Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS program Was told to post it here


  • This topic is locked This topic is locked
24 replies to this topic

#1 rp-57

rp-57

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 27 June 2014 - 10:44 AM

*Queen-Evie moderator edit-for reference and more information see these 2 topics in AII
http://www.bleepingcomputer.com/forums/t/538984/missing-shortcuts/
http://www.bleepingcomputer.com/forums/t/539126/possible-infection-dont-know-how-to-remove-it/*

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Regina at 15:36:18 on 2014-06-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1009 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.better-search.net/?src=10&st=12&i=998&did=10977&ppd=na&barid=92547096081114488
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRunOnce: [Uninstall C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F88DFC7A-F031-430C-9C5E-62B30F0E1F44} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F88DFC7A-F031-430C-9C5E-62B30F0E1F44}\14B20234F6D60757475627370223 : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2013-12-21 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2013-12-21 38016]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-12-21 204288]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2013-12-21 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-12-21 126392]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2013-12-21 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-12-21 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2014-2-26 41032]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-12-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-12-21 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-12-21 1109096]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-12-21 57216]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-12-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-12-22 1255736]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="C:\windows\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-26 19:11:16 -------- d-----w- C:\Users\Regina\AppData\Local\ElevatedDiagnostics
2014-06-26 18:28:57 -------- d-----w- C:\FRST
2014-06-26 18:06:43 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{708BC8D9-5960-4545-ADBC-7691B5644840}\mpengine.dll
2014-06-26 16:24:01 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-26 05:12:05 -------- d-----w- C:\OETemp
2014-06-26 04:33:55 -------- d-----w- C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-25 16:53:26 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-22 19:17:57 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-06-22 13:03:21 -------- d-----w- C:\Users\Regina\AppData\Roaming\ProductData
2014-06-22 13:02:36 -------- d-----w- C:\Users\Regina\AppData\Roaming\IObit
2014-06-22 13:02:34 -------- d-----w- C:\ProgramData\ProductData
2014-06-20 20:08:33 -------- d-----w- C:\Users\Regina\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 16:23:54 96083 ----a-w- C:\ProgramData\1403108401.bdinstall.bin
2014-06-18 16:20:01 37691 ----a-w- C:\ProgramData\1403108394.bdinstall.bin
2014-06-18 16:14:03 58810 ----a-w- C:\ProgramData\1403107922.bdinstall.bin
2014-06-18 16:12:02 37822 ----a-w- C:\ProgramData\1403107917.bdinstall.bin
2014-06-17 06:14:34 214707 ----a-w- C:\ProgramData\1402985429.bdinstall.bin
2014-06-16 01:48:21 -------- d-----w- C:\be6000969945af2c4f620b29f8a3e7
2014-06-16 01:44:43 -------- d-----w- C:\337a5051a47b7f5c479b912d
2014-06-15 22:11:05 122584 ----a-w- C:\windows\System32\drivers\48230029.sys
2014-06-14 23:26:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 23:26:04 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-06-13 14:28:45 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B63AC845-346D-4D47-A5F3-BE44EDFAC787}\gapaengine.dll
2014-06-12 23:34:05 -------- d-----w- C:\Users\Regina\New folder
2014-06-12 22:48:01 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-12 22:46:33 92888 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-12 22:46:33 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-12 22:46:33 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-06-12 22:46:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-12 22:46:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-11 19:46:59 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-11 19:42:11 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-11 19:42:10 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-11 17:26:33 -------- d-----w- C:\windows\ERUNT
2014-06-10 07:48:16 -------- d-----w- C:\Users\Regina\6-10-2014
2014-06-08 16:04:47 -------- d-----w- C:\MATS
2014-06-07 23:38:08 6081224 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bb3707d1cf7b5104\onedrivesetup.exe
2014-06-06 10:47:08 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2014-06-05 10:29:48 -------- d-----w- C:\ProgramData\InstallMate
2014-06-02 23:01:44 -------- d-----w- C:\Users\Regina\AppData\Roaming\Opera Mail
2014-06-02 23:01:29 -------- d-----w- C:\Users\Regina\AppData\Local\Opera Mail
2014-06-02 04:11:19 -------- d-----w- C:\Users\Regina\AppData\Roaming\PhraseExpress
2014-05-29 19:51:10 -------- d-----w- C:\Users\Regina\AppData\Local\Thunderbird
2014-05-29 19:50:37 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-29 15:18:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\457db0161cf7b5103\DSETUP.dll
2014-05-29 15:18:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\457db0161cf7b5103\DXSETUP.exe
2014-05-29 15:18:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\457db0161cf7b5103\dsetup32.dll
2014-05-29 15:18:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40b763911cf7b5102\DSETUP.dll
2014-05-29 15:18:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40b763911cf7b5102\DXSETUP.exe
2014-05-29 15:18:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\40b763911cf7b5102\dsetup32.dll
2014-05-29 15:18:31 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3e17818a1cf7b5101\DXSETUP.exe
2014-05-29 15:18:31 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3e17818a1cf7b5101\dsetup32.dll
2014-05-29 15:18:30 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3e17818a1cf7b5101\DSETUP.dll
2014-05-28 15:25:42 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
.
==================== Find3M  ====================
.
2014-06-24 15:59:22 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-24 15:59:22 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-30 10:02:37 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-05-30 09:11:24 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-05-22 00:41:24 1356664 ----a-w- C:\windows\System32\Websteroids.B324755F3F87.2.6.80.dll
2014-05-12 20:06:08 94200 ----a-w- C:\ProgramData\1399924897.bdinstall.bin
2014-05-12 20:01:37 36734 ----a-w- C:\ProgramData\1399924894.bdinstall.bin
2014-05-12 05:21:08 32576 ----a-w- C:\ProgramData\1399872065.bdinstall.bin
2014-05-12 05:20:59 32576 ----a-w- C:\ProgramData\1399872056.bdinstall.bin
2014-05-12 05:20:40 32576 ----a-w- C:\ProgramData\1399872037.bdinstall.bin
2014-05-12 05:20:34 32576 ----a-w- C:\ProgramData\1399872026.bdinstall.bin
2014-05-12 05:00:13 174607 ----a-w- C:\ProgramData\1399870754.bdinstall.bin
2014-05-12 04:59:14 37602 ----a-w- C:\ProgramData\1399870752.bdinstall.bin
2014-05-12 04:53:39 39798 ----a-w- C:\ProgramData\1399870400.bdinstall.bin
2014-05-12 02:09:34 32143 ----a-w- C:\ProgramData\1399860484.bdinstall.bin
2014-05-12 02:05:11 39487 ----a-w- C:\ProgramData\1399860060.11112.bin
2014-05-12 02:05:11 1244 ----a-w- C:\ProgramData\1399860060.5476.bin
2014-05-12 02:01:35 7659 ----a-w- C:\ProgramData\1399860060.11880.bin
2014-05-12 02:01:35 2406 ----a-w- C:\ProgramData\1399860060.6740.bin
2014-05-12 02:00:59 37603 ----a-w- C:\ProgramData\1399860056.bdinstall.bin
2014-05-11 18:35:08 214085 ----a-w- C:\ProgramData\1399832568.bdinstall.bin
2014-05-08 09:32:11 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-04-22 16:42:13 78759583 ----a-w- C:\Users\Regina\MDSetup.exe
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-03-31 14:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 15:37:47.38 ===============

