Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown infection - need help


  • Please log in to reply
17 replies to this topic

#1 beyondfrustrated

beyondfrustrated

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 18 June 2014 - 11:11 AM

I have a windows 7 operating system and usually use firefox as my browser.  I apologize, in advance, for my lack of computer knowledge.  Something is making my computer act glitchy.  I think its a virus or malware, but I have no idea what is going on.  Here are some of the symptoms:

 

1. When I turn on my computer and try to sign into my account, the computer automatically switches it to the administrator account to get me to log in there. However, I am able to switch over and sign in on the other account (not under the administrator.)

 

2. When I try to open firefox, a popup window opens asking me to sign in as administrator to allow Mozilla to make changes to my computer.

 

3. The battery icon on my task bar disappeared yesterday.  It's back now, no idea what's up with that.

 

4. When I watch videos on netflix or Amazon, the menu bar with the play/pause and time display disappears.  This just started happening in the last few days. I can get it back if I do a control/alt/delete, go to task manager and hit end processes.

 

5. If I open more than one window, when I go to close them, I can't close the last window using the red X in the upper right hand corner. Again, I can get them to close if I do a control/alt/delete, go to task manager and hit end processes.  Doing this releases whatever hold is on my computer and allows me to use the red X to close that final window.

 

6. My right click button stopped working on my touch pad.

 

7. I can't run Malwarebytes under my regular account, but I have been able to get it to run under my administrator account.  BTW, it says I'm not infected.

 

8. I'm having loads of trouble downloading.   If I'm able to download at all, I have to click on the download link, then hit control ATL Delete and go to the task manager and hit end processes.  Only then am I allowed to download and even then not always.  Also, doing this maneuver would allow me to close the stuck open windows and retreive the lost menu bars in Netflix and Amazon videos.

 

This is everything I can think of that right now.  I am attaching my dds.txt and attach.txt log files.  Thanks, in advance, for any assistance.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 18 June 2014 - 11:38 AM

I meant to add the copy and pasted logs, so here they are . . .

 

attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/6/2012 3:04:57 AM
System Uptime: 6/18/2014 9:04:15 AM (1 hours ago)
.
Motherboard: Gateway |  | SJV50_HR
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 508.435 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_16B5&SUBSYS_05041025&REV_10\4&BC62EF4&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_16B5&SUBSYS_05041025&REV_10\4&BC62EF4&0&00E0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP184: 6/4/2014 11:38:38 PM - Cleaner (Spybot - Search & Destroy 2.3, administrator privileges
RP185: 6/4/2014 11:39:21 PM - Cleaner (Spybot - Search & Destroy 2.3, administrator privileges
RP186: 6/5/2014 12:26:00 PM - RegClean Pro Thu, Jun 05, 14  12:25
RP187: 6/5/2014 3:30:47 PM - Installed Java 7 Update 60
RP188: 6/7/2014 4:17:13 PM - Windows Update
RP189: 6/11/2014 5:56:42 PM - Windows Update
RP190: 6/11/2014 8:41:37 PM - Windows Update
RP191: 6/11/2014 9:36:11 PM - Removed iTunes
RP192: 6/11/2014 10:20:54 PM - Installed iTunes
RP193: 6/15/2014 9:35:36 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.10) MUI
Amazon 1Button App
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Best Buy pc app
Bing Bar
Bonjour
Broadcom Card Reader Driver Installer
Canon Easy-PhotoPrint EX
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MG2100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner
CyberLink PowerDVD 10
D3DX10
Galerie de photos Windows Live
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Update Helper
iCloud
Identity Card
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nitro Reader 3
NOOK for PC
OpenOffice.org 3.4.1
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime 7
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Spybot - Search & Destroy
Systweak Toolbar
Video Web Camera
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/18/2014 9:03:38 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
6/18/2014 8:29:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/18/2014 8:29:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/18/2014 8:29:10 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/18/2014 8:29:08 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
6/18/2014 8:29:05 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/18/2014 8:28:58 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
6/18/2014 8:28:55 AM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
6/18/2014 8:28:51 AM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
6/13/2014 11:41:52 AM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
6/13/2014 10:19:41 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
6/11/2014 10:25:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache MpFilter spldr Wanarpv6
.
==== End Of File ===========================
 

And, here is dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
Run by Master at 10:07:16 on 2014-06-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5996.3993 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\May May\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_ie_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_03769e963d75434e9f44e0c3faf8e1d0_39_1006_20140605_US_ie_sp_dcomnew-sec-728
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Systweak Toolbar for Internet Explorer: {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Systweak Toolbar for Internet Explorer: {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE}\1687F6E6 : DHCPNameServer = 8.8.8.8 205.171.3.25
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE}\2375942554831303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE}\8434C4F5055726C69636 : DHCPNameServer = 172.21.116.23 172.21.116.24
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE}\9436B69737362796264393030393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{941D9CD7-385A-4DC1-A7D9-574DFBBFE5CE}\B696E6763747F6E6 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {981b174d-7733-4e7f-b89d-6545a7c21838} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe /pin:
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Systweak Toolbar for Internet Explorer: {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll
x64-TB: Systweak Toolbar for Internet Explorer: {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [InstallerLauncher] "C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-7-30 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-7-30 27456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [2014-6-4 61120]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-18 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-10-27 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-18 7168]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-18 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-1 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-1 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-1 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2012-8-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2012-8-13 21080]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2012-6-18 55384]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-8-14 70744]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-18 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-10-5 328592]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-17 14:18:07    10702536    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0455A1D2-4F85-47A6-8CB0-7F9F17EDFF64}\mpengine.dll
2014-06-16 02:36:18    10702536    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 01:54:29    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B2BFE58-633D-4C0E-B0D8-D14F9729B12F}\gapaengine.dll
2014-06-13 17:25:05    --------    d-----w-    C:\ProgramData\SUPPORTDIR
2014-06-13 16:42:24    --------    d-----w-    C:\Users\Master\AppData\Local\Cyberlink
2014-06-12 03:22:27    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-06-12 03:21:32    --------    d-----w-    C:\Program Files\iPod
2014-06-12 03:21:31    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-12 03:21:31    --------    d-----w-    C:\Program Files\iTunes
2014-06-12 03:21:31    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-06-11 08:54:00    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-06-11 08:54:00    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-06-11 08:52:18    506368    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-11 08:52:18    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-06 21:47:22    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-06 21:47:14    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-06 21:47:14    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-06 21:47:14    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-06-06 21:47:12    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 20:04:04    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-06-06 19:59:16    45477    ----a-w-    C:\ProgramData\1402084724.bdinstall.bin
2014-06-06 19:58:43    --------    d-----w-    C:\Users\Master\AppData\Roaming\QuickScan
2014-06-06 01:00:32    --------    d-----w-    C:\Program Files\CCleaner
2014-06-05 20:32:04    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-05 19:18:56    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-06-05 18:46:05    98816    ----a-w-    C:\Windows\sed.exe
2014-06-05 18:46:05    256000    ----a-w-    C:\Windows\PEV.exe
2014-06-05 18:46:05    208896    ----a-w-    C:\Windows\MBR.exe
2014-06-05 18:46:01    --------    d-s---w-    C:\ComboFix
2014-06-05 17:26:05    --------    d-----w-    C:\Users\Master\AppData\Roaming\rightbackup
2014-06-05 17:26:04    --------    d-----w-    C:\Program Files\Systweak Toolbar
2014-06-05 17:25:21    --------    d-----w-    C:\Program Files (x86)\Amazon
2014-06-05 17:24:13    --------    d-----w-    C:\Users\Master\AppData\Roaming\systweak
2014-06-05 04:49:52    61120    ----a-w-    C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-05 03:47:42    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2014-06-04 14:44:05    --------    d-sh--w-    C:\Users\Master\AppData\Local\EmieUserList
2014-06-04 14:44:05    --------    d-sh--w-    C:\Users\Master\AppData\Local\EmieSiteList
2014-06-02 00:27:05    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-06-02 00:27:04    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-06-02 00:26:57    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-31 18:05:19    --------    d-----w-    C:\Users\Master\AppData\Local\Google
2014-05-31 04:05:13    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-31 04:04:45    --------    d-----w-    C:\Users\Master\AppData\Local\Programs
.
==================== Find3M  ====================
.
2014-05-30 10:02:37    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22    5782528    ----a-w-    C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-05-30 07:56:50    4244992    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10    1790976    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-05-14 15:37:51    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 15:37:51    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09    288192    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50    1389056    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 10:08:07.32 ===============
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 22 June 2014 - 09:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 22 June 2014 - 08:44 PM

