____ () C:\Users\Donna\Downloads\AdwCleaner.exe
2014-06-15 21:37 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Pinterest
2014-06-15 18:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-15 16:57 - 2014-04-29 23:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D201726-324C-4162-BA82-0649E7DF7D9D}
2014-06-15 03:16 - 2012-08-16 21:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-15 03:15 - 2012-09-21 15:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-06-15 03:15 - 2012-08-16 21:07 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-15 03:11 - 2012-08-16 21:08 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-15 03:03 - 2014-06-15 03:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Cyberlink
2014-06-15 03:00 - 2014-06-15 03:00 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\WebApp
2014-06-15 02:48 - 2014-06-15 02:48 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\CyberLink
2014-06-15 02:48 - 2014-05-01 00:45 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\CyberLink
2014-06-14 19:56 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Facebook
2014-06-14 16:03 - 2014-06-14 16:03 - 00000000 ____D () C:\Users\Donna\Desktop\Danee-Taffy
2014-06-13 18:47 - 2013-01-13 10:27 - 00000000 ____D () C:\Users\Donna\AppData\Local\Packages
2014-06-13 18:42 - 2014-05-29 14:25 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-06-13 03:28 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 03:16 - 2014-04-30 14:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4139982201-1462167991-693713747-1002
2014-06-13 02:43 - 2014-06-13 02:42 - 00038618 _____ () C:\Users\Donna\Downloads\Addition.txt
2014-06-13 02:39 - 2014-05-16 20:12 - 00000000 ____D () C:\Program Files\Recuva
2014-06-13 01:55 - 2014-05-29 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-12 23:05 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 06:17 - 2014-04-30 18:19 - 00000000 ___RD () C:\Users\Donna\Desktop\Dropbox
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 21:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:21 - 2014-04-30 13:49 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Dropbox
2014-06-11 20:14 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\DropboxMaster
2014-06-11 20:00 - 2014-05-01 07:35 - 00000000 ____D () C:\Users\Donna\AppData\Local\NETGEARGenie
2014-06-11 20:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 08:36 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-11 02:17 - 2014-06-10 20:41 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-11 02:12 - 2014-04-30 19:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-11 02:11 - 2014-04-30 19:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 01:27 - 2014-06-10 01:45 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-11 01:15 - 2014-06-10 18:32 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-11 00:39 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:04 - 2014-06-11 00:03 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:23 - 2014-06-10 18:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 18:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-10 18:30 - 2014-04-29 23:27 - 00000000 ____D () C:\Users\Donna\AppData\Local\VirtualStore
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 16:37 - 2014-04-30 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:17 - 2014-05-01 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:15 - 2014-05-01 08:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:56 - 2014-05-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 13:51 - 2014-05-03 01:50 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:09 - 2014-06-10 08:06 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 23:45 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Donna\AppData\Local\Hewlett-Packard
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 09:19 - 2014-06-11 20:26 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-06-07 15:15 - 2014-05-29 10:43 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-30 22:16 - 2014-05-16 21:28 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-30 22:16 - 2014-05-16 21:28 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 04:24 - 2014-05-30 04:23 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:15 - 2014-05-30 03:13 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 13:12 - 2012-08-16 21:26 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-29 10:50 - 2014-05-29 10:36 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 10:50 - 2014-04-29 23:33 - 00000000 ___RD () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:45 - 2012-08-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2014-05-29 10:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:41 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-29 03:01 - 2014-02-20 21:32 - 00000000 ____D () C:\Users\Donna\Desktop\Harleysgirlz2@gmail.com
2014-05-27 22:33 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 21:54 - 2014-06-11 20:26 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-05-27 21:54 - 2014-05-01 01:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-24 20:41 - 2014-05-23 16:58 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-24 20:41 - 2014-05-23 16:58 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-24 20:41 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna
2014-05-24 20:40 - 2012-08-16 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-24 20:36 - 2012-08-16 21:28 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-05-24 20:35 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-05-23 19:48 - 2014-06-10 16:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-23 19:47 - 2014-06-10 16:36 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-23 19:45 - 2014-06-10 16:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-23 18:25 - 2014-06-10 16:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-23 18:09 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-23 18:03 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-23 15:37 - 2014-06-10 16:36 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-05-18 16:59 - 2014-05-18 16:57 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-18 16:52 - 2014-04-30 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-18 15:44 - 2012-08-16 21:33 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-18 15:26 - 2012-09-21 16:12 - 00000000 ____D () C:\ProgramData\Norton
2014-05-18 15:25 - 2014-05-03 15:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-17 14:35 - 2014-05-01 07:34 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-05-17 14:35 - 2014-05-01 07:34 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk

