Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deal slider and who knows what else


  • This topic is locked This topic is locked
63 replies to this topic

#1 nlmiller1975

nlmiller1975

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 14 June 2014 - 04:58 PM

I can't seem to open a browser or click on a browser window without getting umpteen popups.  Most of them seem to be either trying to get me to buy something or update flash or something else. 

 

Not too long ago, I had an issue with Outlook, so I downloaded a couple of things that I thought were safe in an attempt to salvage all of my e-mails. 

 

Both my computer and my husband's seem to be having issues.  So I will be doing this for both of our comps, but starting with mine.

 

Also, I have a 120gb internal hd that somehow has only about 10gb free.  I have no idea what all I could have put on it!

 

Pasted below are the logs requested as per the preparation guide.

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Nancy M Home Built at 15:50:22 on 2014-06-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8162.4462 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
E:\iCloud\iCloudServices.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WLANExt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
E:\iCloud\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://my.yahoo.com/
mWinlogon: Userinit = userinit.exe
BHO: GetSavin 5.0: {124E97CD-CE17-4391-A5C3-DBE7895B45B2} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Deal Slider BHO: {E4607B39-174A-44BA-AB08-8892366ECA13} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [iCloudServices] E:\iCloud\iCloudServices.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe -update activex
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Deal Slider-repairJob] wscript.exe "C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\repair.js"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\NANCYM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 107.170.189.30 64.251.13.6 24.56.178.101
TCP: Interfaces\{05F114C2-9DB4-429B-906D-C02E52E47A0B} : DHCPNameServer = 107.170.189.30 64.251.13.6 24.56.178.101
SSODL: WebCheck - <orphaned>
x64-BHO: Deal Slider BHO: {E4607B39-174A-44BA-AB08-8892366ECA13} -
x64-TB: Deal Slider: {E13BF069-886E-416B-B532-6B14242CC508} -
x64-Run: [GENIE] C:\Program Files (x86)\NETGEAR\A6200\A6200.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-16 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]
R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Service;C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [2013-4-18 6443072]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [2014-6-3 706864]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 WNDA6200;NETGEAR A6200 Service;C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [2013-4-18 25888]
R3 A6200;NETGEAR A6200 WiFi Adapter Driver;C:\Windows\System32\drivers\BCMWLHIGH664.SYS [2013-4-18 2263144]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-4-18 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-4-18 44672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2013-4-27 45736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-20 1255736]
S3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-5-9 31080]
.
=============== Created Last 30 ================
.
2014-06-14 16:57:08 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD933D7F-00BD-443B-A725-9D90DA50BF56}\offreg.dll
2014-06-13 23:05:35 149832 ----a-w- C:\ProgramData\SPLF6DF.tmp
2014-06-13 22:03:05 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C7870C5-C5C2-4A1C-87B8-E86C37627389}\gapaengine.dll
2014-06-13 22:02:54 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD933D7F-00BD-443B-A725-9D90DA50BF56}\mpengine.dll
2014-06-10 22:04:14 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-10 22:04:14 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-10 18:01:22 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-06 21:42:24 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-06-05 01:44:58 2690141 ----a-w- C:\ProgramData\SPL8CEF.tmp
2014-05-29 01:44:24 -------- d-----w- C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-29 01:44:23 -------- d-----w- C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-29 01:32:19 -------- d-----w- C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-29 01:32:15 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-05-16 14:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 17:47:56 305401 ----a-w- C:\ProgramData\SPL566A.tmp
2014-05-02 02:37:13 116736 ----a-w- C:\Windows\System32\drivers\UMDF\WUDFUsbccidDriver.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-22 23:29:20 389240 ----a-w- C:\Windows\System32\drivers\Trufos.sys
2014-04-21 20:58:56 145824 ----a-w- C:\ProgramData\SPLDA58.tmp
2014-04-20 00:57:14 125056 ----a-w- C:\ProgramData\SPL7B63.tmp
2014-04-13 19:43:44 524625 ----a-w- C:\ProgramData\SPLC9E.tmp
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 20:33:16 164006 ----a-w- C:\ProgramData\SPL4609.tmp
2014-04-01 04:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 04:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-28 22:09:59 18156 ----a-w- C:\ProgramData\SPLD5EE.tmp
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 15:50:32.74 ===============

I have also attached the attach file.  Thank you so much for your time.


Edited by nlmiller1975, 14 June 2014 - 05:02 PM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 16 June 2014 - 09:00 AM

Hello nlmiller1975,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Edited by TheShooter93, 16 June 2014 - 09:00 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 18 June 2014 - 09:18 PM

Thank you for the response.  I will follow these steps this evening/tomorrow morning and post the results asap!



#4 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 19 June 2014 - 08:14 PM

Addition.txt pasted below

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Nancy M Home Built at 2014-06-19 19:10:53
Running from C:\Users\Nancy M Home Built\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Ad-Aware Antivirus (HKLM\...\{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Aimersoft Video Converter Ultimate(Build 5.5.0.3) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.0.3 - Aimersoft Software)
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Carbonite Mirror Image (64-bit) (Version: 5.1.13813.2115 - x64) Hidden
Case CATalyst Version 14 (HKLM-x32\...\caseCATalyst4) (Version: 14 - Stenograph, L.L.C.)
Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.59 - NCH Software)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Money 2004 (HKLM-x32\...\{1D643CD4-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.80 - Microsoft)
Microsoft Money 2004 System Pack (HKLM-x32\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version:  - )
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 18.0.0.0 - NETGEAR)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoLAN VLC media player 0.8.6f (HKLM-x32\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMA MP3 Converter v4.3 build 1489 (HKLM-x32\...\{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1) (Version:  - Hoo Technologies)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

14-06-2014 21:32:08 Removed SpyHunter
15-06-2014 00:40:14 Windows Update
18-06-2014 02:15:18 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-05-07 19:14 - 00006893 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36

There are 88 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {015C8A12-623C-4FA2-BF10-1709EA8F14C7} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
Task: {39A523BC-F6D3-46C9-BCC9-7F704FCC82E9} - System32\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000 => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
Task: {5040A7F7-74AC-48EC-9AF4-C6B1CB4C4005} - System32\Tasks\AmiUpdXp => C:\Users\Nancy M Home Built\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {60F72335-F562-4F99-A1DA-712D358B2738} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)
Task: {8DA60869-D3EE-4783-B803-2DEAB6E87051} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9C37D7E9-CD8D-4E4E-B598-54E4DD5AC324} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)
Task: {C40B385C-F0F3-4092-8B98-3F17F5EC6EAD} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Nancy M Home Built\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000.job => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-18 20:42 - 2013-03-14 22:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-27 09:06 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 02869760 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtCore4.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 01277440 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtNetwork4.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 00840704 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtSql4.dll
2009-11-14 21:21 - 2009-11-14 21:21 - 01800704 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\LIBEAY32.dll
2009-11-14 21:22 - 2009-11-14 21:22 - 00284160 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\SSLEAY32.dll
2009-11-14 21:14 - 2009-11-14 21:14 - 00076288 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\ZLIB1.dll
2014-06-03 15:47 - 2014-06-03 15:47 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:19 - 2014-06-03 16:19 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 10070888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 03393352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:17 - 2014-06-03 16:17 - 00604520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00360312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00290168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00245608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00336752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00610144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00326000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00453496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00218976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00171368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00786800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 01936744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00422256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00298336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00371576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2013-04-18 06:01 - 2012-07-27 14:27 - 00025888 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-05-07 19:01 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-04-27 09:06 - 2011-01-23 20:08 - 00770728 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2014-06-03 16:18 - 2014-06-03 16:18 - 07715160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:18 - 2014-06-03 16:18 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00364896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00803696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-27 09:06 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2013-04-27 09:05 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2013-04-27 09:06 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2013-04-27 09:06 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2013-04-27 09:02 - 2009-02-20 02:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2013-04-27 09:02 - 2009-02-20 02:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () E:\iCloud\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () E:\iCloud\libxml2.dll
2014-06-14 20:04 - 2014-06-14 20:04 - 00043008 _____ () C:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpquirms.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Adobe\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "E:\Adobe\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => E:\iCloud\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: Google => C:\Users\Nancy M Home Built\AppData\Roaming\GD1.exe
MSCONFIG\startupreg: iCloudServices => E:\iCloud\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanuchApp => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WsAudio_Device
Description: WsAudio_Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: WsAudio_Device
Service: WsAudio_Device
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 01:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc0000005
Fault offset: 0x0032220b
Faulting process id: 0x1b80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/15/2014 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 12.0.6683.5002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34ac

Start Time: 01cf88bcea242258

Termination Time: 0

Application Path: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE

Report Id:

Error: (06/14/2014 08:03:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (06/14/2014 07:50:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01cf883b2c426ca9

Termination Time: 93

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 6decfa9e-f42f-11e3-bf70-a3d597c4b603

Error: (06/14/2014 06:29:58 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3952) WebCacheLocal: Database recovery/restore failed with unexpected error -1018.