Thank you for your help.  I was able to download and run AdwCleaner and Farbar Recovery Scan Tool (64 bit).  Per the instructions, I will paste the AdwCleaner log and the FRST.txt.  I will also attach the Addition.txt.

 

Here is the AdwCleaner log:

# AdwCleaner v3.213 - Report created 22/06/2014 at 19:48:07
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Master - MAYMAY-PC
# Running from : C:\Users\May May\Downloads\adwcleaner_3.213.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\BrowserSafeguard Update Task
File Found : C:\Windows\System32\Tasks\Buzz-it Update
File Found : C:\Windows\System32\Tasks\Buzz-it_wd
File Found : C:\Windows\Tasks\Buzz-it Update.job
File Found : C:\Windows\Tasks\Buzz-it_wd.job
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Users\Master\AppData\Roaming\Systweak
Folder Found : C:\Users\May May\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_ie_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_03769e963d75434e9f44e0c3faf8e1d0_39_1006_20140605_US_ie_sp_dcomnew-sec-728

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Guest.MayMay-PC\AppData\Roaming\Mozilla\Firefox\Profiles\2v6yotik.default-1401504598312\prefs.js ]


[ File : C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\p32a0p7i.default\prefs.js ]


[ File : C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\qkv8bt8z.default-1403379234113\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Guest.MayMay-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tag=bds-p23-serp-us-cr-20&tbrId=v1_abb-channel-23_03769e963d75434e9f44e0c3faf8e1d0_39_1006_20140605_US_cr_ds_dcomnew-sec-728&query={searchTerms}
Found [Startup_urls] : hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_03769e963d75434e9f44e0c3faf8e1d0_39_1006_20140605_US_cr_sp_dcomnew-sec-728
Found [Homepage] : hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_03769e963d75434e9f44e0c3faf8e1d0_39_1006_20140605_US_cr_sp_dcomnew-sec-728
Found [Extension] : pbjikboenpfhbbejgkoklgkhjpfogcam

[ File : C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [3603 octets] - [22/06/2014 19:48:07]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [3663 octets] ##########
 

And here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by May May (ATTENTION: The logged in user is not administrator) on MAYMAY-PC on 22-06-2014 20:22:23
Running from C:\Users\May May\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\May May\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2013-07-30] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Run: [Spotify Web Helper] => C:\Users\May May\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-14] (Spotify Ltd)
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\May May\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49468;https=127.0.0.1:49468
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\qkv8bt8z.default-1403379234113
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\qkv8bt8z.default-1403379234113\Extensions\https-everywhere@eff.org [2014-06-21]
FF Extension: NoScript - C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\qkv8bt8z.default-1403379234113\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-21]
FF Extension: Adblock Plus - C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\qkv8bt8z.default-1403379234113\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-21]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Google Search) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
CHR Extension: (Gmail) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]

==================== Services (Whitelisted) =================

R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-03] (StdLib)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-22 20:22 - 2014-06-22 20:22 - 00016015 _____ () C:\Users\May May\Downloads\FRST.txt
2014-06-22 20:11 - 2014-06-22 20:22 - 00000000 ____D () C:\FRST
2014-06-22 20:10 - 2014-06-22 20:11 - 02082816 _____ (Farbar) C:\Users\May May\Downloads\FRST64.exe
2014-06-22 19:54 - 2014-06-22 19:54 - 00000314 _____ () C:\Windows\PFRO.log
2014-06-22 19:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-22 19:43 - 2014-06-22 19:57 - 00000000 ____D () C:\AdwCleaner
2014-06-22 19:42 - 2014-06-22 19:42 - 01342659 _____ () C:\Users\May May\Downloads\adwcleaner_3.213.exe
2014-06-21 14:45 - 2014-06-22 20:16 - 00000280 _____ () C:\Windows\setupact.log
2014-06-21 14:45 - 2014-06-21 14:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-18 17:07 - 2014-06-22 20:19 - 00271378 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 10:06 - 2014-06-18 10:06 - 00688992 ____R (Swearware) C:\Users\May May\Downloads\dds(1).com
2014-06-18 10:03 - 2014-06-18 10:04 - 00688992 _____ (Swearware) C:\Users\May May\Downloads\dds.com
2014-06-13 12:25 - 2014-06-13 12:25 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2014-06-13 12:18 - 2014-06-13 12:19 - 151103336 _____ () C:\Users\May May\Documents\PowerDVD_14.0.4028.58_Patch_DVD140418-09.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (2).exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (1).exe
2014-06-11 22:22 - 2014-06-11 22:22 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 22:22 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 22:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 22:21 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iPod
2014-06-11 22:10 - 2014-06-11 22:12 - 112616784 _____ (Apple Inc.) C:\Users\May May\Downloads\iTunes64Setup(1).exe
2014-06-11 03:54 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 03:54 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 03:53 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 03:53 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 03:53 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 03:53 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 03:53 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 03:53 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 03:53 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 03:53 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 03:53 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 03:53 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 03:53 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 03:53 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 03:53 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 03:53 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 03:53 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 03:53 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 03:53 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 03:53 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 03:53 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 03:53 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 03:53 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 03:53 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 03:53 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 03:53 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 03:53 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 03:53 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 03:53 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 03:53 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 03:53 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 03:53 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 03:53 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 03:53 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 03:53 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 03:53 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 03:53 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 03:53 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 03:53 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 03:53 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 03:53 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 03:53 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 03:53 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 03:53 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 03:53 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 03:53 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 03:53 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 03:53 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 03:53 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 03:53 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 03:53 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 03:53 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 03:53 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 03:53 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 03:53 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 03:53 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 03:53 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 03:53 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 03:53 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 03:53 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 03:53 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 03:53 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 03:53 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 03:53 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 03:52 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 03:52 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 17:11 - 2014-06-06 17:12 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\May May\Downloads\rkill.com
2014-06-06 16:47 - 2014-06-18 09:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 16:47 - 2014-06-06 16:47 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-06 16:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-06 16:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-06 16:45 - 2014-06-06 16:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-06 15:04 - 2014-06-06 15:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 15:00 - 2014-06-06 15:02 - 139307672 _____ () C:\Users\May May\Downloads\setup_11.0.1.1245.x01_2014_06_06_21_24.exe
2014-06-06 14:59 - 2014-06-06 14:59 - 00045477 _____ () C:\ProgramData\1402084724.bdinstall.bin
2014-06-06 14:58 - 2014-06-06 14:58 - 10447328 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-06 14:57 - 2014-06-06 14:57 - 00162208 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition.exe
2014-06-05 20:00 - 2014-06-13 14:12 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-05 19:59 - 2014-06-22 20:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 19:59 - 2014-06-22 19:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 19:58 - 2014-06-05 19:59 - 04748896 _____ (Piriform Ltd) C:\Users\May May\Downloads\ccsetup414.exe
2014-06-05 15:32 - 2014-06-05 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 15:32 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 15:32 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 15:32 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 15:32 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 15:31 - 2014-06-05 15:32 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 15:29 - 2014-06-05 15:29 - 00918952 _____ (Oracle Corporation) C:\Users\May May\Downloads\jxpiinstall(5).exe
2014-06-05 14:53 - 2014-06-18 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-05 14:53 - 2014-06-05 14:53 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-05 14:53 - 2014-06-05 14:53 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-05 13:55 - 2014-06-05 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-05 13:46 - 2014-06-05 13:46 - 00000000 ___SD () C:\ComboFix
2014-06-05 13:46 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 13:46 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 13:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 13:05 - 2014-06-05 13:46 - 00000000 ____D () C:\Qoobox
2014-06-05 13:05 - 2014-06-05 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 13:03 - 2014-06-05 13:04 - 05205146 ____R (Swearware) C:\Users\May May\Downloads\ComboFix.exe
2014-06-05 13:02 - 2014-06-05 13:03 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (2).exe
2014-06-05 12:44 - 2014-06-05 12:45 - 107051288 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (2).exe
2014-06-05 12:36 - 2014-06-05 12:36 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\May May\Downloads\tdsskiller.exe
2014-06-05 12:26 - 2014-06-05 12:26 - 00000000 ____D () C:\Program Files\Systweak Toolbar
2014-06-05 12:25 - 2014-06-05 19:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-05 12:25 - 2014-06-05 12:25 - 00002212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-06-05 12:23 - 2014-06-05 12:23 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-06-04 23:55 - 2014-06-04 23:57 - 106968344 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (1).exe
2014-06-04 23:49 - 2014-06-03 15:04 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-04 22:46 - 2014-06-04 22:46 - 00943392 _____ () C:\Users\May May\Downloads\Firefox.exe
2014-06-01 19:27 - 2014-06-01 21:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-01 19:27 - 2014-06-01 19:27 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-01 19:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-01 19:26 - 2014-06-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 18:42 - 2014-06-01 18:43 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\May May\Downloads\spybot-2.3.exe
2014-06-01 18:42 - 2014-06-01 18:42 - 05071888 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728.exe
2014-05-31 13:05 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-30 23:05 - 2014-05-30 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 23:03 - 2014-05-30 23:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 22:21 - 2014-06-21 14:33 - 00000000 ____D () C:\Users\May May\Desktop\Old Firefox Data
2014-05-30 21:29 - 2014-05-30 21:30 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\May May\Downloads\SlimCleaner-setup.exe
2014-05-30 12:53 - 2014-05-30 12:54 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert(1).exe
2014-05-30 12:40 - 2014-05-30 12:41 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert.exe