Edited by Queen-Evie, 27 June 2014 - 11:23 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 02 July 2014 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problems you are having with this computer.

Wait for further instructions.

Edited by nasdaq, 02 July 2014 - 08:58 AM.


#3 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 03 July 2014 - 05:43 AM

Hello,

Sorry took me so long to respond back have been ill.

I have already ran a adwcleaner and nothing was clean.

I ran farbar in june and I can post this now or do another farbar scan if that is what you want or you can look over this report.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by Regina at 2014-06-26 13:32:12
Running from C:\Users\Regina\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD Media Foundation Decoders (Version: 1.0.60607.2201 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0607.2212.38019 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0607.2212.38019 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help English (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help French (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help German (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0607.2211.38019 - ATI) Hidden
ccc-utility64 (Version: 2011.0607.2212.38019 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
19-06-2014 02:40:11 Windows Update
21-06-2014 08:00:59 Windows Live Essentials
21-06-2014 08:03:23 Installed DirectX
21-06-2014 08:04:28 Installed DirectX
21-06-2014 08:05:19 Installed DirectX
21-06-2014 08:40:53 Windows Live Essentials
21-06-2014 08:41:29 Installed DirectX
21-06-2014 08:42:40 Installed DirectX
21-06-2014 08:43:18 Installed DirectX
22-06-2014 10:49:06 Windows Update
23-06-2014 01:19:52 Installed IncrediMail.
24-06-2014 03:22:45 Installed IncrediMail.
24-06-2014 16:12:24 Installed MSXML 4.0 SP3 Parser
24-06-2014 16:13:10 Installed MSXML 4.0 SP3 Parser
24-06-2014 16:20:21 Installed MSXML 4.0 SP3 Parser
24-06-2014 16:24:33 Installed MSXML 4.0 SP3 Parser
24-06-2014 16:27:17 Removed MSXML 4.0 SP2 (KB954430)
24-06-2014 18:10:02 Installed Should I Remove It
25-06-2014 00:46:53 Checkpoint by HitmanPro
25-06-2014 16:52:25 Windows Update
25-06-2014 21:26:23 Installed Microsoft Fix it 50535
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0B0A429F-C64A-4D2E-B19E-EEB0AEED0445} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {1664B208-34C4-4D97-9F16-6CFCD9EA98C7} - System32\Tasks\{5405AC5F-FD1A-4D8F-A5AD-DEF5801E784A} => C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe [2014-06-12] ()
Task: {3A531179-27CE-4D79-B5EF-DA5031EE8818} - System32\Tasks\{AFD6359E-1B5C-4018-90F1-55AA59FF11E8} => C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe [2014-06-12] ()
Task: {3EC69244-C554-4134-BA01-1A3E709F6F68} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1299813285-2685909501-423776819-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {491AF82A-6710-4934-9945-E4C7D0ED029E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {4D34CACE-9D1C-4C33-A4E6-14B1E1379B95} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1299813285-2685909501-423776819-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5E8589A7-8BA9-4209-9D7D-EB6F54E8D1B7} - System32\Tasks\{9E5814C7-82CC-4909-9D04-396AD9F886F9} => C:\Program Files (x86)\Google\Picasa3\Uninstall.exe [2014-06-15] ()
Task: {6F46024F-9B09-4C3F-8636-18428D20BC60} - System32\Tasks\diskcleanup => c:\windows\system32\cleanmgr.exe [2009-07-13] (Microsoft Corporation)
Task: {97C939D7-B50B-4988-B443-F2E4B949412A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-27] (Google Inc.)
Task: {BFC1662C-C67B-4BEE-B30D-2AF83C6B8539} - System32\Tasks\{E6935E2D-9988-4403-9754-9E590553A7B2} => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSSDAlert.exe
Task: {C7B36513-2BC6-4353-B302-6322E8121D0E} - System32\Tasks\{3D4CA334-B0A4-42CF-95EA-02781AF06458} => C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
Task: {D88D6535-5AA1-4F3B-8E3A-20691134475A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-24] (Adobe Systems Incorporated)
Task: {DEF2FC28-A0BF-4807-BEEA-49F98C8C91FD} - System32\Tasks\{1412ABE5-E772-4F99-82F9-243935E7F7E5} => C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
Task: {F810F0F7-7D12-415D-A17C-1D23103C30EC} - System32\Tasks\{FE12D23B-3324-44D4-96A1-8CD79020BF18} => C:\Program Files (x86)\Toshiba\PCDiag\PCDiag.exe [2010-12-21] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-06-08 01:11 - 2011-06-08 01:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 13:17 - 2011-03-22 13:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-22 22:38 - 2014-06-05 08:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-22 22:38 - 2014-06-05 08:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-22 22:38 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-22 22:38 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-22 22:38 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/26/2014 01:00:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2652) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00053.log.
 