Error: (06/14/2014 06:29:58 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (3952) WebCacheLocal: Unable to read page 794 of database C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1018.

Error: (06/14/2014 06:29:57 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3952) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position 8:0. Data not matching the log-file fill pattern first appeared in sector 339. This logfile has been damaged and is unusable.

Error: (06/14/2014 06:29:57 PM) (Source: ESENT) (EventID: 477) (User: )
Description: taskhost (3952) WebCacheLocal: The log range read from the file "C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\V01.log" at offset 4096 (0x0000000000001000) for 169472 (0x00029600) bytes failed verification due to a range checksum mismatch.  The expected checksum was 3568429976 (0xd4b1eb98) and the actual checksum was 1008190608 (0x3c17c490). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

Error: (06/07/2014 11:39:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lxeacoms.exe, version: 9.2.33.0, time stamp: 0x4b200765
Faulting module name: lxeaserv.dll, version: 9.2.33.0, time stamp: 0x4b200879
Exception code: 0xc0000005
Fault offset: 0x00000000000a9ee6
Faulting process id: 0x424
Faulting application start time: 0xlxeacoms.exe0
Faulting application path: lxeacoms.exe1
Faulting module path: lxeacoms.exe2
Report Id: lxeacoms.exe3

Error: (05/26/2014 04:48:56 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

System errors:
=============
Error: (06/19/2014 11:16:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR143.

Error: (06/19/2014 11:15:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \...\DR142.

Error: (06/19/2014 11:12:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \...\DR141.

Error: (06/19/2014 11:11:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (06/19/2014 11:04:44 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \...\DR139.

Error: (06/19/2014 11:03:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/19/2014 11:02:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (06/19/2014 11:02:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR138.

Error: (06/19/2014 11:02:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR137.

Error: (06/19/2014 11:02:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8162.15 MB
Available physical RAM: 5178.18 MB
Total Pagefile: 16322.48 MB
Available Pagefile: 13889.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:37.17 GB) NTFS
Drive e: (Local Extra) (Fixed) (Total:465.76 GB) (Free:326.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 61852C15)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 6C87C77E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

FRST log pasted below

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Nancy M Home Built (administrator) on NANCYMHOMEBUILT on 19-06-2014 19:10:32
Running from C:\Users\Nancy M Home Built\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
( ) C:\Windows\System32\lxeacoms.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Apple Inc.) E:\iCloud\iCloudServices.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Dropbox, Inc.) C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [7831840 2012-08-07] (NETGEAR,Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Deal Slider-repairJob] => wscript.exe "C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\repair.js"
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [iCloudServices] => E:\iCloud\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\MountPoints2: {211c8e12-f13b-11e2-9636-8dbd9c4fe80d} - F:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF12488FDD43BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL =
SearchScopes: HKCU - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
BHO-x32: GetSavin 5.0 - {124E97CD-CE17-4391-A5C3-DBE7895B45B2} - C:\Users\Nancy M Home Built\AppData\Local\getsavin\ie\getsavin_1376631013.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {549B5CA7-4A86-11D7-A4DF-000874180BB3} -  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO.dll No File
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.170.189.30 64.251.13.6 24.56.178.101

FireFox:
========
FF ProfilePath: C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nancy M Home Built\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\user.js
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\getsavin@jetpack [2013-08-15]
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C} [2013-11-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Adobe\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\Adobe\Acrobat\Browser\WCFirefoxExtn [2013-05-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [25888 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-11-24] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 ECSIoDriver_1_1_0_0; \??\D:\ECSIoDriverX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-19 19:10 - 2014-06-19 19:10 - 00013968 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-19 19:10 - 2014-06-19 19:10 - 00000000 ____D () C:\FRST
2014-06-19 19:09 - 2014-06-19 19:09 - 02082304 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-14 15:50 - 2014-06-14 15:52 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:50 - 2014-06-14 15:52 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-13 17:05 - 2014-06-13 17:05 - 00149832 _____ () C:\ProgramData\SPLF6DF.tmp
2014-06-10 16:05 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:05 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 16:05 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:05 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:05 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 16:05 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 16:05 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:05 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 16:05 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:05 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:05 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:05 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:05 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:05 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 16:05 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 16:05 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 16:05 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 16:05 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 16:05 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 16:05 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:04 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 16:04 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-14 20:04 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-30 14:19 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-06-19 19:10 - 2014-06-19 19:10 - 00013968 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-19 19:10 - 2014-06-19 19:10 - 00000000 ____D () C:\FRST
2014-06-19 19:09 - 2014-06-19 19:09 - 02082304 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-19 18:53 - 2013-11-01 15:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 18:46 - 2013-11-23 10:36 - 00000370 _____ () C:\Windows\Tasks\bench-sys.job
2014-06-19 18:27 - 2013-05-07 18:50 - 00000408 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-06-19 17:46 - 2013-11-23 10:36 - 00000370 _____ () C:\Windows\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000.job
2014-06-19 15:53 - 2013-04-17 23:59 - 01357612 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 07:53 - 2013-11-01 15:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 21:42 - 2013-08-12 22:06 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\1D1D488F-5F9C-47FA-9913-18540D12738A.aplzod
2014-06-18 07:48 - 2013-11-01 15:21 - 00003918 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 07:48 - 2013-11-01 15:21 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:36 - 2013-12-03 10:35 - 00000512 _____ () C:\Users\Nancy M Home Built\Desktop\Google Calendar.website
2014-06-15 14:35 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 14:33 - 2009-07-13 22:51 - 00065442 _____ () C:\Windows\setupact.log
2014-06-15 13:31 - 2013-07-09 18:19 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\Finance
2014-06-15 06:43 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 06:43 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 21:30 - 2013-07-08 13:23 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox
2014-06-14 20:04 - 2014-06-06 15:43 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-14 20:04 - 2014-02-06 09:37 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\DropboxMaster
2014-06-14 20:04 - 2013-08-16 19:27 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-14 20:04 - 2013-07-08 13:25 - 00000000 ___RD () C:\Users\Nancy M Home Built\Dropbox
2014-06-14 20:04 - 2013-04-27 09:06 - 00058480 _____ () C:\ProgramData\lxeascan.log
2014-06-14 20:04 - 2013-04-18 00:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-14 20:04 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 18:28 - 2013-04-28 18:54 - 00125404 _____ () C:\Windows\PFRO.log
2014-06-14 18:28 - 2009-07-13 22:45 - 00344328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-14 15:52 - 2014-06-14 15:50 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:52 - 2014-06-14 15:50 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-14 15:32 - 2013-11-24 15:18 - 00000000 ____D () C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-06-14 10:57 - 2013-04-17 20:19 - 00078656 _____ () C:\Users\Nancy M Home Built\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 17:08 - 2013-04-27 09:08 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-13 17:05 - 2014-06-13 17:05 - 00149832 _____ () C:\ProgramData\SPLF6DF.tmp
2014-06-13 17:05 - 2013-04-27 09:10 - 00034624 _____ () C:\ProgramData\lxeaJSW.log
2014-06-11 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:03 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2013-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-04-22 09:28 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:01 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 03:13 - 2014-06-10 16:04 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 16:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-30 14:19 - 2014-05-28 19:32 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-30 04:21 - 2014-06-10 16:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 04:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 04:02 - 2014-06-10 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 03:45 - 2014-06-10 16:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 03:38 - 2014-06-10 16:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 03:28 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 03:27 - 2014-06-10 16:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 03:24 - 2014-06-10 16:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 03:21 - 2014-06-10 16:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 03:21 - 2014-06-10 16:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 03:20 - 2014-06-10 16:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 03:18 - 2014-06-10 16:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 03:11 - 2014-06-10 16:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 03:08 - 2014-06-10 16:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 03:06 - 2014-06-10 16:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 03:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 02:55 - 2014-06-10 16:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:49 - 2014-06-10 16:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:46 - 2014-06-10 16:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 02:43 - 2014-06-10 16:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 02:42 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 16:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 02:35 - 2014-06-10 16:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 02:34 - 2014-06-10 16:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 16:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 02:30 - 2014-06-10 16:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 02:29 - 2014-06-10 16:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 02:28 - 2014-06-10 16:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 02:27 - 2014-06-10 16:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 02:24 - 2014-06-10 16:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 02:23 - 2014-06-10 16:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 02:16 - 2014-06-10 16:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 16:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 16:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 02:04 - 2014-06-10 16:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 16:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:54 - 2014-06-10 16:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 16:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 16:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 01:43 - 2014-06-10 16:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:40 - 2014-06-10 16:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 01:30 - 2014-06-10 16:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:21 - 2014-06-10 16:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 01:15 - 2014-06-10 16:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 07:54 - 2013-07-08 13:24 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