==================== One Month Modified Files and Folders =======

2014-06-22 20:22 - 2014-06-22 20:22 - 00016015 _____ () C:\Users\May May\Downloads\FRST.txt
2014-06-22 20:22 - 2014-06-22 20:11 - 00000000 ____D () C:\FRST
2014-06-22 20:19 - 2014-06-18 17:07 - 00271378 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 20:17 - 2014-06-05 19:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 20:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 20:16 - 2014-06-21 14:45 - 00000280 _____ () C:\Windows\setupact.log
2014-06-22 20:16 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 20:11 - 2014-06-22 20:10 - 02082816 _____ (Farbar) C:\Users\May May\Downloads\FRST64.exe
2014-06-22 20:07 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 20:07 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 19:57 - 2014-06-22 19:43 - 00000000 ____D () C:\AdwCleaner
2014-06-22 19:54 - 2014-06-22 19:54 - 00000314 _____ () C:\Windows\PFRO.log
2014-06-22 19:42 - 2014-06-22 19:42 - 01342659 _____ () C:\Users\May May\Downloads\adwcleaner_3.213.exe
2014-06-22 19:38 - 2014-06-05 19:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 19:38 - 2012-08-10 15:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 15:58 - 2012-08-01 10:40 - 00000000 ____D () C:\Users\May May\AppData\Local\CrashDumps
2014-06-21 14:45 - 2014-06-21 14:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 14:33 - 2014-05-30 22:21 - 00000000 ____D () C:\Users\May May\Desktop\Old Firefox Data
2014-06-20 09:52 - 2013-08-13 21:49 - 00000157 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-06-18 11:17 - 2014-06-05 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 11:17 - 2014-05-10 06:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 10:06 - 2014-06-18 10:06 - 00688992 ____R (Swearware) C:\Users\May May\Downloads\dds(1).com
2014-06-18 10:04 - 2014-06-18 10:03 - 00688992 _____ (Swearware) C:\Users\May May\Downloads\dds.com
2014-06-18 09:19 - 2014-06-06 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 23:18 - 2012-06-08 09:23 - 00000000 ____D () C:\Users\May May\AppData\Roaming\SoftGrid Client
2014-06-13 14:12 - 2014-06-05 20:00 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 12:25 - 2014-06-13 12:25 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2014-06-13 12:25 - 2011-08-18 10:23 - 00000000 ____D () C:\ProgramData\install_clap
2014-06-13 12:19 - 2014-06-13 12:18 - 151103336 _____ () C:\Users\May May\Documents\PowerDVD_14.0.4028.58_Patch_DVD140418-09.exe
2014-06-13 12:17 - 2012-06-07 14:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (2).exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (1).exe
2014-06-13 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 10:31 - 2009-07-14 00:13 - 00785256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 22:36 - 2013-03-16 16:59 - 00000000 ____D () C:\Users\Master
2014-06-11 22:22 - 2014-06-11 22:22 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 22:22 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 22:21 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iPod
2014-06-11 22:12 - 2014-06-11 22:10 - 112616784 _____ (Apple Inc.) C:\Users\May May\Downloads\iTunes64Setup(1).exe
2014-06-11 21:27 - 2013-01-26 22:35 - 00000000 ____D () C:\Users\May May\AppData\Roaming\Apple Computer
2014-06-11 20:45 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 20:43 - 2012-06-22 11:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 20:41 - 2014-05-19 03:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 04:13 - 2014-06-11 03:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 03:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 17:12 - 2014-06-06 17:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\May May\Downloads\rkill.com
2014-06-06 16:59 - 2011-08-18 10:31 - 00000000 ____D () C:\Windows\en
2014-06-06 16:47 - 2014-06-06 16:47 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 16:45 - 2014-06-06 16:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-06 15:04 - 2014-06-06 15:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 15:02 - 2014-06-06 15:00 - 139307672 _____ () C:\Users\May May\Downloads\setup_11.0.1.1245.x01_2014_06_06_21_24.exe
2014-06-06 14:59 - 2014-06-06 14:59 - 00045477 _____ () C:\ProgramData\1402084724.bdinstall.bin
2014-06-06 14:59 - 2013-08-05 17:22 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-06-06 14:58 - 2014-06-06 14:58 - 10447328 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-06 14:57 - 2014-06-06 14:57 - 00162208 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition.exe
2014-06-06 14:12 - 2011-10-27 11:12 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-06-05 20:00 - 2014-06-05 20:00 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-05 20:00 - 2014-05-31 13:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-05 20:00 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-06-05 19:59 - 2014-06-05 19:58 - 04748896 _____ (Piriform Ltd) C:\Users\May May\Downloads\ccsetup414.exe
2014-06-05 19:23 - 2014-06-05 12:25 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-05 19:23 - 2014-03-22 23:29 - 00043076 _____ () C:\Windows\wininit.ini
2014-06-05 15:35 - 2013-12-15 11:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 15:32 - 2014-06-05 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 15:32 - 2014-06-05 15:31 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 15:32 - 2013-07-29 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 15:29 - 2014-06-05 15:29 - 00918952 _____ (Oracle Corporation) C:\Users\May May\Downloads\jxpiinstall(5).exe
2014-06-05 14:53 - 2014-06-05 14:53 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-05 14:53 - 2014-06-05 14:53 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-05 14:21 - 2012-06-06 03:06 - 00000000 ____D () C:\Users\May May\AppData\Local\Deployment
2014-06-05 14:21 - 2012-06-05 15:59 - 00000000 ____D () C:\Users\May May\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-06-05 14:17 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-05 13:56 - 2014-06-05 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-05 13:46 - 2014-06-05 13:46 - 00000000 ___SD () C:\ComboFix
2014-06-05 13:46 - 2014-06-05 13:05 - 00000000 ____D () C:\Qoobox
2014-06-05 13:05 - 2014-06-05 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 13:04 - 2014-06-05 13:03 - 05205146 ____R (Swearware) C:\Users\May May\Downloads\ComboFix.exe
2014-06-05 13:03 - 2014-06-05 13:02 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (2).exe
2014-06-05 12:45 - 2014-06-05 12:44 - 107051288 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (2).exe
2014-06-05 12:36 - 2014-06-05 12:36 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\May May\Downloads\tdsskiller.exe
2014-06-05 12:26 - 2014-06-05 12:26 - 00000000 ____D () C:\Program Files\Systweak Toolbar
2014-06-05 12:25 - 2014-06-05 12:25 - 00002212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-06-05 12:23 - 2014-06-05 12:23 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-06-05 11:23 - 2012-06-06 03:05 - 00066424 _____ () C:\Users\May May\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-05 07:45 - 2013-08-26 17:27 - 00000000 ____D () C:\Users\Guest.MayMay-PC
2014-06-05 07:45 - 2013-07-22 00:39 - 00000000 ____D () C:\Users\New May May
2014-06-05 07:45 - 2013-07-21 23:54 - 00000000 ____D () C:\Users\Guest
2014-06-04 23:57 - 2014-06-04 23:55 - 106968344 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (1).exe
2014-06-04 22:46 - 2014-06-04 22:46 - 00943392 _____ () C:\Users\May May\Downloads\Firefox.exe
2014-06-03 22:13 - 2012-11-15 16:36 - 00000000 ____D () C:\Users\May May\Documents\My Kindle Content
2014-06-03 15:04 - 2014-06-04 23:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-01 21:26 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-01 19:29 - 2014-06-01 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 19:27 - 2014-06-01 19:27 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-01 18:43 - 2014-06-01 18:42 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\May May\Downloads\spybot-2.3.exe
2014-06-01 18:42 - 2014-06-01 18:42 - 05071888 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728.exe
2014-05-31 13:13 - 2012-06-05 16:22 - 00000000 ____D () C:\Users\May May\AppData\Local\Google
2014-05-30 23:05 - 2014-05-30 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 23:03 - 2014-05-30 23:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 22:01 - 2014-03-22 23:23 - 00204800 ___SH () C:\Users\May May\Downloads\Thumbs.db
2014-05-30 21:30 - 2014-05-30 21:29 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\May May\Downloads\SlimCleaner-setup.exe
2014-05-30 12:54 - 2014-05-30 12:53 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert(1).exe
2014-05-30 12:41 - 2014-05-30 12:40 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert.exe
2014-05-30 08:53 - 2014-05-21 07:16 - 00046518 ____H () C:\Users\May May\Documents\~WRL0005.tmp
2014-05-30 05:21 - 2014-06-11 03:53 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 05:02 - 2014-06-11 03:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 05:02 - 2014-06-11 03:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 04:45 - 2014-06-11 03:53 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 04:39 - 2014-06-11 03:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 04:39 - 2014-06-11 03:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 04:38 - 2014-06-11 03:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 04:28 - 2014-06-11 03:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 04:27 - 2014-06-11 03:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 04:24 - 2014-06-11 03:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 04:21 - 2014-06-11 03:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 04:21 - 2014-06-11 03:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 04:20 - 2014-06-11 03:53 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 04:18 - 2014-06-11 03:53 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 04:11 - 2014-06-11 03:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 04:08 - 2014-06-11 03:53 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 04:06 - 2014-06-11 03:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 04:02 - 2014-06-11 03:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 03:55 - 2014-06-11 03:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 03:49 - 2014-06-11 03:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 03:46 - 2014-06-11 03:53 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 03:44 - 2014-06-11 03:53 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 03:44 - 2014-06-11 03:53 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 03:43 - 2014-06-11 03:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 03:42 - 2014-06-11 03:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 03:38 - 2014-06-11 03:53 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 03:35 - 2014-06-11 03:53 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 03:34 - 2014-06-11 03:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 03:33 - 2014-06-11 03:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 03:30 - 2014-06-11 03:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 03:29 - 2014-06-11 03:53 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 03:28 - 2014-06-11 03:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 03:27 - 2014-06-11 03:53 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 03:24 - 2014-06-11 03:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 03:23 - 2014-06-11 03:53 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 03:16 - 2014-06-11 03:53 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 03:10 - 2014-06-11 03:53 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 03:06 - 2014-06-11 03:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 03:04 - 2014-06-11 03:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 03:02 - 2014-06-11 03:53 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 02:56 - 2014-06-11 03:53 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 02:56 - 2014-06-11 03:53 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 02:54 - 2014-06-11 03:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 02:50 - 2014-06-11 03:53 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 02:49 - 2014-06-11 03:53 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 02:43 - 2014-06-11 03:53 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 02:40 - 2014-06-11 03:53 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 02:30 - 2014-06-11 03:53 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 02:21 - 2014-06-11 03:53 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 02:15 - 2014-06-11 03:53 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 02:13 - 2014-06-11 03:53 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 02:13 - 2014-06-11 03:53 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:18 - 2012-06-05 16:09 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-29 21:18 - 2011-08-18 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-28 15:51 - 2014-05-21 07:16 - 00032245 ____H () C:\Users\May May\Documents\~WRL3544.tmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 23 June 2014 - 08:02 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-03] (StdLib)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#6 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 23 June 2014 - 09:48 AM

I open notepad and copied the entire contents of the code box.  I saved the files as fixlist.txt into the same folder as FRST.
Then, I ran FRST and clicked Fix.  Then, I restarted the computer.  According to your instructions, I was then supposed to retreive Fixlog.txt and post it to my reply.  However, I cannot find Fixlog.txt.  Since I can't find it, I can't post it to my reply. 

 

Not sure what I should do now?  Should I continue on to Download Security Check by screen317?

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 23 June 2014 - 10:45 AM

Run the FRST tool normally one more time and post a fresh log for my review.

==

After a restart run the Security Check tool and post the log also.