 
System errors:
=============
Error: (06/26/2014 01:11:26 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.872.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/26/2014 01:00:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/26/2014 01:00:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (06/26/2014 00:57:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (06/26/2014 00:20:34 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.177.807.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/26/2014 00:20:34 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (06/26/2014 00:07:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2014 00:07:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SASDIFSV
SASKUTIL
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
 
Error: (06/26/2014 00:07:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2014 00:07:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (06/26/2014 01:00:05 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (06/26/2014 01:00:04 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/26/2014 01:00:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows2652Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00053.log-1811
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-24 09:53:57.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-24 09:53:57.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-24 09:53:57.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-24 09:53:56.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 18:47:15.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 18:47:14.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 18:47:14.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 18:47:14.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 17:05:17.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-23 17:05:17.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2662.87 MB
Available physical RAM: 1309.54 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 3535.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106302W0C) (Fixed) (Total:96.62 GB) (Free:64.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 8CD37EF6)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=17)
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 03 July 2014 - 08:41 AM

I need to see the content of the FRST.txt log.

Post post it in your next reply.

#5 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 03 July 2014 - 04:31 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Regina (administrator) on REGINA-PC on 26-06-2014 13:29:14
Running from C:\Users\Regina\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\RunOnce: [Uninstall C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64"
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyUsers\S-1-5-21-1299813285-2685909501-423776819-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.better-search.net/?src=10&st=12&i=998&did=10977&ppd=na&barid=92547096081114488
SearchScopes: HKCU - {002B3610-D259-4C97-A586-15E6227A192E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {7E4983F2-D1B3-4D07-B01D-8681A8207ED6} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {F6E831A9-1809-48CC-AFD5-C00FAF05D252} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.com/intl/en/chrome/webstore/themes.html", "https://www.google.com/intl/en/chrome/browser/welcome.html", "https://www.google.com/settings/chrome/sync", "https://support.google.com/chrome/troubleshooter/3338247?hl=en&ref_topic=3421642", "https://support.google.com/chrome/answer/95414", "https://support.google.com/chrome/?p=help&ctx=settings#topic=3421642", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-31&ent=hp&u=2E5A1DE572D714967F64735339F8D5B3"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (WOT) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-27]
CHR Extension: (TrafficLight) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-06-18]
CHR Extension: (AdBlock) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-27]
CHR Extension: (History Eraser) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2014-06-16]
CHR Extension: (Cookies) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-26 13:29 - 2014-06-26 13:30 - 00013720 _____ () C:\Users\Regina\Downloads\FRST.txt
2014-06-26 13:28 - 2014-06-26 13:29 - 00000000 ____D () C:\FRST
2014-06-26 13:28 - 2014-06-26 13:28 - 02082816 _____ (Farbar) C:\Users\Regina\Downloads\FRST64.exe
2014-06-26 12:57 - 2014-06-26 12:57 - 00000056 _____ () C:\windows\setupact.log
2014-06-26 12:57 - 2014-06-26 12:57 - 00000000 _____ () C:\windows\setuperr.log
2014-06-26 12:07 - 2014-06-26 12:07 - 00001122 _____ () C:\windows\PFRO.log
2014-06-26 11:24 - 2014-06-26 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-26 00:12 - 2014-06-26 00:12 - 00000000 ____D () C:\OETemp
2014-06-25 23:33 - 2014-06-25 23:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-25 14:45 - 2011-05-09 16:13 - 00001409 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-25 14:45 - 2009-07-13 23:49 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Thunderbird
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Mozilla
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Local\Thunderbird
2014-06-24 13:06 - 2014-06-24 13:06 - 26454512 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 31.0b1.exe
2014-06-24 11:19 - 2014-06-24 11:19 - 02434048 _____ () C:\Users\Regina\Downloads\msxml (1).msi
2014-06-24 11:11 - 2014-06-24 11:11 - 02434048 _____ () C:\Users\Regina\Downloads\msxml.msi
2014-06-23 17:25 - 2014-06-23 17:25 - 00000690 _____ () C:\Users\Regina\Documents\cc_20140623_172519.reg
2014-06-23 02:27 - 2014-06-23 02:27 - 00002972 _____ () C:\windows\System32\Tasks\{9E5814C7-82CC-4909-9D04-396AD9F886F9}
2014-06-23 02:25 - 2014-06-23 02:25 - 00003008 _____ () C:\windows\System32\Tasks\{3D4CA334-B0A4-42CF-95EA-02781AF06458}
2014-06-23 02:21 - 2014-06-23 02:21 - 00003008 _____ () C:\windows\System32\Tasks\{1412ABE5-E772-4F99-82F9-243935E7F7E5}
2014-06-22 21:23 - 2014-06-22 21:23 - 00001206 _____ () C:\Users\Regina\Documents\cc_20140622_212352.reg
2014-06-22 21:21 - 2014-06-22 21:21 - 00000000 ____D () C:\Users\Regina\Downloads\New folder
2014-06-22 14:18 - 2014-06-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-22 14:17 - 2014-06-22 14:18 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-22 14:16 - 2014-06-22 14:16 - 04095448 _____ (BrightFort LLC ) C:\Users\Regina\Downloads\spywareblastersetup50.exe
2014-06-22 08:03 - 2014-06-22 08:03 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\ProductData
2014-06-22 08:02 - 2014-06-22 08:03 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-22 08:02 - 2014-06-22 08:02 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\IObit
2014-06-22 06:10 - 2014-06-22 06:10 - 00000830 _____ () C:\Users\Regina\Documents\cc_20140622_061043.reg
2014-06-21 22:00 - 2014-06-21 22:00 - 00004154 _____ () C:\Users\Regina\Documents\cc_20140621_220040.reg
2014-06-21 19:44 - 2014-06-21 19:44 - 00003094 _____ () C:\windows\System32\Tasks\{981C41F5-B10C-4CD3-82C8-825D80C79529}
2014-06-21 12:36 - 2014-06-24 11:16 - 00001997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-21 12:36 - 2014-06-24 11:16 - 00001985 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-21 12:35 - 2014-06-25 06:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-21 12:33 - 2014-06-21 12:34 - 22156720 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.4.0.exe
2014-06-20 15:08 - 2014-06-20 15:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 16:30 - 2014-06-18 16:31 - 00000346 _____ () C:\windows\system32\Perms.txt
2014-06-18 11:24 - 2014-06-18 11:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Regina\Downloads\mseinstall.exe
2014-06-18 11:23 - 2014-06-18 11:23 - 00096083 _____ () C:\ProgramData\1403108401.bdinstall.bin
2014-06-18 11:20 - 2014-06-18 11:20 - 00037691 _____ () C:\ProgramData\1403108394.bdinstall.bin
2014-06-18 11:14 - 2014-06-18 11:14 - 00058810 _____ () C:\ProgramData\1403107922.bdinstall.bin
2014-06-18 11:12 - 2014-06-18 11:12 - 00037822 _____ () C:\ProgramData\1403107917.bdinstall.bin
2014-06-17 14:15 - 2014-06-17 14:20 - 00000000 ____D () C:\Users\Regina\Downloads\myuninst
2014-06-17 14:14 - 2014-06-17 14:14 - 00046124 _____ () C:\Users\Regina\Downloads\myuninst.zip
2014-06-17 01:14 - 2014-06-17 01:14 - 00214707 _____ () C:\ProgramData\1402985429.bdinstall.bin
2014-06-15 22:31 - 2014-06-15 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-15 22:28 - 2014-06-15 22:28 - 17312072 _____ (Google Inc.) C:\Users\Regina\Downloads\picasa39-setup.exe
2014-06-15 20:48 - 2014-06-15 20:53 - 00000000 ____D () C:\be6000969945af2c4f620b29f8a3e7
2014-06-15 20:44 - 2014-06-15 20:57 - 00000000 ____D () C:\337a5051a47b7f5c479b912d
2014-06-15 17:11 - 2014-06-15 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-14 18:26 - 2014-06-21 12:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 18:25 - 2014-06-14 18:25 - 19673760 _____ (SUPERAntiSpyware) C:\Users\Regina\Downloads\SUPERAntiSpyware.exe
2014-06-14 18:06 - 2014-06-14 18:06 - 00003288 _____ () C:\windows\System32\Tasks\{6FF02622-5257-4BCC-B6DE-2BA9AF279835}
2014-06-12 18:34 - 2014-06-12 18:34 - 00000000 ____D () C:\Users\Regina\New folder
2014-06-12 17:48 - 2014-06-26 11:23 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 17:46 - 2014-06-26 11:22 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-12 17:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-12 17:34 - 2014-06-12 17:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0 (1).exe