Some content of TEMP:
====================
C:\Users\Nancy M Home Built\AppData\Local\Temp\44c54536-edd4-46e5-8350-1482ad263303.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\8ff6c385-8152-4675-8885-2994c5e371c3.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\aacdec.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\air113D.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\b2675579-b7c6-4e46-8f5b-0279b1131a8a.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\beeb1059-07c6-44f4-9da7-37cb76f98f88.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpquirms.dll
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00000.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00001.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\RHSetup.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 00:30

==================== End Of Log ============================

 

Thank you!



#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 20 June 2014 - 10:41 AM

Hello nlmiller1975,
 
Very good!  :)
 
Please do the following for me.
 
=============================================
 
Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    HKLM-x32\...\Run: [Deal Slider-repairJob] => wscript.exe "C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\repair.js"
    C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\
    SearchScopes: HKLM-x32 - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL =
    SearchScopes: HKCU - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
    BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
    BHO-x32: GetSavin 5.0 - {124E97CD-CE17-4391-A5C3-DBE7895B45B2} - C:\Users\Nancy M Home Built\AppData\Local\getsavin\ie\getsavin_1376631013.dll No File
    BHO-x32: No Name - {549B5CA7-4A86-11D7-A4DF-000874180BB3} -  No File
    BHO-x32: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO.dll No File
    Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
    FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\getsavin@jetpack [2013-08-15]
    C:\ProgramData\SPLF6DF.tmp
    2014-06-19 17:46 - 2013-11-23 10:36 - 00000370 _____ () C:\Windows\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000.job
    C:\Users\Nancy M Home Built\AppData\Local\Temp\44c54536-edd4-46e5-8350-1482ad263303.exe
    C:\Users\Nancy M Home Built\AppData\Local\Temp\8ff6c385-8152-4675-8885-2994c5e371c3.exe
    C:\Users\Nancy M Home Built\AppData\Local\Temp\b2675579-b7c6-4e46-8f5b-0279b1131a8a.exe
    C:\Users\Nancy M Home Built\AppData\Local\Temp\beeb1059-07c6-44f4-9da7-37cb76f98f88.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=============================================

AdwCleaner by Xplode - Delete Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile should automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt if needed.

=============================================

Lastly, please post a fresh FRST Scan log.

=============================================

What I'd like to see in your next post:  :thumbsup2:

  • Fixlog.txt
  • AdwCleaner[R1].txt
  • Fresh FRST Scan log

Edited by TheShooter93, 20 June 2014 - 10:45 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 24 June 2014 - 09:18 AM

4 Day Inactivity

This is the fourth day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

Edited by TheShooter93, 24 June 2014 - 09:18 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 24 June 2014 - 10:35 AM

Sorry about that.  Been so busy with work, hardly had a chance to breathe!  Thank you for your patience.

 

Here is the paste of the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Nancy M Home Built at 2014-06-24 08:27:22 Run:1
Running from C:\Users\Nancy M Home Built\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Deal Slider-repairJob] => wscript.exe "C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\repair.js"
C:\Users\Nancy M Home Built\AppData\Local\Deal Slider\
SearchScopes: HKLM-x32 - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL =
SearchScopes: HKCU - DefaultScope {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1713E8FA-F59E-4CC5-B5C0-094EAD41081B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24807241893169115&UM=2
BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
BHO-x32: GetSavin 5.0 - {124E97CD-CE17-4391-A5C3-DBE7895B45B2} - C:\Users\Nancy M Home Built\AppData\Local\getsavin\ie\getsavin_1376631013.dll No File
BHO-x32: No Name - {549B5CA7-4A86-11D7-A4DF-000874180BB3} -  No File
BHO-x32: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO.dll No File
Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\getsavin@jetpack [2013-08-15]
C:\ProgramData\SPLF6DF.tmp
2014-06-19 17:46 - 2013-11-23 10:36 - 00000370 _____ () C:\Windows\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000.job
C:\Users\Nancy M Home Built\AppData\Local\Temp\44c54536-edd4-46e5-8350-1482ad263303.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\8ff6c385-8152-4675-8885-2994c5e371c3.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\b2675579-b7c6-4e46-8f5b-0279b1131a8a.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\beeb1059-07c6-44f4-9da7-37cb76f98f88.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Deal Slider-repairJob => value deleted successfully.
C:\Users\Nancy M Home Built\AppData\Local\Deal Slider => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1713E8FA-F59E-4CC5-B5C0-094EAD41081B}' => Key deleted successfully.
'HKCR\CLSID\{1713E8FA-F59E-4CC5-B5C0-094EAD41081B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4607B39-174A-44BA-AB08-8892366ECA13}' => Key deleted successfully.
'HKCR\CLSID\{E4607B39-174A-44BA-AB08-8892366ECA13}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{124E97CD-CE17-4391-A5C3-DBE7895B45B2}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{124E97CD-CE17-4391-A5C3-DBE7895B45B2}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{549B5CA7-4A86-11D7-A4DF-000874180BB3}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4607B39-174A-44BA-AB08-8892366ECA13}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{E4607B39-174A-44BA-AB08-8892366ECA13}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E13BF069-886E-416B-B532-6B14242CC508} => value deleted successfully.
'HKCR\CLSID\{E13BF069-886E-416B-B532-6B14242CC508}' => Key deleted successfully.
C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\getsavin@jetpack => Moved successfully.
C:\ProgramData\SPLF6DF.tmp => Moved successfully.
C:\Windows\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000.job => Moved successfully.
C:\Users\Nancy M Home Built\AppData\Local\Temp\44c54536-edd4-46e5-8350-1482ad263303.exe => Moved successfully.
C:\Users\Nancy M Home Built\AppData\Local\Temp\8ff6c385-8152-4675-8885-2994c5e371c3.exe => Moved successfully.
C:\Users\Nancy M Home Built\AppData\Local\Temp\b2675579-b7c6-4e46-8f5b-0279b1131a8a.exe => Moved successfully.
C:\Users\Nancy M Home Built\AppData\Local\Temp\beeb1059-07c6-44f4-9da7-37cb76f98f88.exe => Moved successfully.

==== End of Fixlog ====

 

Next, here is the AdwCleaner log.  Please note, I did NOT click clean as that was not part of the instruction and I did not assume I was supposed to.  Also, the log is titled AdwCleaner[R0] (as opposed to [R1]).  Not sure if that's an issue or not.