#8 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 23 June 2014 - 11:25 AM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by May May (ATTENTION: The logged in user is not administrator) on MAYMAY-PC on 23-06-2014 11:00:28
Running from C:\Users\May May\Desktop\Farbar
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\May May\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2013-07-30] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\Master\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Run: [Spotify Web Helper] => C:\Users\May May\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-14] (Spotify Ltd)
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-790593683-1096260974-77369106-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [157504 2014-02-22] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [141120 2014-02-22] (Amazon Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\May May\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:49468;https=127.0.0.1:49468
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\19g9369l.default-1403490419553
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\19g9369l.default-1403490419553\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-22]
FF Extension: Adblock Plus - C:\Users\May May\AppData\Roaming\Mozilla\Firefox\Profiles\19g9369l.default-1403490419553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-22]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Google Search) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-31]
CHR Extension: (Gmail) - C:\Users\May May\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]

==================== Services (Whitelisted) =================

R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-03] (StdLib)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 10:14 - 2014-06-23 11:00 - 00000000 ____D () C:\Users\May May\Desktop\Farbar
2014-06-23 10:11 - 2014-06-23 10:11 - 00013423 _____ () C:\Users\May May\Desktop\adwcleaner_3.213 - Shortcut.lnk
2014-06-23 09:32 - 2014-06-23 09:34 - 00053368 _____ () C:\Users\May May\Downloads\FRST.txt
2014-06-23 09:13 - 2014-06-23 09:16 - 00000000 ____D () C:\Users\May May\Documents\FRST
2014-06-23 08:21 - 2014-06-23 08:21 - 00000988 _____ () C:\Users\May May\Downloads\FRST - Shortcut.lnk
2014-06-23 08:20 - 2014-06-23 09:26 - 00000000 ____D () C:\Users\May May\Desktop\FRST
2014-06-22 21:30 - 2014-06-22 21:30 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-22 21:30 - 2014-06-22 21:30 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-22 21:30 - 2014-06-22 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:29 - 2014-06-22 21:29 - 00284224 _____ (Mozilla) C:\Users\May May\Downloads\Firefox Setup Stub 30.0.exe
2014-06-22 20:23 - 2014-06-22 20:23 - 00024475 _____ () C:\Users\May May\Downloads\Addition.txt
2014-06-22 20:11 - 2014-06-23 11:00 - 00000000 ____D () C:\FRST
2014-06-22 19:54 - 2014-06-22 21:38 - 00000648 _____ () C:\Windows\PFRO.log
2014-06-22 19:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-22 19:43 - 2014-06-22 19:57 - 00000000 ____D () C:\AdwCleaner
2014-06-22 19:42 - 2014-06-22 19:42 - 01342659 _____ () C:\Users\May May\Downloads\adwcleaner_3.213.exe
2014-06-21 14:45 - 2014-06-23 10:30 - 00000616 _____ () C:\Windows\setupact.log
2014-06-21 14:45 - 2014-06-21 14:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-18 17:07 - 2014-06-23 10:27 - 00333136 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 10:06 - 2014-06-18 10:06 - 00688992 ____R (Swearware) C:\Users\May May\Downloads\dds(1).com
2014-06-18 10:03 - 2014-06-18 10:04 - 00688992 _____ (Swearware) C:\Users\May May\Downloads\dds.com
2014-06-13 12:25 - 2014-06-13 12:25 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2014-06-13 12:18 - 2014-06-13 12:19 - 151103336 _____ () C:\Users\May May\Documents\PowerDVD_14.0.4028.58_Patch_DVD140418-09.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (2).exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (1).exe
2014-06-11 22:22 - 2014-06-11 22:22 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 22:22 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 22:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 22:21 - 2014-06-11 22:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 22:21 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iPod
2014-06-11 22:10 - 2014-06-11 22:12 - 112616784 _____ (Apple Inc.) C:\Users\May May\Downloads\iTunes64Setup(1).exe
2014-06-11 03:54 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 03:54 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 03:53 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 03:53 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 03:53 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 03:53 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 03:53 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 03:53 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 03:53 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 03:53 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 03:53 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 03:53 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 03:53 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 03:53 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 03:53 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 03:53 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 03:53 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 03:53 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 03:53 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 03:53 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 03:53 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 03:53 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 03:53 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 03:53 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 03:53 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 03:53 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 03:53 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 03:53 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 03:53 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 03:53 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 03:53 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 03:53 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 03:53 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 03:53 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 03:53 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 03:53 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 03:53 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 03:53 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 03:53 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 03:53 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 03:53 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 03:53 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 03:53 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 03:53 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 03:53 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 03:53 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 03:53 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 03:53 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 03:53 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 03:53 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 03:53 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 03:53 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 03:53 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 03:53 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 03:53 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 03:53 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 03:53 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 03:53 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 03:53 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 03:53 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 03:53 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 03:53 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 03:53 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 03:53 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 03:52 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 03:52 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 17:11 - 2014-06-06 17:12 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\May May\Downloads\rkill.com
2014-06-06 16:47 - 2014-06-18 09:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 16:47 - 2014-06-06 16:47 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-06 16:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-06 16:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-06 16:45 - 2014-06-06 16:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-06 15:04 - 2014-06-06 15:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 15:00 - 2014-06-06 15:02 - 139307672 _____ () C:\Users\May May\Downloads\setup_11.0.1.1245.x01_2014_06_06_21_24.exe
2014-06-06 14:59 - 2014-06-06 14:59 - 00045477 _____ () C:\ProgramData\1402084724.bdinstall.bin
2014-06-06 14:58 - 2014-06-06 14:58 - 10447328 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-06 14:57 - 2014-06-06 14:57 - 00162208 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition.exe
2014-06-05 20:00 - 2014-06-13 14:12 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-05 19:59 - 2014-06-23 10:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 19:59 - 2014-06-23 10:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 19:58 - 2014-06-05 19:59 - 04748896 _____ (Piriform Ltd) C:\Users\May May\Downloads\ccsetup414.exe
2014-06-05 15:32 - 2014-06-05 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 15:32 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 15:32 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 15:32 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 15:32 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 15:31 - 2014-06-05 15:32 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 15:29 - 2014-06-05 15:29 - 00918952 _____ (Oracle Corporation) C:\Users\May May\Downloads\jxpiinstall(5).exe
2014-06-05 13:55 - 2014-06-05 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-05 13:46 - 2014-06-05 13:46 - 00000000 ___SD () C:\ComboFix
2014-06-05 13:46 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 13:46 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 13:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 13:46 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 13:05 - 2014-06-05 13:46 - 00000000 ____D () C:\Qoobox
2014-06-05 13:05 - 2014-06-05 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 13:03 - 2014-06-05 13:04 - 05205146 ____R (Swearware) C:\Users\May May\Downloads\ComboFix.exe
2014-06-05 13:02 - 2014-06-05 13:03 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (2).exe
2014-06-05 12:44 - 2014-06-05 12:45 - 107051288 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (2).exe
2014-06-05 12:36 - 2014-06-05 12:36 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\May May\Downloads\tdsskiller.exe
2014-06-05 12:26 - 2014-06-05 12:26 - 00000000 ____D () C:\Program Files\Systweak Toolbar
2014-06-05 12:25 - 2014-06-05 19:23 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-05 12:25 - 2014-06-05 12:25 - 00002212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-06-05 12:23 - 2014-06-05 12:23 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-06-04 23:55 - 2014-06-04 23:57 - 106968344 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (1).exe
2014-06-04 23:49 - 2014-06-03 15:04 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-04 22:46 - 2014-06-04 22:46 - 00943392 _____ () C:\Users\May May\Downloads\Firefox.exe
2014-06-01 19:27 - 2014-06-01 21:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-01 19:27 - 2014-06-01 19:27 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-01 19:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-01 19:26 - 2014-06-01 19:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 18:42 - 2014-06-01 18:43 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\May May\Downloads\spybot-2.3.exe
2014-06-01 18:42 - 2014-06-01 18:42 - 05071888 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728.exe
2014-05-31 13:05 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-30 23:05 - 2014-05-30 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 23:03 - 2014-05-30 23:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 22:21 - 2014-06-22 21:27 - 00000000 ____D () C:\Users\May May\Desktop\Old Firefox Data
2014-05-30 21:29 - 2014-05-30 21:30 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\May May\Downloads\SlimCleaner-setup.exe
2014-05-30 12:53 - 2014-05-30 12:54 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert(1).exe
2014-05-30 12:40 - 2014-05-30 12:41 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert.exe