2014-06-11 14:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 14:47 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 14:47 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 14:47 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 14:47 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 14:47 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 14:47 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 14:47 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 14:47 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 14:47 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 14:47 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 14:47 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 14:47 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 14:47 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 14:47 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 14:47 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 14:47 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 14:47 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 14:47 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 14:47 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 14:47 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 14:47 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 14:47 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 14:47 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 14:47 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 14:47 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 14:47 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 14:47 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 14:47 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 14:47 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 14:47 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 14:47 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 14:47 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 14:47 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 14:47 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 14:47 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 14:47 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 14:47 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 14:47 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 14:47 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 14:47 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 14:47 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 14:47 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 14:47 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 14:47 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 14:47 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 14:47 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 14:46 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 14:46 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 14:46 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 14:46 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 14:46 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 14:46 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 14:46 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 14:46 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 14:46 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 14:46 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 14:46 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 14:46 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 14:46 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 14:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 14:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 14:46 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 14:46 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 14:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 14:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 14:42 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 14:42 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-11 12:26 - 2014-06-11 12:26 - 00000000 ____D () C:\windows\ERUNT
2014-06-10 16:39 - 2014-06-25 06:15 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieUserList
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieSiteList
2014-06-10 14:42 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Toshiba
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\ATI
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Local\ATI
2014-06-10 14:39 - 2014-06-10 14:39 - 00058016 _____ () C:\Users\My pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 14:39 - 2014-06-10 14:39 - 00000000 ____D () C:\Users\My pc\AppData\Local\TOSHIBA
2014-06-10 14:38 - 2014-06-22 22:17 - 00000000 ____D () C:\Users\My pc\AppData\Local\Google
2014-06-10 14:38 - 2014-06-10 14:43 - 00002226 _____ () C:\Users\My pc\Desktop\Google Chrome.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00001424 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Adobe
2014-06-10 14:37 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc\AppData\Local\VirtualStore
2014-06-10 14:36 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc
2014-06-10 14:36 - 2014-06-10 14:36 - 00000904 __RSH () C:\Users\My pc\ntuser.pol
2014-06-10 14:36 - 2014-06-10 14:36 - 00000020 ___SH () C:\Users\My pc\ntuser.ini
2014-06-10 14:36 - 2014-06-07 18:38 - 00002071 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-10 14:36 - 2014-03-12 07:11 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\TuneUp Software
2014-06-10 14:36 - 2013-12-28 10:56 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Macromedia
2014-06-10 14:36 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-10 14:36 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-10 09:03 - 2014-06-10 09:03 - 00000632 __RSH () C:\Users\Regina\ntuser.pol
2014-06-10 03:22 - 2014-06-10 03:22 - 00002992 _____ () C:\windows\System32\Tasks\{AFD6359E-1B5C-4018-90F1-55AA59FF11E8}
2014-06-10 03:21 - 2014-06-10 03:21 - 00002992 _____ () C:\windows\System32\Tasks\{5405AC5F-FD1A-4D8F-A5AD-DEF5801E784A}
2014-06-10 02:48 - 2014-06-10 02:48 - 00000000 ____D () C:\Users\Regina\6-10-2014
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\windows\ERDNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-09 22:24 - 2014-06-09 22:24 - 00791393 _____ (Lars Hederer ) C:\Users\Regina\Downloads\erunt-setup.exe
2014-06-09 16:52 - 2014-06-09 16:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-09 10:53 - 2014-06-09 10:53 - 00002966 _____ () C:\windows\System32\Tasks\{FE12D23B-3324-44D4-96A1-8CD79020BF18}
2014-06-09 10:09 - 2014-06-09 10:09 - 00003166 _____ () C:\windows\System32\Tasks\{1443180B-AA07-415C-9C93-67E547F4948D}
2014-06-08 11:04 - 2014-06-10 18:01 - 00000000 ____D () C:\MATS
2014-06-08 09:02 - 2014-06-08 09:02 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Toshiba
2014-06-08 09:00 - 2014-06-08 09:00 - 00058016 _____ () C:\Users\reginamay\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\ATI
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\TOSHIBA
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\ATI
2014-06-08 08:59 - 2014-06-08 09:00 - 00002226 _____ () C:\Users\reginamay\Desktop\Google Chrome.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00001424 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Adobe
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Local\Google
2014-06-08 08:57 - 2014-06-08 08:58 - 00000000 ____D () C:\Users\reginamay
2014-06-08 08:57 - 2014-06-08 08:57 - 00000020 ___SH () C:\Users\reginamay\ntuser.ini
2014-06-08 08:57 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay\AppData\Local\VirtualStore
2014-06-08 08:57 - 2014-06-07 18:38 - 00002071 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-08 08:57 - 2014-03-12 07:11 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\TuneUp Software
2014-06-08 08:57 - 2013-12-28 10:56 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Macromedia
2014-06-08 08:57 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-08 08:57 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-06-05 05:29 - 2014-06-24 19:50 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-04 08:39 - 2014-06-04 08:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0.exe
2014-06-03 23:54 - 2014-06-03 23:59 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Google
2014-06-03 23:53 - 2014-06-04 11:10 - 00000000 ____D () C:\ProgramData\Google
2014-06-03 16:14 - 2014-06-03 16:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Regina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 18:01 - 2014-06-03 11:22 - 00000000 ____D () C:\Users\Regina\AppData\Local\Opera Mail
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Opera Mail
2014-06-01 23:11 - 2014-06-01 23:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\PhraseExpress
2014-06-01 17:48 - 2014-06-03 23:54 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-01 17:47 - 2014-06-05 11:31 - 00000000 ____D () C:\Program Files\Google
2014-05-29 14:51 - 2014-06-21 12:54 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-05-29 14:50 - 2014-06-24 15:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 12:34 - 2014-05-28 12:34 - 00003166 _____ () C:\windows\System32\Tasks\{DFEEA0CA-4E98-4D94-8D18-90027F6A4FB6}
2014-05-28 10:25 - 2014-05-28 10:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-27 10:50 - 2014-05-27 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 10:44 - 2014-06-26 13:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 10:44 - 2014-06-26 11:51 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 10:44 - 2014-05-27 10:44 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 10:44 - 2014-05-27 10:44 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 10:23 - 2014-06-04 09:56 - 00000486 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-05-27 09:10 - 2014-06-15 22:30 - 00000000 ____D () C:\Program Files (x86)\Google
 