 

# AdwCleaner v3.213 - Report created 24/06/2014 at 08:28:53
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nancy M Home Built - NANCYMHOMEBUILT
# Running from : C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\user.js
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\bench-sys
File Found : C:\Windows\Tasks\AmiUpdXp.job
File Found : C:\Windows\Tasks\bench-sys.job
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Deal Slider
Folder Found : C:\Program Files (x86)\outobox
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\ProgramData\Aimersoft Video Converter Ultimate
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\Users\Nancy M Home Built\AppData\Local\BenchUpdater
Folder Found : C:\Users\Nancy M Home Built\AppData\Local\Conduit
Folder Found : C:\Users\Nancy M Home Built\AppData\Local\getsavin
Folder Found : C:\Users\Nancy M Home Built\AppData\Local\SwvUpdater
Folder Found : C:\Users\Nancy M Home Built\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Nancy M Home Built\AppData\LocalLow\Conduit
Folder Found : C:\Users\Nancy M Home Built\AppData\Roaming\Aimersoft Video Converter Ultimate
Folder Found : C:\Users\Nancy M Home Built\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Nancy M Home Built\Desktop\Inbox
Folder Found : C:\Users\Nancy M Home Built\Documents\Aimersoft Video Converter Ultimate
Folder Found : C:\Users\NANCYM~1\AppData\Local\Temp\AirInstaller

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E13BF069-886E-416B-B532-6B14242CC508}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4607B39-174A-44BA-AB08-8892366ECA13}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4607B39-174A-44BA-AB08-8892366ECA13}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Bench
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E13BF069-886E-416B-B532-6B14242CC508}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v

[ File : C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4311 octets] - [24/06/2014 08:28:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4371 octets] ##########

 

Finally, here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Nancy M Home Built (administrator) on NANCYMHOMEBUILT on 24-06-2014 09:31:37
Running from C:\Users\Nancy M Home Built\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
( ) C:\Windows\System32\lxeacoms.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Apple Inc.) E:\iCloud\iCloudServices.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Dropbox, Inc.) C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
() C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [7831840 2012-08-07] (NETGEAR,Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [iCloudServices] => E:\iCloud\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\MountPoints2: {211c8e12-f13b-11e2-9636-8dbd9c4fe80d} - F:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF12488FDD43BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.170.189.30 64.251.13.6 24.56.178.101

FireFox:
========
FF ProfilePath: C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nancy M Home Built\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\user.js
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C} [2013-11-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Adobe\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - E:\Adobe\Acrobat\Browser\WCFirefoxExtn [2013-05-07]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [25888 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-11-24] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 ECSIoDriver_1_1_0_0; \??\D:\ECSIoDriverX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 08:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 08:28 - 2014-06-24 08:29 - 00000000 ____D () C:\AdwCleaner
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-20 19:21 - 2014-06-20 19:30 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:10 - 2014-06-24 09:31 - 00014426 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-19 19:10 - 2014-06-24 09:31 - 00000000 ____D () C:\FRST
2014-06-19 19:10 - 2014-06-19 19:11 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-19 19:09 - 2014-06-24 08:27 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-14 15:50 - 2014-06-14 15:52 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:50 - 2014-06-14 15:52 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-10 16:05 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:05 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 16:05 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:05 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:05 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 16:05 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 16:05 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:05 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 16:05 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:05 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:05 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:05 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:05 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:05 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 16:05 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 16:05 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 16:05 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 16:05 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 16:05 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 16:05 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:04 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 16:04 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-23 08:28 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-30 14:19 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-06-24 09:31 - 2014-06-19 19:10 - 00014426 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-24 09:31 - 2014-06-19 19:10 - 00000000 ____D () C:\FRST
2014-06-24 08:53 - 2013-11-01 15:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 08:40 - 2013-04-17 23:59 - 01627622 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 08:29 - 2014-06-24 08:28 - 00000000 ____D () C:\AdwCleaner
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-24 08:27 - 2014-06-19 19:09 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-24 08:27 - 2013-05-07 18:50 - 00000408 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-06-24 07:53 - 2013-11-01 15:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 06:46 - 2013-11-23 10:36 - 00000370 _____ () C:\Windows\Tasks\bench-sys.job
2014-06-23 21:43 - 2013-08-12 22:06 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\1D1D488F-5F9C-47FA-9913-18540D12738A.aplzod
2014-06-23 18:39 - 2014-02-06 09:37 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\DropboxMaster
2014-06-23 18:39 - 2013-08-16 19:27 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-23 18:39 - 2013-07-08 13:25 - 00000000 ___RD () C:\Users\Nancy M Home Built\Dropbox
2014-06-23 18:39 - 2013-07-08 13:23 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox
2014-06-23 18:39 - 2013-04-27 09:06 - 00058810 _____ () C:\ProgramData\lxeascan.log
2014-06-23 08:36 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 08:35 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 08:35 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 08:28 - 2014-06-06 15:43 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-23 08:28 - 2013-04-18 00:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 08:28 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 08:28 - 2009-07-13 22:51 - 00069748 _____ () C:\Windows\setupact.log
2014-06-20 19:57 - 2013-05-09 13:59 - 00000000 ____D () C:\ProgramData\xml_param
2014-06-20 19:54 - 2013-05-09 13:55 - 00000000 ____D () C:\ProgramData\Aimersoft Video Converter Ultimate
2014-06-20 19:30 - 2014-06-20 19:21 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:11 - 2014-06-19 19:10 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-18 07:48 - 2013-11-01 15:21 - 00003918 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 07:48 - 2013-11-01 15:21 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:36 - 2013-12-03 10:35 - 00000512 _____ () C:\Users\Nancy M Home Built\Desktop\Google Calendar.website
2014-06-15 13:31 - 2013-07-09 18:19 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\Finance
2014-06-14 18:28 - 2013-04-28 18:54 - 00125404 _____ () C:\Windows\PFRO.log
2014-06-14 18:28 - 2009-07-13 22:45 - 00344328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-14 15:52 - 2014-06-14 15:50 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:52 - 2014-06-14 15:50 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-14 15:32 - 2013-11-24 15:18 - 00000000 ____D () C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-06-14 10:57 - 2013-04-17 20:19 - 00078656 _____ () C:\Users\Nancy M Home Built\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-13 17:08 - 2013-04-27 09:08 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-13 17:05 - 2013-04-27 09:10 - 00034624 _____ () C:\ProgramData\lxeaJSW.log
2014-06-11 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:03 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2013-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-04-22 09:28 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:01 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 03:13 - 2014-06-10 16:04 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 16:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-30 14:19 - 2014-05-28 19:32 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-30 04:21 - 2014-06-10 16:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 04:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 04:02 - 2014-06-10 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 03:45 - 2014-06-10 16:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 03:38 - 2014-06-10 16:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 03:28 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 03:27 - 2014-06-10 16:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 03:24 - 2014-06-10 16:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 03:21 - 2014-06-10 16:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 03:21 - 2014-06-10 16:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 03:20 - 2014-06-10 16:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 03:18 - 2014-06-10 16:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 03:11 - 2014-06-10 16:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 03:08 - 2014-06-10 16:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 03:06 - 2014-06-10 16:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 03:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 02:55 - 2014-06-10 16:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:49 - 2014-06-10 16:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:46 - 2014-06-10 16:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 02:43 - 2014-06-10 16:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 02:42 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 16:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 02:35 - 2014-06-10 16:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 02:34 - 2014-06-10 16:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 16:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 02:30 - 2014-06-10 16:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 02:29 - 2014-06-10 16:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 02:28 - 2014-06-10 16:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 02:27 - 2014-06-10 16:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 02:24 - 2014-06-10 16:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 02:23 - 2014-06-10 16:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 02:16 - 2014-06-10 16:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 16:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 16:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 02:04 - 2014-06-10 16:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 16:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:54 - 2014-06-10 16:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 16:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 16:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 01:43 - 2014-06-10 16:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:40 - 2014-06-10 16:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 01:30 - 2014-06-10 16:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:21 - 2014-06-10 16:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 01:15 - 2014-06-10 16:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 07:54 - 2013-07-08 13:24 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

Some content of TEMP:
====================
C:\Users\Nancy M Home Built\AppData\Local\Temp\aacdec.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\air113D.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumdvny.dll
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00000.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00001.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\Quarantine.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\RHSetup.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 00:30

==================== End Of Log ============================

 

Thank you again!