==================== One Month Modified Files and Folders =======

2014-06-23 11:00 - 2014-06-23 10:14 - 00000000 ____D () C:\Users\May May\Desktop\Farbar
2014-06-23 11:00 - 2014-06-22 20:11 - 00000000 ____D () C:\FRST
2014-06-23 10:38 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 10:38 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 10:36 - 2012-08-10 15:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 10:34 - 2014-06-18 17:07 - 00333136 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 10:31 - 2014-06-05 19:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 10:30 - 2014-06-21 14:45 - 00000616 _____ () C:\Windows\setupact.log
2014-06-23 10:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 10:16 - 2014-06-05 19:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 10:11 - 2014-06-23 10:11 - 00013423 _____ () C:\Users\May May\Desktop\adwcleaner_3.213 - Shortcut.lnk
2014-06-23 09:34 - 2014-06-23 09:32 - 00053368 _____ () C:\Users\May May\Downloads\FRST.txt
2014-06-23 09:26 - 2014-06-23 08:20 - 00000000 ____D () C:\Users\May May\Desktop\FRST
2014-06-23 09:16 - 2014-06-23 09:13 - 00000000 ____D () C:\Users\May May\Documents\FRST
2014-06-23 08:21 - 2014-06-23 08:21 - 00000988 _____ () C:\Users\May May\Downloads\FRST - Shortcut.lnk
2014-06-23 08:21 - 2014-03-22 23:23 - 00246784 ___SH () C:\Users\May May\Downloads\Thumbs.db
2014-06-23 08:20 - 2012-11-17 11:01 - 00000000 ____D () C:\Users\May May\Downloads\Emailing DSC_1564
2014-06-22 21:38 - 2014-06-22 19:54 - 00000648 _____ () C:\Windows\PFRO.log
2014-06-22 21:31 - 2014-05-10 06:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 21:30 - 2014-06-22 21:30 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-22 21:30 - 2014-06-22 21:30 - 00001150 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-22 21:30 - 2014-06-22 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:29 - 2014-06-22 21:29 - 00284224 _____ (Mozilla) C:\Users\May May\Downloads\Firefox Setup Stub 30.0.exe
2014-06-22 21:27 - 2014-05-30 22:21 - 00000000 ____D () C:\Users\May May\Desktop\Old Firefox Data
2014-06-22 20:23 - 2014-06-22 20:23 - 00024475 _____ () C:\Users\May May\Downloads\Addition.txt
2014-06-22 20:16 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 19:57 - 2014-06-22 19:43 - 00000000 ____D () C:\AdwCleaner
2014-06-22 19:42 - 2014-06-22 19:42 - 01342659 _____ () C:\Users\May May\Downloads\adwcleaner_3.213.exe
2014-06-21 15:58 - 2012-08-01 10:40 - 00000000 ____D () C:\Users\May May\AppData\Local\CrashDumps
2014-06-21 14:45 - 2014-06-21 14:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-20 09:52 - 2013-08-13 21:49 - 00000157 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-06-18 10:06 - 2014-06-18 10:06 - 00688992 ____R (Swearware) C:\Users\May May\Downloads\dds(1).com
2014-06-18 10:04 - 2014-06-18 10:03 - 00688992 _____ (Swearware) C:\Users\May May\Downloads\dds.com
2014-06-18 09:19 - 2014-06-06 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 23:18 - 2012-06-08 09:23 - 00000000 ____D () C:\Users\May May\AppData\Roaming\SoftGrid Client
2014-06-13 14:12 - 2014-06-05 20:00 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 12:25 - 2014-06-13 12:25 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2014-06-13 12:25 - 2011-08-18 10:23 - 00000000 ____D () C:\ProgramData\install_clap
2014-06-13 12:19 - 2014-06-13 12:18 - 151103336 _____ () C:\Users\May May\Documents\PowerDVD_14.0.4028.58_Patch_DVD140418-09.exe
2014-06-13 12:17 - 2012-06-07 14:50 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader.exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (2).exe
2014-06-13 12:16 - 2014-06-13 12:16 - 01029080 _____ (CyberLink) C:\Users\May May\Downloads\CyberLink_PowerDVD_Downloader (1).exe
2014-06-13 10:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 10:31 - 2009-07-14 00:13 - 00785256 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-11 22:36 - 2013-03-16 16:59 - 00000000 ____D () C:\Users\Master
2014-06-11 22:22 - 2014-06-11 22:22 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 22:22 - 2014-06-11 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 22:22 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 22:21 - 2014-06-11 22:21 - 00000000 ____D () C:\Program Files\iPod
2014-06-11 22:12 - 2014-06-11 22:10 - 112616784 _____ (Apple Inc.) C:\Users\May May\Downloads\iTunes64Setup(1).exe
2014-06-11 21:27 - 2013-01-26 22:35 - 00000000 ____D () C:\Users\May May\AppData\Roaming\Apple Computer
2014-06-11 20:45 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 20:43 - 2012-06-22 11:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 20:41 - 2014-05-19 03:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 04:13 - 2014-06-11 03:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 03:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 17:12 - 2014-06-06 17:11 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\May May\Downloads\rkill.com
2014-06-06 16:59 - 2011-08-18 10:31 - 00000000 ____D () C:\Windows\en
2014-06-06 16:47 - 2014-06-06 16:47 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 16:47 - 2014-06-06 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 16:45 - 2014-06-06 16:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-06 15:04 - 2014-06-06 15:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-06 15:02 - 2014-06-06 15:00 - 139307672 _____ () C:\Users\May May\Downloads\setup_11.0.1.1245.x01_2014_06_06_21_24.exe
2014-06-06 14:59 - 2014-06-06 14:59 - 00045477 _____ () C:\ProgramData\1402084724.bdinstall.bin
2014-06-06 14:59 - 2013-08-05 17:22 - 00002127 _____ () C:\Windows\epplauncher.mif
2014-06-06 14:58 - 2014-06-06 14:58 - 10447328 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition_x64.exe
2014-06-06 14:57 - 2014-06-06 14:57 - 00162208 _____ () C:\Users\May May\Downloads\Antivirus_Free_Edition.exe
2014-06-06 14:12 - 2011-10-27 11:12 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-06-05 20:00 - 2014-06-05 20:00 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-05 20:00 - 2014-05-31 13:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-05 20:00 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-06-05 19:59 - 2014-06-05 19:58 - 04748896 _____ (Piriform Ltd) C:\Users\May May\Downloads\ccsetup414.exe
2014-06-05 19:23 - 2014-06-05 12:25 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-06-05 19:23 - 2014-03-22 23:29 - 00043076 _____ () C:\Windows\wininit.ini
2014-06-05 15:35 - 2013-12-15 11:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 15:32 - 2014-06-05 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 15:32 - 2014-06-05 15:31 - 00005499 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 15:32 - 2013-07-29 20:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 15:29 - 2014-06-05 15:29 - 00918952 _____ (Oracle Corporation) C:\Users\May May\Downloads\jxpiinstall(5).exe
2014-06-05 14:21 - 2012-06-06 03:06 - 00000000 ____D () C:\Users\May May\AppData\Local\Deployment
2014-06-05 14:21 - 2012-06-05 15:59 - 00000000 ____D () C:\Users\May May\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-06-05 14:17 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-05 13:56 - 2014-06-05 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-05 13:46 - 2014-06-05 13:46 - 00000000 ___SD () C:\ComboFix