==================== One Month Modified Files and Folders =======
 
2014-06-26 13:30 - 2014-06-26 13:29 - 00013720 _____ () C:\Users\Regina\Downloads\FRST.txt
2014-06-26 13:29 - 2014-06-26 13:28 - 00000000 ____D () C:\FRST
2014-06-26 13:29 - 2013-12-26 22:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 13:28 - 2014-06-26 13:28 - 02082816 _____ (Farbar) C:\Users\Regina\Downloads\FRST64.exe
2014-06-26 13:11 - 2014-02-26 13:19 - 01197180 _____ () C:\windows\WindowsUpdate.log
2014-06-26 13:05 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 13:05 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 13:01 - 2014-05-27 10:44 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 12:57 - 2014-06-26 12:57 - 00000056 _____ () C:\windows\setupact.log
2014-06-26 12:57 - 2014-06-26 12:57 - 00000000 _____ () C:\windows\setuperr.log
2014-06-26 12:57 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-26 12:07 - 2014-06-26 12:07 - 00001122 _____ () C:\windows\PFRO.log
2014-06-26 11:51 - 2014-05-27 10:44 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 11:45 - 2014-06-26 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-26 11:23 - 2014-06-12 17:48 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 11:22 - 2014-06-12 17:46 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-26 00:12 - 2014-06-26 00:12 - 00000000 ____D () C:\OETemp
2014-06-25 23:45 - 2014-06-25 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-25 22:22 - 2009-07-13 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 14:45 - 2013-12-21 14:55 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 14:45 - 2009-07-14 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-25 08:40 - 2014-04-25 12:43 - 00000000 ____D () C:\Users\Regina\Documents\New folder (4)
2014-06-25 06:22 - 2014-06-21 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-25 06:15 - 2014-06-10 16:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-24 19:50 - 2014-06-05 05:29 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-24 16:42 - 2013-12-21 14:54 - 00000000 ____D () C:\Users\Regina
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Thunderbird
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Mozilla
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Local\Thunderbird
2014-06-24 15:40 - 2014-05-29 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 13:06 - 2014-06-24 13:06 - 26454512 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 31.0b1.exe
2014-06-24 11:19 - 2014-06-24 11:19 - 02434048 _____ () C:\Users\Regina\Downloads\msxml (1).msi
2014-06-24 11:16 - 2014-06-21 12:36 - 00001997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-24 11:16 - 2014-06-21 12:36 - 00001985 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-24 11:11 - 2014-06-24 11:11 - 02434048 _____ () C:\Users\Regina\Downloads\msxml.msi
2014-06-24 10:59 - 2013-12-26 22:45 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-24 10:59 - 2013-12-26 22:45 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 10:59 - 2011-10-30 22:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-23 17:25 - 2014-06-23 17:25 - 00000690 _____ () C:\Users\Regina\Documents\cc_20140623_172519.reg
2014-06-23 17:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-06-23 02:27 - 2014-06-23 02:27 - 00002972 _____ () C:\windows\System32\Tasks\{9E5814C7-82CC-4909-9D04-396AD9F886F9}
2014-06-23 02:25 - 2014-06-23 02:25 - 00003008 _____ () C:\windows\System32\Tasks\{3D4CA334-B0A4-42CF-95EA-02781AF06458}
2014-06-23 02:21 - 2014-06-23 02:21 - 00003008 _____ () C:\windows\System32\Tasks\{1412ABE5-E772-4F99-82F9-243935E7F7E5}
2014-06-22 22:17 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Local\Google
2014-06-22 21:23 - 2014-06-22 21:23 - 00001206 _____ () C:\Users\Regina\Documents\cc_20140622_212352.reg
2014-06-22 21:21 - 2014-06-22 21:21 - 00000000 ____D () C:\Users\Regina\Downloads\New folder
2014-06-22 14:18 - 2014-06-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-22 14:18 - 2014-06-22 14:17 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-22 14:16 - 2014-06-22 14:16 - 04095448 _____ (BrightFort LLC ) C:\Users\Regina\Downloads\spywareblastersetup50.exe
2014-06-22 08:03 - 2014-06-22 08:03 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\ProductData
2014-06-22 08:03 - 2014-06-22 08:02 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-22 08:02 - 2014-06-22 08:02 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\IObit
2014-06-22 06:10 - 2014-06-22 06:10 - 00000830 _____ () C:\Users\Regina\Documents\cc_20140622_061043.reg
2014-06-21 22:00 - 2014-06-21 22:00 - 00004154 _____ () C:\Users\Regina\Documents\cc_20140621_220040.reg
2014-06-21 21:36 - 2013-12-21 14:59 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore
2014-06-21 19:44 - 2014-06-21 19:44 - 00003094 _____ () C:\windows\System32\Tasks\{981C41F5-B10C-4CD3-82C8-825D80C79529}
2014-06-21 12:54 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-06-21 12:42 - 2014-06-14 18:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-21 12:34 - 2014-06-21 12:33 - 22156720 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.4.0.exe
2014-06-20 15:08 - 2014-06-20 15:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 16:31 - 2014-06-18 16:30 - 00000346 _____ () C:\windows\system32\Perms.txt
2014-06-18 11:32 - 2014-02-23 19:35 - 00002150 _____ () C:\windows\epplauncher.mif
2014-06-18 11:25 - 2014-06-18 11:24 - 13829304 _____ (Microsoft Corporation) C:\Users\Regina\Downloads\mseinstall.exe
2014-06-18 11:23 - 2014-06-18 11:23 - 00096083 _____ () C:\ProgramData\1403108401.bdinstall.bin
2014-06-18 11:20 - 2014-06-18 11:20 - 00037691 _____ () C:\ProgramData\1403108394.bdinstall.bin
2014-06-18 11:14 - 2014-06-18 11:14 - 00058810 _____ () C:\ProgramData\1403107922.bdinstall.bin
2014-06-18 11:12 - 2014-06-18 11:12 - 00037822 _____ () C:\ProgramData\1403107917.bdinstall.bin
2014-06-17 14:20 - 2014-06-17 14:15 - 00000000 ____D () C:\Users\Regina\Downloads\myuninst