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 24 June 2014 - 11:03 AM

No problem, I just ask that if there is going to be a delay greater than 72 hours that you let me know ahead of time. :)

 

Due to the volume of requests we receive, there is a cut-off point of typically 5 days after which we assume the thread has been abandoned.

 

==============================================

 

I will be analyzing the log you gave me, but before we go further I do need to inform you of something.

 

Your previous logs indicate that you are running pirated/cracked software -- specifically an Adobe product(s). While I will continue to help you remove malware from your system, know that participating in these types of practices put you at a much higher risk of infection.

 

Not only this, but the malware removal methods I will be employing are likely to affect this software. I suggest you uninstall the pirated/cracked software.

 

Please let me know what you decide to do with this information.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 24 June 2014 - 11:06 AM

I have already uninstalled it.


Edited by nlmiller1975, 24 June 2014 - 11:09 AM.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 24 June 2014 - 02:38 PM

Hello nlmiller1975,
 
Thank you for the note regarding AdwCleaner's Scan log file name -- it is not a problem that it is slightly different than the name given in my previous instructions.

As for not clicking the Delete button, thank you for following my instructions explicitly as you were not yet supposed to click the Delete button. You will be doing that now (I wanted to review the Scan log first).  :)

Please do the following.

==========================================================

AdwCleaner by Xplode - Delete Adware

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========================================================

After running AdwCleaner's Delete function reboot your computer.

Then run FRST again and provide a fresh Scan log.

Finally, how is your computer running?

==========================================================

What I'd like to see in your next post:  :thumbsup2:

  • AdwCleaner[S1].txt.
  • Fresh FRST Scan log.
  • How is your computer running?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 24 June 2014 - 07:47 PM

AdwCleaner log:  (note: some of the things in the AdwCleaner scan to "clean" were Aimersoft, a program that I purchased.  I unchecked them for the cleaning process.)

 

# AdwCleaner v3.213 - Report created 24/06/2014 at 18:37:55
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nancy M Home Built - NANCYMHOMEBUILT
# Running from : C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\Aimersoft Video Converter Ultimate
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Deal Slider
Folder Deleted : C:\Program Files (x86)\outobox
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\NANCYM~1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Nancy M Home Built\AppData\Local\BenchUpdater
Folder Deleted : C:\Users\Nancy M Home Built\AppData\Local\Conduit
Folder Deleted : C:\Users\Nancy M Home Built\AppData\Local\getsavin
Folder Deleted : C:\Users\Nancy M Home Built\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Nancy M Home Built\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Nancy M Home Built\AppData\LocalLow\Conduit
[x] Not Deleted : C:\Users\Nancy M Home Built\AppData\Roaming\Aimersoft Video Converter Ultimate
Folder Deleted : C:\Users\Nancy M Home Built\AppData\Roaming\SearchProtect
[x] Not Deleted : C:\Users\Nancy M Home Built\Desktop\Inbox
[x] Not Deleted : C:\Users\Nancy M Home Built\Documents\Aimersoft Video Converter Ultimate
File Deleted : C:\END
File Deleted : C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\bench-sys.job
File Deleted : C:\Windows\System32\Tasks\bench-sys

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E13BF069-886E-416B-B532-6B14242CC508}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4607B39-174A-44BA-AB08-8892366ECA13}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E13BF069-886E-416B-B532-6B14242CC508}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4607B39-174A-44BA-AB08-8892366ECA13}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v

[ File : C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Nancy M Home Built\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4467 octets] - [24/06/2014 08:28:53]
AdwCleaner[R1].txt - [4527 octets] - [24/06/2014 18:36:10]
AdwCleaner[S0].txt - [4456 octets] - [24/06/2014 18:37:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4516 octets] ##########

 

New FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Nancy M Home Built (administrator) on NANCYMHOMEBUILT on 24-06-2014 18:42:18
Running from C:\Users\Nancy M Home Built\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
( ) C:\Windows\System32\lxeacoms.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Apple Inc.) E:\iCloud\iCloudServices.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Dropbox, Inc.) C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [7831840 2012-08-07] (NETGEAR,Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [iCloudServices] => E:\iCloud\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\MountPoints2: {211c8e12-f13b-11e2-9636-8dbd9c4fe80d} - F:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF12488FDD43BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.170.189.30 64.251.13.6 24.56.178.101

FireFox:
========
FF ProfilePath: C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nancy M Home Built\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C} [2013-11-23]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [25888 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-11-24] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 ECSIoDriver_1_1_0_0; \??\D:\ECSIoDriverX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 10:36 - 2014-06-24 10:36 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\Adobe
2014-06-24 10:34 - 2014-06-24 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-24 08:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 08:28 - 2014-06-24 18:37 - 00000000 ____D () C:\AdwCleaner
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-20 19:21 - 2014-06-20 19:30 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:10 - 2014-06-24 18:42 - 00013754 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-19 19:10 - 2014-06-24 18:42 - 00000000 ____D () C:\FRST
2014-06-19 19:10 - 2014-06-19 19:11 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-19 19:09 - 2014-06-24 08:27 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-14 15:50 - 2014-06-14 15:52 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:50 - 2014-06-14 15:52 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-10 16:05 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:05 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 16:05 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:05 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:05 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 16:05 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 16:05 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:05 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 16:05 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:05 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:05 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:05 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:05 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:05 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 16:05 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 16:05 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 16:05 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 16:05 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 16:05 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 16:05 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:04 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 16:04 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-24 18:39 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-30 14:19 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-06-24 18:42 - 2014-06-19 19:10 - 00013754 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-24 18:42 - 2014-06-19 19:10 - 00000000 ____D () C:\FRST
2014-06-24 18:40 - 2014-02-06 09:37 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\DropboxMaster
2014-06-24 18:40 - 2013-11-01 15:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 18:40 - 2013-08-16 19:27 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-24 18:40 - 2013-07-08 13:25 - 00000000 ___RD () C:\Users\Nancy M Home Built\Dropbox
2014-06-24 18:40 - 2013-07-08 13:23 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox
2014-06-24 18:40 - 2013-04-27 09:06 - 00058920 _____ () C:\ProgramData\lxeascan.log
2014-06-24 18:39 - 2014-06-06 15:43 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-24 18:39 - 2013-04-28 18:54 - 00126558 _____ () C:\Windows\PFRO.log
2014-06-24 18:39 - 2013-04-18 00:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-24 18:39 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 18:39 - 2009-07-13 22:51 - 00069804 _____ () C:\Windows\setupact.log
2014-06-24 18:39 - 2009-07-13 22:45 - 00343584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-24 18:38 - 2013-04-17 23:59 - 01636917 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 18:37 - 2014-06-24 08:28 - 00000000 ____D () C:\AdwCleaner
2014-06-24 17:53 - 2013-11-01 15:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 11:23 - 2013-08-12 22:06 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\1D1D488F-5F9C-47FA-9913-18540D12738A.aplzod
2014-06-24 10:36 - 2014-06-24 10:36 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\Adobe
2014-06-24 10:36 - 2013-04-20 19:43 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Adobe
2014-06-24 10:34 - 2014-06-24 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-24 10:34 - 2013-05-07 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-24 10:09 - 2013-04-17 20:19 - 00078264 _____ () C:\Users\Nancy M Home Built\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-24 08:27 - 2014-06-19 19:09 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-23 08:36 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-23 08:35 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 08:35 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-20 19:57 - 2013-05-09 13:59 - 00000000 ____D () C:\ProgramData\xml_param
2014-06-20 19:54 - 2013-05-09 13:55 - 00000000 ____D () C:\ProgramData\Aimersoft Video Converter Ultimate
2014-06-20 19:30 - 2014-06-20 19:21 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:11 - 2014-06-19 19:10 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-18 07:48 - 2013-11-01 15:21 - 00003918 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 07:48 - 2013-11-01 15:21 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:36 - 2013-12-03 10:35 - 00000512 _____ () C:\Users\Nancy M Home Built\Desktop\Google Calendar.website
2014-06-15 13:31 - 2013-07-09 18:19 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\Finance
2014-06-14 15:52 - 2014-06-14 15:50 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:52 - 2014-06-14 15:50 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-14 15:32 - 2013-11-24 15:18 - 00000000 ____D () C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-06-13 17:08 - 2013-04-27 09:08 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-13 17:05 - 2013-04-27 09:10 - 00034624 _____ () C:\ProgramData\lxeaJSW.log
2014-06-11 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:03 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2013-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-04-22 09:28 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:01 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 03:13 - 2014-06-10 16:04 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 16:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 15:43 - 2014-06-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-06 15:42 - 2014-06-06 15:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-30 14:19 - 2014-05-28 19:32 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-30 04:21 - 2014-06-10 16:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 04:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 04:02 - 2014-06-10 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 03:45 - 2014-06-10 16:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 03:38 - 2014-06-10 16:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 03:28 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 03:27 - 2014-06-10 16:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 03:24 - 2014-06-10 16:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 03:21 - 2014-06-10 16:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 03:21 - 2014-06-10 16:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 03:20 - 2014-06-10 16:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 03:18 - 2014-06-10 16:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 03:11 - 2014-06-10 16:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 03:08 - 2014-06-10 16:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 03:06 - 2014-06-10 16:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 03:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 02:55 - 2014-06-10 16:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:49 - 2014-06-10 16:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:46 - 2014-06-10 16:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 02:43 - 2014-06-10 16:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 02:42 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 16:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 02:35 - 2014-06-10 16:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 02:34 - 2014-06-10 16:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 16:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 02:30 - 2014-06-10 16:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 02:29 - 2014-06-10 16:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 02:28 - 2014-06-10 16:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 02:27 - 2014-06-10 16:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 02:24 - 2014-06-10 16:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 02:23 - 2014-06-10 16:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 02:16 - 2014-06-10 16:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 16:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 16:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 02:04 - 2014-06-10 16:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 16:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:54 - 2014-06-10 16:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 16:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 16:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 01:43 - 2014-06-10 16:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:40 - 2014-06-10 16:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 01:30 - 2014-06-10 16:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:21 - 2014-06-10 16:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 01:15 - 2014-06-10 16:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 07:54 - 2013-07-08 13:24 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