2014-06-05 13:46 - 2014-06-05 13:05 - 00000000 ____D () C:\Qoobox
2014-06-05 13:05 - 2014-06-05 13:05 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 13:04 - 2014-06-05 13:03 - 05205146 ____R (Swearware) C:\Users\May May\Downloads\ComboFix.exe
2014-06-05 13:03 - 2014-06-05 13:02 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (2).exe
2014-06-05 12:45 - 2014-06-05 12:44 - 107051288 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (2).exe
2014-06-05 12:36 - 2014-06-05 12:36 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\May May\Downloads\tdsskiller.exe
2014-06-05 12:26 - 2014-06-05 12:26 - 00000000 ____D () C:\Program Files\Systweak Toolbar
2014-06-05 12:25 - 2014-06-05 12:25 - 00002212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-06-05 12:23 - 2014-06-05 12:23 - 05074936 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728 (1).exe
2014-06-05 11:23 - 2012-06-06 03:05 - 00066424 _____ () C:\Users\May May\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-05 07:45 - 2013-08-26 17:27 - 00000000 ____D () C:\Users\Guest.MayMay-PC
2014-06-05 07:45 - 2013-07-22 00:39 - 00000000 ____D () C:\Users\New May May
2014-06-05 07:45 - 2013-07-21 23:54 - 00000000 ____D () C:\Users\Guest
2014-06-04 23:57 - 2014-06-04 23:55 - 106968344 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert (1).exe
2014-06-04 22:46 - 2014-06-04 22:46 - 00943392 _____ () C:\Users\May May\Downloads\Firefox.exe
2014-06-03 22:13 - 2012-11-15 16:36 - 00000000 ____D () C:\Users\May May\Documents\My Kindle Content
2014-06-03 15:04 - 2014-06-04 23:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-01 21:26 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-01 19:29 - 2014-06-01 19:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-01 19:27 - 2014-06-01 19:27 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00001382 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-01 19:27 - 2014-06-01 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-01 18:43 - 2014-06-01 18:42 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\May May\Downloads\spybot-2.3.exe
2014-06-01 18:42 - 2014-06-01 18:42 - 05071888 _____ (Systweak Inc ) C:\Users\May May\Downloads\rcp_dcomnew_sec_728.exe
2014-05-31 13:13 - 2012-06-05 16:22 - 00000000 ____D () C:\Users\May May\AppData\Local\Google
2014-05-30 23:05 - 2014-05-30 23:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 23:03 - 2014-05-30 23:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\May May\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-30 21:30 - 2014-05-30 21:29 - 00801088 _____ (SlimWare Utilities, Inc.) C:\Users\May May\Downloads\SlimCleaner-setup.exe
2014-05-30 12:54 - 2014-05-30 12:53 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert(1).exe
2014-05-30 12:41 - 2014-05-30 12:40 - 105893656 _____ (Microsoft Corporation) C:\Users\May May\Downloads\msert.exe
2014-05-30 08:53 - 2014-05-21 07:16 - 00046518 ____H () C:\Users\May May\Documents\~WRL0005.tmp
2014-05-30 05:21 - 2014-06-11 03:53 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 05:02 - 2014-06-11 03:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 05:02 - 2014-06-11 03:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 04:45 - 2014-06-11 03:53 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 04:39 - 2014-06-11 03:53 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 04:39 - 2014-06-11 03:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 04:38 - 2014-06-11 03:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 04:28 - 2014-06-11 03:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 04:27 - 2014-06-11 03:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 04:24 - 2014-06-11 03:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 04:21 - 2014-06-11 03:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 04:21 - 2014-06-11 03:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 04:20 - 2014-06-11 03:53 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 04:18 - 2014-06-11 03:53 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 04:11 - 2014-06-11 03:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 04:08 - 2014-06-11 03:53 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 04:06 - 2014-06-11 03:53 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 04:02 - 2014-06-11 03:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 03:55 - 2014-06-11 03:53 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 03:49 - 2014-06-11 03:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 03:46 - 2014-06-11 03:53 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 03:44 - 2014-06-11 03:53 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 03:44 - 2014-06-11 03:53 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 03:43 - 2014-06-11 03:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 03:42 - 2014-06-11 03:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 03:38 - 2014-06-11 03:53 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 03:35 - 2014-06-11 03:53 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 03:34 - 2014-06-11 03:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 03:33 - 2014-06-11 03:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 03:30 - 2014-06-11 03:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 03:29 - 2014-06-11 03:53 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 03:28 - 2014-06-11 03:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 03:27 - 2014-06-11 03:53 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 03:24 - 2014-06-11 03:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 03:23 - 2014-06-11 03:53 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 03:16 - 2014-06-11 03:53 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 03:10 - 2014-06-11 03:53 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 03:06 - 2014-06-11 03:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 03:04 - 2014-06-11 03:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 03:02 - 2014-06-11 03:53 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 02:56 - 2014-06-11 03:53 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 02:56 - 2014-06-11 03:53 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 02:54 - 2014-06-11 03:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 02:50 - 2014-06-11 03:53 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 02:49 - 2014-06-11 03:53 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 02:43 - 2014-06-11 03:53 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 02:40 - 2014-06-11 03:53 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 02:30 - 2014-06-11 03:53 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 02:21 - 2014-06-11 03:53 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 02:15 - 2014-06-11 03:53 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 02:13 - 2014-06-11 03:53 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 02:13 - 2014-06-11 03:53 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:18 - 2012-06-05 16:09 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-29 21:18 - 2011-08-18 10:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-28 15:51 - 2014-05-21 07:16 - 00032245 ____H () C:\Users\May May\Documents\~WRL3544.tmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