2014-06-17 14:14 - 2014-06-17 14:14 - 00046124 _____ () C:\Users\Regina\Downloads\myuninst.zip
2014-06-17 10:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-06-17 01:14 - 2014-06-17 01:14 - 00214707 _____ () C:\ProgramData\1402985429.bdinstall.bin
2014-06-17 01:11 - 2014-05-11 13:22 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\QuickScan
2014-06-17 00:34 - 2014-05-18 20:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-15 22:31 - 2014-06-15 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-15 22:30 - 2014-05-27 09:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-15 22:28 - 2014-06-15 22:28 - 17312072 _____ (Google Inc.) C:\Users\Regina\Downloads\picasa39-setup.exe
2014-06-15 20:57 - 2014-06-15 20:44 - 00000000 ____D () C:\337a5051a47b7f5c479b912d
2014-06-15 20:53 - 2014-06-15 20:48 - 00000000 ____D () C:\be6000969945af2c4f620b29f8a3e7
2014-06-15 17:11 - 2014-06-15 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-15 11:05 - 2014-01-14 04:19 - 00000469 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\My Yahoo.website
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 18:25 - 2014-06-14 18:25 - 19673760 _____ (SUPERAntiSpyware) C:\Users\Regina\Downloads\SUPERAntiSpyware.exe
2014-06-14 18:06 - 2014-06-14 18:06 - 00003288 _____ () C:\windows\System32\Tasks\{6FF02622-5257-4BCC-B6DE-2BA9AF279835}
2014-06-12 18:34 - 2014-06-12 18:34 - 00000000 ____D () C:\Users\Regina\New folder
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 17:34 - 2014-06-12 17:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0 (1).exe
2014-06-11 14:58 - 2013-12-21 16:50 - 00000000 ____D () C:\windows\system32\MRT
2014-06-11 14:55 - 2013-12-21 16:50 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 14:48 - 2014-04-24 08:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 12:26 - 2014-06-11 12:26 - 00000000 ____D () C:\windows\ERUNT
2014-06-10 18:01 - 2014-06-08 11:04 - 00000000 ____D () C:\MATS
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieUserList
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieSiteList
2014-06-10 14:43 - 2014-06-10 14:38 - 00002226 _____ () C:\Users\My pc\Desktop\Google Chrome.lnk
2014-06-10 14:42 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Toshiba
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\ATI
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Local\ATI
2014-06-10 14:39 - 2014-06-10 14:39 - 00058016 _____ () C:\Users\My pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 14:39 - 2014-06-10 14:39 - 00000000 ____D () C:\Users\My pc\AppData\Local\TOSHIBA
2014-06-10 14:38 - 2014-06-10 14:38 - 00001424 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Adobe
2014-06-10 14:37 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc\AppData\Local\VirtualStore
2014-06-10 14:37 - 2014-06-10 14:36 - 00000000 ____D () C:\Users\My pc
2014-06-10 14:36 - 2014-06-10 14:36 - 00000904 __RSH () C:\Users\My pc\ntuser.pol
2014-06-10 14:36 - 2014-06-10 14:36 - 00000020 ___SH () C:\Users\My pc\ntuser.ini
2014-06-10 09:03 - 2014-06-10 09:03 - 00000632 __RSH () C:\Users\Regina\ntuser.pol
2014-06-10 09:03 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-06-10 03:22 - 2014-06-10 03:22 - 00002992 _____ () C:\windows\System32\Tasks\{AFD6359E-1B5C-4018-90F1-55AA59FF11E8}
2014-06-10 03:21 - 2014-06-10 03:21 - 00002992 _____ () C:\windows\System32\Tasks\{5405AC5F-FD1A-4D8F-A5AD-DEF5801E784A}
2014-06-10 02:48 - 2014-06-10 02:48 - 00000000 ____D () C:\Users\Regina\6-10-2014
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\windows\ERDNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-09 22:24 - 2014-06-09 22:24 - 00791393 _____ (Lars Hederer ) C:\Users\Regina\Downloads\erunt-setup.exe
2014-06-09 16:52 - 2014-06-09 16:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-09 12:27 - 2014-01-03 13:30 - 00007604 _____ () C:\Users\Regina\AppData\Local\resmon.resmoncfg
2014-06-09 10:53 - 2014-06-09 10:53 - 00002966 _____ () C:\windows\System32\Tasks\{FE12D23B-3324-44D4-96A1-8CD79020BF18}
2014-06-09 10:09 - 2014-06-09 10:09 - 00003166 _____ () C:\windows\System32\Tasks\{1443180B-AA07-415C-9C93-67E547F4948D}
2014-06-08 09:02 - 2014-06-08 09:02 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Toshiba
2014-06-08 09:00 - 2014-06-08 09:00 - 00058016 _____ () C:\Users\reginamay\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\ATI
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\TOSHIBA
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\ATI
2014-06-08 09:00 - 2014-06-08 08:59 - 00002226 _____ () C:\Users\reginamay\Desktop\Google Chrome.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00001424 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Adobe
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Local\Google
2014-06-08 08:58 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay
2014-06-08 08:57 - 2014-06-08 08:57 - 00000020 ___SH () C:\Users\reginamay\ntuser.ini
2014-06-08 08:57 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay\AppData\Local\VirtualStore
2014-06-08 04:13 - 2014-06-11 14:42 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 14:42 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-07 18:52 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-07 18:38 - 2014-06-10 14:36 - 00002071 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 18:38 - 2014-06-08 08:57 - 00002071 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-06-05 11:31 - 2014-06-01 17:47 - 00000000 ____D () C:\Program Files\Google
2014-06-04 11:10 - 2014-06-03 23:53 - 00000000 ____D () C:\ProgramData\Google
2014-06-04 11:10 - 2014-01-10 21:05 - 00000000 ____D () C:\Users\Regina\AppData\Local\Google
2014-06-04 09:56 - 2014-05-27 10:23 - 00000486 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-06-04 08:39 - 2014-06-04 08:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0.exe