Some content of TEMP:
====================
C:\Users\Nancy M Home Built\AppData\Local\Temp\aacdec.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\air113D.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjoou8.dll
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00000.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00001.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\Quarantine.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\RHSetup.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 00:30

==================== End Of Log ============================

 

I don't know how well it's working yet.  ;)



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 25 June 2014 - 09:14 AM

Hello nlmiller1975,

 

No problem about removing check-marks from those items in AdwCleaner. If you notice anything like that while using these tools feel free to exclude them from a fix, just make sure to let me know that you did so.

Please do the following things in order.  :)
 
Multiple Antivirus Programs

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • System Performance Issues: Antivirus programs can be resource-intensive. Having multiple installed and running is very taxing to a computer.

Therefore, please go to Programs and Features in the Control Panel and remove either AdAware Antivirus or Microsoft Security Essentials.
 
===================================================

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then click Finish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

===================================================

 

Please get a fresh FRST Scan log and include the Addition.txt by checking the Addition.txt box before clicking "Scan".

Lastly, how is your computer running? Please use it as your normally would and report what symptoms remain.  :)

===================================================

What I'd like to see in your next post:  :thumbsup2:

  • Malwarebytes Antimalware results.
  • FRST Scan Log.
  • Addition.txt.
  • How is your computer running?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 25 June 2014 - 12:30 PM

I will be implementing the changes here in just a bit, but before I do that, I wanted to just post the most recent happenings. 
 
I'm still getting pop-ups.  One of them started out as adcash.com until it was forwarded to:  hxxp://www.lpmxp2015.com/70784D7B672C55793A502654415B4A28466D563E4E87F734AEAE4944F1F1B584BFEBB184821AB435D68A4816A2FDE5D7?tgu_src_lp_domain=www.allsoftdll.com&ClickID=10748760821403716927&PubID=274944
 
Another one is imwzz.playnow.mediamother.eu (etc.).  I couldn't click on it without committing to actually going to their website.
 
Yet another is downloadedsoftware.com/go/ (blah, blah).
 
And still another:  hxxp://www.cooleh.com/lp/videoperform(etc.).

Edited by Elise, 25 June 2014 - 02:56 PM.
deactivated links


#14 nlmiller1975

nlmiller1975
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:26 PM

Posted 25 June 2014 - 01:37 PM

So here are the results of the scans:

 

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/25/2014
Scan Time: 11:43:28 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.25.15
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nancy M Home Built

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335094
Time Elapsed: 12 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.DealSlider.A, HKLM\SOFTWARE\WOW6432NODE\Deal Slider, Quarantined, [a21195e76a1152e4602b2c89f50d1fe1],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3289847, Quarantined, [842f2a52d7a4e551cc852e64c0420af6],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061, Quarantined, [387b86f6d2a9ae8895bc93ffb9498e72],

Files: 10
PUP.Optional.ShopAtHome.A, C:\Users\Nancy M Home Built\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C107471127_D1_R92158.exe, Quarantined, [c9ea4b314338ae88beed9bc97d84f907],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\ctbe.exe, Quarantined, [af046e0ea6d5eb4b6734ce500df38e72],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\ieLogic.exe, Quarantined, [f0c343399edd7db9205cf9282bd6a35d],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\statisticsStub.exe, Quarantined, [e2d1d9a3b1ca5cdae91941cbbd44857b],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\stub.exe, Quarantined, [179c7a02493225116b6bde4ad42ca35d],
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-3338567975-2302980196-3939936843-1000, Quarantined, [a50e4a325d1eea4cbc92e6c4eb1726da],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3289847\chromeid.txt, Quarantined, [842f2a52d7a4e551cc852e64c0420af6],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3289847\setup.ini.txt, Quarantined, [842f2a52d7a4e551cc852e64c0420af6],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\chromeid.txt, Quarantined, [387b86f6d2a9ae8895bc93ffb9498e72],
PUP.Optional.Conduit.A, C:\Users\Nancy M Home Built\AppData\Local\Temp\ct3306061\setup.ini.txt, Quarantined, [387b86f6d2a9ae8895bc93ffb9498e72],

Physical Sectors: 0
(No malicious items detected)

(end)

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Nancy M Home Built (administrator) on NANCYMHOMEBUILT on 25-06-2014 12:36:20
Running from C:\Users\Nancy M Home Built\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
( ) C:\Windows\System32\lxeacoms.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Apple Inc.) E:\iCloud\iCloudServices.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Dropbox, Inc.) C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [7831840 2012-08-07] (NETGEAR,Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-05] (Microsoft Corporation)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\Run: [iCloudServices] => E:\iCloud\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3338567975-2302980196-3939936843-1000\...\MountPoints2: {211c8e12-f13b-11e2-9636-8dbd9c4fe80d} - F:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF12488FDD43BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.170.189.30 64.251.13.6 24.56.178.101

FireFox:
========
FF ProfilePath: C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nancy M Home Built\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: No Name - C:\Users\Nancy M Home Built\AppData\Roaming\Mozilla\Firefox\Profiles\xwsq4nkb.default\Extensions\{8B5CAAD2-D1EB-AD4E-6003-EAC59E874F6C} [2013-11-23]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.)
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [25888 2012-07-27] ()