Files to move or delete:
====================
C:\Users\Donna\jobq.dat


Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpskghu8.dll
C:\Users\Donna\AppData\Local\Temp\HitmanPro.exe
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-16 03:24

==================== End Of Log ============================



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 16 June 2014 - 07:48 AM

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:


e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 16 June 2014 - 08:53 AM

Eset- Virus signature database has an undocumented serious error  (0x 1106) ????



#11 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 16 June 2014 - 09:30 AM

I ran these two before I got the "Error" message in Eset, I also need to know if I could have infected another computer, I was doing reports in Excel and putting into "Dropbox" that they would than extract to their computer"  I have not sent any more reports since discovering this mess. Is it safe? Thank you so much for your help

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Me at 2014-06-16 06:26:37 Run:1
Running from C:\Users\Donna\Desktop\Farber\FRST 64
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-06-15 16:57 - 2014-04-29 23:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D201726-324C-4162-BA82-0649E7DF7D9D}
C:\Users\Donna\jobq.dat
C:\Users\Donna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpskghu8.dll
C:\Users\Donna\AppData\Local\Temp\HitmanPro.exe
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} => Moved successfully.
C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D201726-324C-4162-BA82-0649E7DF7D9D} => Moved successfully.
C:\Users\Donna\jobq.dat => Moved successfully.
C:\Users\Donna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpskghu8.dll => Moved successfully.
C:\Users\Donna\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

 

Farbar Service Scanner Version: 10-06-2014
Ran by Me (administrator) on 16-06-2014 at 06:27:27
Running from "C:\Users\Donna\Desktop\Farber"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 16 June 2014 - 10:03 AM

Is it safe?

Should be no problem. For now don't do this until we clean the computer.

Please delete the current version of ESET and then redo the steps and tell me if it worked this time.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 16 June 2014 - 03:38 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=c5261d6c75b1a84da3bb49fb48a73adf
# engine=18741
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-16 08:07:33
# local_time=2014-06-16 01:07:33 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 7250142 0 0
# scanned=264952
# found=2
# cleaned=0
# scan_time=13742
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Donna\Downloads\rcsetup150.exe"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Donna\Downloads\rcsetup151.exe"
 



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 PM

Posted 17 June 2014 - 02:28 AM

What's with step #2?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Sinamons2013