2014-06-03 23:59 - 2014-06-03 23:54 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Google
2014-06-03 23:54 - 2014-06-01 17:48 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-03 16:16 - 2014-06-03 16:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Regina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 11:49 - 2014-01-12 00:15 - 00000449 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website
2014-06-03 11:22 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Local\Opera Mail
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Opera Mail
2014-06-02 15:16 - 2014-05-01 22:42 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-02 15:15 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-01 23:13 - 2014-06-01 23:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\PhraseExpress
2014-05-31 02:24 - 2014-02-26 13:15 - 00032618 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-30 20:37 - 2014-05-21 00:43 - 00000000 ____D () C:\Users\Regina\AppData\Local\Windows Live
2014-05-30 05:21 - 2014-06-11 14:46 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 05:02 - 2014-06-11 14:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 05:02 - 2014-06-11 14:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 04:45 - 2014-06-11 14:47 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 04:39 - 2014-06-11 14:47 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 04:39 - 2014-06-11 14:46 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 04:38 - 2014-06-11 14:47 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 04:28 - 2014-06-11 14:47 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 04:27 - 2014-06-11 14:47 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 04:24 - 2014-06-11 14:47 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 04:21 - 2014-06-11 14:47 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 04:21 - 2014-06-11 14:46 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 04:20 - 2014-06-11 14:46 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 04:18 - 2014-06-11 14:47 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 04:11 - 2014-06-11 14:46 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 04:08 - 2014-06-11 14:46 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 04:06 - 2014-06-11 14:47 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 04:02 - 2014-06-11 14:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 03:55 - 2014-06-11 14:47 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 03:49 - 2014-06-11 14:46 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 03:46 - 2014-06-11 14:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 03:44 - 2014-06-11 14:47 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 03:44 - 2014-06-11 14:47 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 03:43 - 2014-06-11 14:47 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 03:42 - 2014-06-11 14:47 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 03:38 - 2014-06-11 14:47 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 03:35 - 2014-06-11 14:47 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 03:34 - 2014-06-11 14:47 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 03:33 - 2014-06-11 14:47 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 03:30 - 2014-06-11 14:47 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 03:29 - 2014-06-11 14:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 03:28 - 2014-06-11 14:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 03:27 - 2014-06-11 14:47 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 03:24 - 2014-06-11 14:47 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 03:23 - 2014-06-11 14:47 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 03:16 - 2014-06-11 14:47 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 03:10 - 2014-06-11 14:47 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 03:06 - 2014-06-11 14:47 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 03:04 - 2014-06-11 14:47 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 03:02 - 2014-06-11 14:47 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 02:56 - 2014-06-11 14:47 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 02:56 - 2014-06-11 14:46 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 02:54 - 2014-06-11 14:47 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 02:50 - 2014-06-11 14:47 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 02:49 - 2014-06-11 14:47 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 02:43 - 2014-06-11 14:47 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 02:40 - 2014-06-11 14:47 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 02:30 - 2014-06-11 14:47 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 02:21 - 2014-06-11 14:47 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 02:15 - 2014-06-11 14:47 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 02:13 - 2014-06-11 14:47 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-30 02:13 - 2014-06-11 14:46 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-29 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Globalization
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-05-28 21:55 - 2009-07-13 23:45 - 00000000 ____D () C:\windows\Setup
2014-05-28 12:34 - 2014-05-28 12:34 - 00003166 _____ () C:\windows\System32\Tasks\{DFEEA0CA-4E98-4D94-8D18-90027F6A4FB6}
2014-05-28 11:39 - 2014-05-12 08:27 - 00000000 ____D () C:\Users\Regina\AppData\Local\CrashDumps
2014-05-28 10:25 - 2014-05-28 10:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-27 10:50 - 2014-05-27 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 10:44 - 2014-05-27 10:44 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 10:44 - 2014-05-27 10:44 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 10:44 - 2014-01-12 00:57 - 00000000 ____D () C:\Users\Regina\AppData\Local\Deployment
 