I have to switch over to my administrator account to access the check up log and send it to you from that account.  I'll post that next . . .



#9 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 23 June 2014 - 11:27 AM

Check up log:

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 7 Update 60  
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 23 June 2014 - 01:31 PM

Try this again.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-03] (StdLib)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

#11 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 23 June 2014 - 02:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by May May at 2014-06-23 14:43:24 Run:1
Running from C:\Users\May May\Desktop\Farbar
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
BHO: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
BHO-x32: Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKLM - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-64.dll (Systweak Software)
Toolbar: HKLM-x32 - Systweak Toolbar for Internet Explorer - {F0D6F486-7230-3139-1997-CB2FBCF4E080} - C:\Program Files\Systweak Toolbar\systweak-32.dll (Systweak Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-06-03] (StdLib)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

End
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}'=> Key not found.
'HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D6F486-7230-3139-1997-CB2FBCF4E080}' => Error deleting key. The key could be protected.
'HKCR\CLSID\{F0D6F486-7230-3139-1997-CB2FBCF4E080}' => Error deleting key. The key could be protected.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D6F486-7230-3139-1997-CB2FBCF4E080}' => Error deleting key. The key could be protected.
'HKCR\Wow6432Node\CLSID\{F0D6F486-7230-3139-1997-CB2FBCF4E080}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{F0D6F486-7230-3139-1997-CB2FBCF4E080} => Value deleted successfully.
'HKCR\CLSID\{F0D6F486-7230-3139-1997-CB2FBCF4E080}' => Error deleting key. The key could be protected.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F0D6F486-7230-3139-1997-CB2FBCF4E080} => Value deleted successfully.
'HKCR\Wow6432Node\CLSID\{F0D6F486-7230-3139-1997-CB2FBCF4E080}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64 => Unable to stop service
{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64 => Error deleting Service
k57nd60a => Error deleting Service