Sinamons2013
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:19 PM

Posted 17 June 2014 - 04:05 AM

Ooppps, Sorry, I was so tired this morning I thought I'd posted it.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Me (administrator) on MINEMINEMINE on 16-06-2014 05:25:41
Running from C:\Users\Donna\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Farbar) C:\Users\Donna\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-04-30] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
HKU\S-1-5-21-4139982201-1462167991-693713747-1002\...\Run: [HijackThis startup scan] => C:\Users\Donna\Downloads\HijackThis.exe [388608 2014-06-10] (Trend Micro Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Donna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\498jellj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 A5AGU; C:\Windows\system32\DRIVERS\AGUx64.sys [1077760 2008-08-06] (D-Link Corporation)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-17] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 05:23 - 2014-06-16 05:23 - 02081280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64(1).exe
2014-06-16 05:18 - 2014-06-16 05:18 - 00001811 _____ () C:\Users\Donna\Desktop\JRT 06-16-14.txt
2014-06-16 05:03 - 2014-06-16 05:03 - 00001811 _____ () C:\Users\Donna\Desktop\JRT.txt
2014-06-16 04:56 - 2014-06-16 04:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 04:52 - 2014-06-16 04:52 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\DIY Pain Rubs
2014-06-16 03:16 - 2014-06-16 03:17 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Fundraising on Facebook
2014-06-16 02:32 - 2014-06-16 02:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 02:31 - 2014-05-12 07:35 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 02:31 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 02:29 - 2014-06-16 02:31 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup.exe
2014-06-16 02:22 - 2014-06-16 03:44 - 00000000 ____D () C:\Users\Donna\Desktop\Salt Dough Ideas
2014-06-16 02:02 - 2014-06-16 02:03 - 01016261 _____ (Thisisu) C:\Users\Donna\Downloads\JRT.exe
2014-06-16 01:29 - 2014-06-16 02:23 - 00000000 ____D () C:\AdwCleaner
2014-06-16 01:21 - 2014-06-16 01:21 - 01333465 _____ () C:\Users\Donna\Downloads\AdwCleaner.exe
2014-06-16 00:18 - 2014-06-16 04:51 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Backrounds
2014-06-15 21:37 - 2014-06-16 04:50 - 00000000 ____D () C:\Users\Donna\Desktop\Kid Stuff
2014-06-15 03:03 - 2014-06-15 03:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Cyberlink
2014-06-15 03:00 - 2014-06-15 03:00 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\WebApp
2014-06-15 02:48 - 2014-06-15 02:48 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\CyberLink
2014-06-14 16:03 - 2014-06-14 16:03 - 00000000 ____D () C:\Users\Donna\Desktop\Danee-Taffy
2014-06-13 02:42 - 2014-06-13 02:43 - 00038618 _____ () C:\Users\Donna\Downloads\Addition.txt
2014-06-13 02:41 - 2014-06-16 05:25 - 00012872 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-12 20:04 - 2014-06-16 05:25 - 00000000 ____D () C:\FRST
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 20:26 - 2014-06-12 23:05 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:26 - 2014-06-09 09:19 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-11 20:26 - 2014-05-27 21:54 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-06-11 20:26 - 2014-05-16 20:20 - 00001658 _____ () C:\Users\Donna\Desktop\Print\Documents\Recuva.lnk
2014-06-11 20:26 - 2014-05-16 19:00 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\JVC
2014-06-11 20:26 - 2014-02-19 01:56 - 00608409 _____ () C:\Users\Donna\Desktop\Print\Documents\taxReturn.tax2013
2014-06-11 00:20 - 2014-06-11 00:39 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:03 - 2014-06-11 00:04 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:42 - 2014-06-16 03:16 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-10 20:41 - 2014-06-11 02:17 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-10 18:32 - 2014-06-11 01:15 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-10 18:32 - 2014-01-19 00:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 18:14 - 2014-06-10 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 16:36 - 2014-05-23 19:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:36 - 2014-05-23 19:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-10 16:36 - 2014-05-23 19:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 19:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 19:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 19:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:36 - 2014-05-23 18:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:36 - 2014-05-23 18:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:36 - 2014-05-23 18:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:36 - 2014-05-23 18:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 18:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:36 - 2014-05-23 15:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:35 - 2014-05-23 19:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:35 - 2014-05-23 18:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:35 - 2014-05-23 18:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-10 16:34 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 16:34 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-10 16:34 - 2014-04-29 15:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-10 16:34 - 2014-04-29 15:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-10 16:34 - 2014-04-03 04:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-10 16:34 - 2014-04-02 20:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-10 16:34 - 2014-03-31 15:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-10 16:34 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-10 16:34 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:13 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:13 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 14:13 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:06 - 2014-06-10 08:09 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 01:45 - 2014-06-11 01:27 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:38 - 2014-06-09 10:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-05-30 04:23 - 2014-05-30 04:24 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:13 - 2014-05-30 03:15 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 14:25 - 2014-06-13 18:42 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:43 - 2014-06-13 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-29 10:43 - 2014-06-07 15:15 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC611.dll
2014-05-29 10:41 - 2014-05-29 10:43 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 10:39 - 2014-05-29 10:41 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:36 - 2014-05-29 10:50 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 08:34 - 2014-06-16 04:07 - 01554008 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 08:34 - 2014-06-16 02:24 - 00014916 _____ () C:\Windows\PFRO.log
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-23 16:58 - 2014-05-24 20:41 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-23 16:58 - 2014-05-24 20:41 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-18 16:57 - 2014-05-18 16:59 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-17 16:58 - 2014-06-10 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-16 05:26 - 2014-06-13 02:41 - 00012872 _____ () C:\Users\Donna\Downloads\FRST.txt
2014-06-16 05:26 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna\AppData\Local\Temp
2014-06-16 05:25 - 2014-06-12 20:04 - 00000000 ____D () C:\FRST
2014-06-16 05:23 - 2014-06-16 05:23 - 02081280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64(1).exe
2014-06-16 05:18 - 2014-06-16 05:18 - 00001811 _____ () C:\Users\Donna\Desktop\JRT 06-16-14.txt
2014-06-16 05:05 - 2014-05-03 01:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 05:03 - 2014-06-16 05:03 - 00001811 _____ () C:\Users\Donna\Desktop\JRT.txt
2014-06-16 04:56 - 2014-06-16 04:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-16 04:52 - 2014-06-16 04:52 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\DIY Pain Rubs
2014-06-16 04:51 - 2014-06-16 00:18 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Backrounds
2014-06-16 04:50 - 2014-06-15 21:37 - 00000000 ____D () C:\Users\Donna\Desktop\Kid Stuff
2014-06-16 04:07 - 2014-05-29 08:34 - 01554008 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 04:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-16 03:44 - 2014-06-16 02:22 - 00000000 ____D () C:\Users\Donna\Desktop\Salt Dough Ideas
2014-06-16 03:17 - 2014-06-16 03:16 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Fundraising on Facebook
2014-06-16 03:16 - 2014-06-10 20:42 - 00000000 ____D () C:\Users\Donna\Desktop\Bleeping
2014-06-16 02:33 - 2014-06-16 02:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 02:31 - 2014-06-16 02:29 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Donna\Downloads\mbam-setup.exe
2014-06-16 02:24 - 2014-05-29 08:34 - 00014916 _____ () C:\Windows\PFRO.log
2014-06-16 02:24 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 02:23 - 2014-06-16 01:29 - 00000000 ____D () C:\AdwCleaner
2014-06-16 02:23 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-16 02:03 - 2014-06-16 02:02 - 01016261 _____ (Thisisu) C:\Users\Donna\Downloads\JRT.exe
2014-06-16 01:21 - 2014-06-16 01:21 - 01333465 _____ () C:\Users\Donna\Downloads\AdwCleaner.exe
2014-06-15 21:37 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Pinterest
2014-06-15 18:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-15 16:57 - 2014-04-29 23:33 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5D201726-324C-4162-BA82-0649E7DF7D9D}
2014-06-15 03:16 - 2012-08-16 21:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-15 03:15 - 2012-09-21 15:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-06-15 03:15 - 2012-08-16 21:07 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-15 03:11 - 2012-08-16 21:08 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-15 03:03 - 2014-06-15 03:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Cyberlink