==================== Drivers (Whitelisted) ====================

R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2263144 2012-07-31] (Broadcom Corporation)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-11-24] (GFI Software)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-25] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 ECSIoDriver_1_1_0_0; \??\D:\ECSIoDriverX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 11:36 - 2014-06-25 11:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 11:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 11:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 11:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-25 11:34 - 2014-06-25 11:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nancy M Home Built\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-24 10:36 - 2014-06-24 10:36 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\Adobe
2014-06-24 10:34 - 2014-06-24 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-24 08:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 08:28 - 2014-06-24 18:37 - 00000000 ____D () C:\AdwCleaner
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-20 19:21 - 2014-06-20 19:30 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:10 - 2014-06-25 12:36 - 00013436 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-19 19:10 - 2014-06-25 12:36 - 00000000 ____D () C:\FRST
2014-06-19 19:10 - 2014-06-19 19:11 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-19 19:09 - 2014-06-24 08:27 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-14 15:50 - 2014-06-14 15:52 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:50 - 2014-06-14 15:52 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-10 16:05 - 2014-05-30 04:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 16:05 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 04:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 16:05 - 2014-05-30 03:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 16:05 - 2014-05-30 03:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 16:05 - 2014-05-30 03:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 03:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 16:05 - 2014-05-30 03:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 16:05 - 2014-05-30 03:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 03:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 16:05 - 2014-05-30 03:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 16:05 - 2014-05-30 03:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 16:05 - 2014-05-30 03:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 16:05 - 2014-05-30 03:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 16:05 - 2014-05-30 02:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 16:05 - 2014-05-30 02:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 16:05 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 16:05 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 16:05 - 2014-05-30 02:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 16:05 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 16:05 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 16:05 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 16:05 - 2014-05-30 02:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 16:05 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 16:05 - 2014-05-30 02:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 02:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 16:05 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 16:05 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 16:05 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 16:05 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 16:05 - 2014-05-30 01:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 16:05 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 16:05 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 16:05 - 2014-05-30 01:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 16:05 - 2014-05-30 01:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 16:05 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 16:05 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 16:05 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 16:05 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 16:05 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 16:05 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 16:05 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 16:05 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 16:05 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 16:04 - 2014-06-08 03:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 16:04 - 2014-06-08 03:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-30 14:19 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-06-25 12:36 - 2014-06-19 19:10 - 00013436 _____ () C:\Users\Nancy M Home Built\Desktop\FRST.txt
2014-06-25 12:36 - 2014-06-19 19:10 - 00000000 ____D () C:\FRST
2014-06-25 12:34 - 2014-04-15 15:06 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ShopAtHome
2014-06-25 11:56 - 2013-04-17 23:59 - 01692325 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 11:53 - 2013-11-01 15:21 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 11:51 - 2009-07-13 23:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 11:50 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 11:50 - 2009-07-13 22:45 - 00061664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 11:43 - 2014-06-25 11:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 11:43 - 2014-02-06 09:37 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\DropboxMaster
2014-06-25 11:43 - 2013-11-01 15:21 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 11:43 - 2013-08-16 19:27 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-25 11:43 - 2013-07-08 13:25 - 00000000 ___RD () C:\Users\Nancy M Home Built\Dropbox
2014-06-25 11:43 - 2013-07-08 13:23 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox
2014-06-25 11:43 - 2013-04-27 09:06 - 00059030 _____ () C:\ProgramData\lxeascan.log
2014-06-25 11:42 - 2013-04-18 00:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-25 11:42 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 11:42 - 2009-07-13 22:51 - 00069860 _____ () C:\Windows\setupact.log
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 11:36 - 2014-06-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 11:34 - 2014-06-25 11:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nancy M Home Built\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-25 11:32 - 2013-11-24 13:30 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Lavasoft
2014-06-24 18:39 - 2013-04-28 18:54 - 00126558 _____ () C:\Windows\PFRO.log
2014-06-24 18:39 - 2009-07-13 22:45 - 00343584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-24 18:37 - 2014-06-24 08:28 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:23 - 2013-08-12 22:06 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\1D1D488F-5F9C-47FA-9913-18540D12738A.aplzod
2014-06-24 10:36 - 2014-06-24 10:36 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\Adobe
2014-06-24 10:36 - 2013-04-20 19:43 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Adobe
2014-06-24 10:34 - 2014-06-24 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-24 10:34 - 2014-06-24 10:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-24 10:34 - 2013-05-07 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-24 10:09 - 2013-04-17 20:19 - 00078264 _____ () C:\Users\Nancy M Home Built\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-24 08:28 - 2014-06-24 08:28 - 01342659 _____ () C:\Users\Nancy M Home Built\Desktop\AdwCleaner.exe
2014-06-24 08:27 - 2014-06-24 08:27 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\FRST-OlderVersion
2014-06-24 08:27 - 2014-06-19 19:09 - 02082816 _____ (Farbar) C:\Users\Nancy M Home Built\Desktop\FRST64.exe
2014-06-20 19:57 - 2013-05-09 13:59 - 00000000 ____D () C:\ProgramData\xml_param
2014-06-20 19:54 - 2013-05-09 13:55 - 00000000 ____D () C:\ProgramData\Aimersoft Video Converter Ultimate
2014-06-20 19:30 - 2014-06-20 19:21 - 2129481728 _____ () C:\Users\Nancy M Home Built\Downloads\P.S. I Love You.VOB
2014-06-19 19:11 - 2014-06-19 19:10 - 00039117 _____ () C:\Users\Nancy M Home Built\Desktop\Addition.txt
2014-06-18 07:48 - 2013-11-01 15:21 - 00003918 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 07:48 - 2013-11-01 15:21 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:36 - 2013-12-03 10:35 - 00000512 _____ () C:\Users\Nancy M Home Built\Desktop\Google Calendar.website
2014-06-15 13:31 - 2013-07-09 18:19 - 00000000 ____D () C:\Users\Nancy M Home Built\Desktop\Finance
2014-06-14 15:52 - 2014-06-14 15:50 - 00017019 _____ () C:\Users\Nancy M Home Built\Desktop\dds.txt
2014-06-14 15:52 - 2014-06-14 15:50 - 00009889 _____ () C:\Users\Nancy M Home Built\Desktop\attach.txt
2014-06-14 15:32 - 2013-11-24 15:18 - 00000000 ____D () C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2014-06-13 17:08 - 2013-04-27 09:08 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-13 17:05 - 2013-04-27 09:10 - 00034624 _____ () C:\ProgramData\lxeaJSW.log
2014-06-11 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:03 - 2013-08-15 01:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2013-04-27 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-04-22 09:28 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:01 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 03:13 - 2014-06-10 16:04 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 03:08 - 2014-06-10 16:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 19:44 - 2014-06-04 19:44 - 02690141 _____ () C:\ProgramData\SPL8CEF.tmp
2014-05-30 14:19 - 2014-05-28 19:32 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\TeamViewer
2014-05-30 04:21 - 2014-06-10 16:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 04:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 04:02 - 2014-06-10 16:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 03:45 - 2014-06-10 16:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 03:39 - 2014-06-10 16:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 03:38 - 2014-06-10 16:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 03:28 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 03:27 - 2014-06-10 16:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 03:24 - 2014-06-10 16:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 03:21 - 2014-06-10 16:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 03:21 - 2014-06-10 16:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 03:20 - 2014-06-10 16:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 03:18 - 2014-06-10 16:05 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 03:11 - 2014-06-10 16:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 03:08 - 2014-06-10 16:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 03:06 - 2014-06-10 16:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 03:02 - 2014-06-10 16:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 02:55 - 2014-06-10 16:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:49 - 2014-06-10 16:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:46 - 2014-06-10 16:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 02:44 - 2014-06-10 16:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 02:43 - 2014-06-10 16:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 02:42 - 2014-06-10 16:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 16:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 02:35 - 2014-06-10 16:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 02:34 - 2014-06-10 16:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 16:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 02:30 - 2014-06-10 16:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 02:29 - 2014-06-10 16:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 02:28 - 2014-06-10 16:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 02:27 - 2014-06-10 16:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 02:24 - 2014-06-10 16:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 02:23 - 2014-06-10 16:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 02:16 - 2014-06-10 16:05 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 16:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 16:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 02:04 - 2014-06-10 16:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 16:05 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 01:56 - 2014-06-10 16:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:54 - 2014-06-10 16:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 16:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 16:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 01:43 - 2014-06-10 16:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:40 - 2014-06-10 16:05 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 01:30 - 2014-06-10 16:05 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:21 - 2014-06-10 16:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 01:15 - 2014-06-10 16:05 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 01:13 - 2014-06-10 16:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 07:54 - 2013-07-08 13:24 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Roaming\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\ATI
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\Users\Nancy M Home Built\AppData\Local\AMD
2014-05-28 19:44 - 2014-05-28 19:44 - 00000000 ____D () C:\ProgramData\ATI
2014-05-28 19:32 - 2014-05-28 19:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