==== End of Fixlog ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 24 June 2014 - 07:40 AM


If you still have issues with this computer please download and run this tool.
Let me know what problem persists.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#13 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 24 June 2014 - 06:17 PM

ComboFix 14-06-24.01 - Master 06/24/2014  17:52:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5996.4296 [GMT -5:00]
Running from: c:\users\May May\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\program files\Systweak Toolbar\sySTweak-32.dll
c:\programdata\1402084724.bdinstall.bin
c:\programdata\Roaming
c:\users\May May\Documents\~WRL0005.tmp
c:\users\May May\Documents\~WRL2167.tmp
c:\users\May May\Documents\~WRL3544.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-24 to 2014-06-24  )))))))))))))))))))))))))))))))
.
.
2014-06-24 22:59 . 2014-06-24 22:59    --------    d-----w-    c:\users\Master\AppData\Local\temp
2014-06-24 22:59 . 2014-06-24 22:59    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-06-24 22:59 . 2014-06-24 22:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-24 22:59 . 2014-06-24 22:59    --------    d-----w-    c:\users\New May May\AppData\Local\temp
2014-06-24 22:59 . 2014-06-24 22:59    --------    d-----w-    c:\users\Guest.MayMay-PC\AppData\Local\temp
2014-06-24 19:22 . 2014-05-01 21:09    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6613F981-2265-4DF7-9E6C-1574622CCEE9}\gapaengine.dll
2014-06-24 19:22 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88E9CA97-6A64-478F-95FF-5A737CDED556}\mpengine.dll
2014-06-23 14:47 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-23 01:11 . 2014-06-23 19:43    --------    d-----w-    C:\FRST
2014-06-23 00:48 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-06-23 00:43 . 2014-06-23 00:57    --------    d-----w-    C:\AdwCleaner
2014-06-13 17:25 . 2014-06-13 17:25    --------    d-----w-    c:\programdata\SUPPORTDIR
2014-06-13 16:42 . 2014-06-13 16:42    --------    d-----w-    c:\users\Master\AppData\Local\Cyberlink
2014-06-13 16:42 . 2014-06-13 16:42    --------    d-----w-    c:\users\Master\AppData\Roaming\CyberLink
2014-06-12 03:22 . 2012-08-21 18:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2014-06-12 03:21 . 2014-06-12 03:21    --------    d-----w-    c:\program files\iPod
2014-06-12 03:21 . 2014-06-12 03:22    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-12 03:21 . 2014-06-12 03:22    --------    d-----w-    c:\program files\iTunes
2014-06-12 03:21 . 2014-06-12 03:22    --------    d-----w-    c:\program files (x86)\iTunes
2014-06-11 08:54 . 2014-04-25 02:34    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-06-11 08:54 . 2014-04-25 02:06    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
2014-06-11 08:52 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-11 08:52 . 2014-06-08 09:08    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-06-06 21:47 . 2014-06-18 14:19    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-06 21:47 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-06 21:47 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-06 21:47 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-06 21:47 . 2014-06-06 21:47    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-06 20:04 . 2014-06-06 20:04    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-06-06 19:58 . 2014-06-06 19:58    --------    d-----w-    c:\users\Master\AppData\Roaming\QuickScan
2014-06-06 01:00 . 2014-06-06 01:00    --------    d-----w-    c:\program files\CCleaner
2014-06-05 20:32 . 2014-06-05 20:32    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-06-05 20:32 . 2014-05-07 20:02    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-05 19:50 . 2014-06-05 19:50    --------    d-----w-    c:\users\Guest.MayMay-PC\AppData\Local\Google
2014-06-05 17:26 . 2014-06-05 17:26    --------    d-----w-    c:\users\Master\AppData\Roaming\rightbackup
2014-06-05 17:26 . 2014-06-24 22:57    --------    d-----w-    c:\program files\Systweak Toolbar
2014-06-05 17:25 . 2014-06-06 00:23    --------    d-----w-    c:\program files (x86)\Amazon
2014-06-05 04:49 . 2014-06-03 20:04    61120    ----a-w-    c:\windows\system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-06-04 14:44 . 2014-06-04 14:44    --------    d-sh--w-    c:\users\Master\AppData\Local\EmieUserList
2014-06-04 14:44 . 2014-06-04 14:44    --------    d-sh--w-    c:\users\Master\AppData\Local\EmieSiteList
2014-06-02 00:27 . 2014-06-24 21:23    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-06-02 00:26 . 2014-06-24 21:24    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-31 18:05 . 2014-06-06 01:00    --------    d-----w-    c:\program files (x86)\Google
2014-05-31 18:05 . 2014-05-31 18:22    --------    d-----w-    c:\users\Master\AppData\Local\Google
2014-05-31 04:05 . 2014-05-31 04:05    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-31 04:04 . 2014-05-31 04:04    --------    d-----w-    c:\users\Master\AppData\Local\Programs
2014-05-31 02:48 . 2014-05-31 02:48    --------    d-----w-    c:\users\Guest.MayMay-PC\AppData\Roaming\OpenOffice.org
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 01:43 . 2012-06-22 16:15    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-14 15:37 . 2012-08-10 20:30    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 15:37 . 2011-08-18 15:35    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 21:09 . 2013-08-23 14:08    1031560    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-12 02:22 . 2014-05-14 12:58    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 12:57    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 12:57    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 12:57    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 12:57    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 12:58    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 12:57    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 12:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 12:57    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-17 56128]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
.
c:\users\Guest.MayMay-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-8-29 16032]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~1\AmazonExtIE.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;c:\windows\system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys;c:\windows\SYSNATIVE\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 19:10    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{981b174d-7733-4e7f-b89d-6545a7c21838}]
2014-02-22 15:53    199168    ----a-w-    c:\program files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 15:37]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 00:59]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-06 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-31 12673128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Amazon\AMAZON~1\AmazonExtIE64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\p32a0p7i.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F0D6F486-7230-3139-1997-CB2FBCF4E080} - c:\program files\Systweak Toolbar\systweak-32.dll
Toolbar-Locked - (no file)
Toolbar-{F0D6F486-7230-3139-1997-CB2FBCF4E080} - c:\program files\Systweak Toolbar\systweak-32.dll
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
c:\users\Guest.MayMay-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\May May\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-InstallerLauncher - c:\users\Master\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-24  18:07:34
ComboFix-quarantined-files.txt  2014-06-24 23:07
.
Pre-Run: 545,454,125,056 bytes free
Post-Run: 545,037,410,304 bytes free
.
- - End Of File - - D2BEB81FC71EBA270E15278AE48ABC32
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 PM

Posted 25 June 2014 - 07:19 AM

c:\users\Guest.MayMay-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-8-29 16032]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-8-29 16032]

Your call is you want these Best Buy application to start at boot time.
Delete the .lnk in the \Startup folder if not required.
===

These rest of the log is clean.

Download and run the Security Check tool suggested in post no. 5.

Any remaining issues?

#15 beyondfrustrated

beyondfrustrated
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 25 June 2014 - 05:40 PM

I'm embarrassed to say couldn't figure out how to delete the best buy application.

 

I ran the Security Check.  You didn't mention whether or not I should post those results, so I thought I'd post them:

 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 60  
  Adobe Flash Player 13.0.0.214 Flash Player out of Date!  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 

 


The right click button on my laptop's touch pad still isn't working.  Other than that, the rest of my issues seem to have cleared up.  I really appreciate your assistance.  Thank you so much, you're my hero!  :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users