2014-06-15 03:00 - 2014-06-15 03:00 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\WebApp
2014-06-15 02:48 - 2014-06-15 02:48 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\CyberLink
2014-06-15 02:48 - 2014-05-01 00:45 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\CyberLink
2014-06-14 19:56 - 2014-02-28 20:31 - 00000000 ____D () C:\Users\Donna\Desktop\Facebook
2014-06-14 16:03 - 2014-06-14 16:03 - 00000000 ____D () C:\Users\Donna\Desktop\Danee-Taffy
2014-06-13 18:47 - 2013-01-13 10:27 - 00000000 ____D () C:\Users\Donna\AppData\Local\Packages
2014-06-13 18:42 - 2014-05-29 14:25 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2014-06-13 03:28 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 03:16 - 2014-04-30 14:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4139982201-1462167991-693713747-1002
2014-06-13 02:43 - 2014-06-13 02:42 - 00038618 _____ () C:\Users\Donna\Downloads\Addition.txt
2014-06-13 02:39 - 2014-05-16 20:12 - 00000000 ____D () C:\Program Files\Recuva
2014-06-13 01:55 - 2014-05-29 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-13 01:09 - 2014-06-13 01:09 - 00000000 ____D () C:\Windows\pss
2014-06-12 23:05 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\RECIPES
2014-06-12 19:54 - 2014-06-12 19:54 - 02081792 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2014-06-12 06:17 - 2014-04-30 18:19 - 00000000 ___RD () C:\Users\Donna\Desktop\Dropbox
2014-06-12 03:57 - 2014-06-12 03:57 - 00688992 ____R (Swearware) C:\Users\Donna\Downloads\dds.com
2014-06-12 02:55 - 2014-06-12 02:55 - 00000000 ____D () C:\Users\Donna\Desktop\Print
2014-06-11 21:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Video Recorder Software
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Vicki folder
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Puter HELP
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Pictures of Hofauger Home- Owners & Rights to pics
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Future demand for aged care services
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Frame ideas
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\Family History Docs
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\dinners
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\BULLbleep - My Heritage E mails
2014-06-11 20:26 - 2014-06-11 20:26 - 00000000 ____D () C:\Users\Donna\Desktop\Print\Documents\ADW Reports
2014-06-11 20:21 - 2014-04-30 13:49 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Dropbox
2014-06-11 20:14 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\DropboxMaster
2014-06-11 20:00 - 2014-05-01 07:35 - 00000000 ____D () C:\Users\Donna\AppData\Local\NETGEARGenie
2014-06-11 20:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 08:36 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-11 02:17 - 2014-06-10 20:41 - 00000000 ____D () C:\Users\Donna\Downloads\backups
2014-06-11 02:12 - 2014-04-30 19:49 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-11 02:11 - 2014-04-30 19:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 01:27 - 2014-06-10 01:45 - 00000000 ____D () C:\Users\Donna\Desktop\Ad Schedules
2014-06-11 01:15 - 2014-06-10 18:32 - 00009762 _____ () C:\Users\Donna\Downloads\hijackthis.log
2014-06-11 00:39 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\TMRBLog
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Donna\Downloads\log
2014-06-11 00:04 - 2014-06-11 00:03 - 14839344 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\RootkitBusterV5.0-1171x64.exe
2014-06-10 20:23 - 2014-06-10 18:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-10 18:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-10 18:30 - 2014-04-29 23:27 - 00000000 ____D () C:\Users\Donna\AppData\Local\VirtualStore
2014-06-10 18:29 - 2014-06-10 18:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Donna\Downloads\HijackThis.exe
2014-06-10 16:37 - 2014-04-30 13:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 15:00 - 2014-06-10 15:00 - 00000000 ____D () C:\Users\Donna\AppData\Local\Adobe
2014-06-10 14:17 - 2014-05-01 08:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 14:15 - 2014-06-10 14:15 - 00003584 _____ () C:\Users\Donna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-10 14:15 - 2014-05-01 08:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-10 14:08 - 2014-06-10 14:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Sun
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-10 14:08 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-10 14:04 - 2014-06-10 14:04 - 00918952 _____ (Oracle Corporation) C:\Users\Donna\Downloads\jxpiinstall.exe
2014-06-10 13:56 - 2014-05-17 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 13:54 - 2014-06-10 13:54 - 00318904 _____ (Microsoft Corporation) C:\Users\Donna\Downloads\wmpfirefoxplugin.exe
2014-06-10 13:51 - 2014-05-03 01:50 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-10 08:14 - 2014-06-10 08:14 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-10 08:09 - 2014-06-10 08:06 - 16618768 _____ (Philipp Schmieder Medien ) C:\Users\Donna\Downloads\clipgrab-3.4.3.exe
2014-06-10 00:58 - 2014-06-10 00:58 - 00000017 _____ () C:\Users\Donna\AppData\Local\resmon.resmoncfg