Some content of TEMP:
====================
C:\Users\Nancy M Home Built\AppData\Local\Temp\aacdec.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\air113D.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpja6gmr.dll
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00000.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\ose00001.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\Quarantine.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\RHSetup.exe
C:\Users\Nancy M Home Built\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 00:30

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Nancy M Home Built at 2014-06-25 12:36:44
Running from C:\Users\Nancy M Home Built\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aimersoft Video Converter Ultimate(Build 5.5.0.3) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.0.3 - Aimersoft Software)
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Carbonite Mirror Image (64-bit) (Version: 5.1.13813.2115 - x64) Hidden
Case CATalyst Version 14 (HKLM-x32\...\caseCATalyst4) (Version: 14 - Stenograph, L.L.C.)
Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.59 - NCH Software)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Money 2004 (HKLM-x32\...\{1D643CD4-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.80 - Microsoft)
Microsoft Money 2004 System Pack (HKLM-x32\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version:  - )
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 18.0.0.0 - NETGEAR)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sony Player Plug-in for Windows Media Player (HKLM-x32\...\Sony Player Plug-in for Windows Media Player) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoLAN VLC media player 0.8.6f (HKLM-x32\...\VLC media player) (Version: 0.8.6f - VideoLAN Team)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WMA MP3 Converter v4.3 build 1489 (HKLM-x32\...\{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1) (Version:  - Hoo Technologies)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

21-06-2014 02:18:40 Windows Update
24-06-2014 14:39:53 Windows Update
24-06-2014 16:07:36 Removed Adobe Acrobat X Pro - English, Français, Deutsch.
25-06-2014 17:32:06 AA11

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-05-07 19:14 - 00006893 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36

There are 88 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {015C8A12-623C-4FA2-BF10-1709EA8F14C7} - \bench-sys No Task File <==== ATTENTION
Task: {39A523BC-F6D3-46C9-BCC9-7F704FCC82E9} - \bench-S-1-5-21-3338567975-2302980196-3939936843-1000 No Task File <==== ATTENTION
Task: {5040A7F7-74AC-48EC-9AF4-C6B1CB4C4005} - \AmiUpdXp No Task File <==== ATTENTION
Task: {60F72335-F562-4F99-A1DA-712D358B2738} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)
Task: {8DA60869-D3EE-4783-B803-2DEAB6E87051} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9C37D7E9-CD8D-4E4E-B598-54E4DD5AC324} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-01] (Google Inc.)
Task: {C40B385C-F0F3-4092-8B98-3F17F5EC6EAD} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-18 20:42 - 2013-03-14 22:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-27 09:06 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 15:30 - 2011-11-13 15:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 15:31 - 2011-11-13 15:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-05-04 16:41 - 2012-05-04 16:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 02869760 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtCore4.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 01277440 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtNetwork4.dll
2011-02-14 13:45 - 2011-02-14 13:45 - 00840704 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\QtSql4.dll
2009-11-14 21:21 - 2009-11-14 21:21 - 01800704 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\LIBEAY32.dll
2009-11-14 21:22 - 2009-11-14 21:22 - 00284160 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\SSLEAY32.dll
2009-11-14 21:14 - 2009-11-14 21:14 - 00076288 _____ () C:\Program Files\Carbonite\Carbonite Mirror Image\ZLIB1.dll
2013-04-18 06:01 - 2012-07-27 14:27 - 00025888 _____ () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
2013-04-27 09:06 - 2011-01-23 20:08 - 00770728 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-27 09:06 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2013-04-27 09:05 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2013-04-27 09:06 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2013-04-27 09:06 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2013-04-27 09:02 - 2009-02-20 02:48 - 00381440 _____ () C:\Windows\system32\lxeasm.dll
2013-04-27 09:02 - 2009-02-20 02:48 - 00023552 _____ () C:\Windows\system32\lxeasmr.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () E:\iCloud\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () E:\iCloud\libxml2.dll
2014-06-25 11:43 - 2014-06-25 11:43 - 00043008 _____ () c:\Users\Nancy M Home Built\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpja6gmr.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Nancy M Home Built\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Adobe\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "E:\Adobe\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: ApplePhotoStreams => E:\iCloud\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: Google => C:\Users\Nancy M Home Built\AppData\Roaming\GD1.exe
MSCONFIG\startupreg: iCloudServices => E:\iCloud\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanuchApp => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: WsAudio_Device
Description: WsAudio_Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: WsAudio_Device
Service: WsAudio_Device
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2014 08:05:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c38

Start Time: 01cf8da88116dd01

Termination Time: 554

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/19/2014 09:48:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc0000005
Fault offset: 0x00080894
Faulting process id: 0x528c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/18/2014 01:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17126, time stamp: 0x53884c7d
Exception code: 0xc0000005
Fault offset: 0x0032220b
Faulting process id: 0x1b80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/15/2014 01:31:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 12.0.6683.5002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34ac

Start Time: 01cf88bcea242258

Termination Time: 0

Application Path: C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE

Report Id:

Error: (06/14/2014 08:03:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (06/14/2014 07:50:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 157c

Start Time: 01cf883b2c426ca9

Termination Time: 93

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 6decfa9e-f42f-11e3-bf70-a3d597c4b603

Error: (06/14/2014 06:29:58 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (3952) WebCacheLocal: Database recovery/restore failed with unexpected error -1018.

Error: (06/14/2014 06:29:58 PM) (Source: ESENT) (EventID: 419) (User: )
Description: taskhost (3952) WebCacheLocal: Unable to read page 794 of database C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat. Error -1018.

Error: (06/14/2014 06:29:57 PM) (Source: ESENT) (EventID: 465) (User: )
Description: taskhost (3952) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\V01.log. The failing checksum record is located at position 8:0. Data not matching the log-file fill pattern first appeared in sector 339. This logfile has been damaged and is unusable.

Error: (06/14/2014 06:29:57 PM) (Source: ESENT) (EventID: 477) (User: )
Description: taskhost (3952) WebCacheLocal: The log range read from the file "C:\Users\Nancy M Home Built\AppData\Local\Microsoft\Windows\WebCache\V01.log" at offset 4096 (0x0000000000001000) for 169472 (0x00029600) bytes failed verification due to a range checksum mismatch.  The expected checksum was 3568429976 (0xd4b1eb98) and the actual checksum was 1008190608 (0x3c17c490). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

System errors:
=============
Error: (06/25/2014 11:44:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/25/2014 11:44:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/25/2014 11:44:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/25/2014 11:42:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (06/25/2014 11:42:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (06/25/2014 11:42:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (06/25/2014 11:42:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:41:00 AM on ‎6/‎25/‎2014 was unexpected.

Error: (06/24/2014 06:41:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (06/24/2014 06:41:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/24/2014 06:40:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 8162.15 MB
Available physical RAM: 6248.34 MB
Total Pagefile: 16322.48 MB
Available Pagefile: 14365.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:32.68 GB) NTFS
Drive e: (Local Extra) (Fixed) (Total:465.76 GB) (Free:327.86 GB) NTFS
Drive g: (External Toshiba) (Fixed) (Total:931.51 GB) (Free:171.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 61852C15)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 6C87C77E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: D344373D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

TIA!



#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:02:26 PM

Posted 25 June 2014 - 08:14 PM

Hello nlmiller1975,

 

Your logs are looking better and it looks like MBAM found some bad entries as well.   :thumbup2:

 

Please do the following.

 

==========

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\SPL8CEF.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=====================================================

Please post a fresh FRST Scan log after the FRST Fix above completes.

I'm not sure what you mean by "TIA!"

How is your computer running after the MBAM scan and this FRST Fix? Are you still getting those pop-ups?

=====================================================

What I'd like to see in your next post:  :thumbsup2:

  • Fixlog.txt
  • Fresh FRST Scan log
  • How is your computer running?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users