2014-06-09 23:45 - 2014-04-29 23:34 - 00000000 ____D () C:\Users\Donna\AppData\Local\Hewlett-Packard
2014-06-09 10:39 - 2014-06-09 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 10:39 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 10:38 - 2014-06-09 10:38 - 00000000 ____D () C:\Program Files\iPod
2014-06-09 09:19 - 2014-06-11 20:26 - 00019417 _____ () C:\Users\Donna\Desktop\Print\Documents\Reciepts on Christopher's House.xlsx
2014-06-09 05:41 - 2014-06-09 05:41 - 00003423 _____ () C:\Users\Donna\Downloads\FSS.txt
2014-06-07 15:15 - 2014-05-29 10:43 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\HpUpdate
2014-05-30 22:16 - 2014-05-16 21:28 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-30 22:16 - 2014-05-16 21:28 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 04:24 - 2014-05-30 04:23 - 10133301 _____ () C:\Users\Donna\Downloads\twomorepics.zip
2014-05-30 03:15 - 2014-05-30 03:13 - 05564060 _____ () C:\Users\Donna\Downloads\family_tree_builder_7138.exe
2014-05-29 13:12 - 2012-08-16 21:26 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-05-29 10:50 - 2014-05-29 10:36 - 00000000 ____D () C:\Users\Donna\AppData\Local\HP
2014-05-29 10:50 - 2014-04-29 23:33 - 00000000 ___RD () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Visan
2014-05-29 10:45 - 2012-08-16 21:02 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-05-29 10:43 - 2014-05-29 10:43 - 00000962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-05-29 10:43 - 2014-05-29 10:41 - 00000000 ____D () C:\Program Files (x86)\HP
2014-05-29 10:41 - 2014-05-29 10:39 - 00000000 ____D () C:\ProgramData\HP
2014-05-29 10:40 - 2014-05-29 10:40 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-05-29 10:40 - 2014-05-29 10:40 - 00000000 ____D () C:\Program Files\HP
2014-05-29 08:34 - 2014-05-29 08:34 - 00432256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-29 03:19 - 2014-05-29 03:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-29 03:01 - 2014-02-20 21:32 - 00000000 ____D () C:\Users\Donna\Desktop\Harleysgirlz2@gmail.com
2014-05-27 22:33 - 2014-04-30 14:28 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 21:54 - 2014-06-11 20:26 - 00059676 _____ () C:\Users\Donna\Desktop\Print\Documents\myreport030614.zip
2014-05-27 21:54 - 2014-05-01 01:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-24 20:41 - 2014-05-23 16:58 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMe
2014-05-24 20:41 - 2014-05-23 16:58 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForMe.job
2014-05-24 20:41 - 2014-04-29 23:14 - 00000000 ____D () C:\Users\Donna
2014-05-24 20:40 - 2012-08-16 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-05-24 20:38 - 2014-05-24 20:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-05-24 20:36 - 2012-08-16 21:28 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-05-24 20:35 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-05-23 19:48 - 2014-06-10 16:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-23 19:47 - 2014-06-10 16:36 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-23 19:47 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-23 19:46 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-23 19:46 - 2014-06-10 16:35 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-23 19:45 - 2014-06-10 16:36 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-23 19:45 - 2014-06-10 16:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-23 18:26 - 2014-06-10 16:36 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-23 18:26 - 2014-06-10 16:35 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-23 18:25 - 2014-06-10 16:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-23 18:25 - 2014-06-10 16:36 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-23 18:25 - 2014-06-10 16:35 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-23 18:09 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-23 18:03 - 2014-06-10 16:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-23 15:37 - 2014-06-10 16:36 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-05-18 16:59 - 2014-05-18 16:57 - 04745984 _____ (Piriform Ltd) C:\Users\Donna\Downloads\ccsetup413.exe
2014-05-18 16:52 - 2014-04-30 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-18 15:44 - 2012-08-16 21:33 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 15:43 - 2012-08-16 21:31 - 00000000 ____D () C:\ProgramData\WildTangent
2014-05-18 15:26 - 2012-09-21 16:12 - 00000000 ____D () C:\ProgramData\Norton
2014-05-18 15:25 - 2014-05-03 15:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-17 14:35 - 2014-05-01 07:34 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-05-17 14:35 - 2014-05-01 07:34 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-05-17 14:35 - 2014-05-01 07:34 - 00002062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk

Files to move or delete:
====================
C:\Users\Donna\jobq.dat


Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpskghu8.dll
C:\Users\Donna\AppData\Local\Temp\HitmanPro.exe
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-16 03:24

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users