Files to move or delete:
====================
C:\Users\Regina\MDSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 09:20
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 04 July 2014 - 09:25 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyUsers\S-1-5-21-1299813285-2685909501-423776819-1004\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.better-search.net/?src=10&st=12&i=998&did=10977&ppd=na&barid=92547096081114488
SearchScopes: HKCU - {7E4983F2-D1B3-4D07-B01D-8681A8207ED6} URL =
Toolbar: HKCU - No Name - {F6E831A9-1809-48CC-AFD5-C00FAF05D252} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Let me know what problem persists.

#7 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 04 July 2014 - 01:37 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Regina (administrator) on REGINA-PC on 26-06-2014 13:29:14
Running from C:\Users\Regina\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\RunOnce: [Uninstall C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Regina\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64"
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1299813285-2685909501-423776819-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyUsers\S-1-5-21-1299813285-2685909501-423776819-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.better-search.net/?src=10&st=12&i=998&did=10977&ppd=na&barid=92547096081114488
SearchScopes: HKCU - {002B3610-D259-4C97-A586-15E6227A192E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {7E4983F2-D1B3-4D07-B01D-8681A8207ED6} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {F6E831A9-1809-48CC-AFD5-C00FAF05D252} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.com/intl/en/chrome/webstore/themes.html", "https://www.google.com/intl/en/chrome/browser/welcome.html", "https://www.google.com/settings/chrome/sync", "https://support.google.com/chrome/troubleshooter/3338247?hl=en&ref_topic=3421642", "https://support.google.com/chrome/answer/95414", "https://support.google.com/chrome/?p=help&ctx=settings#topic=3421642", "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-31&ent=hp&u=2E5A1DE572D714967F64735339F8D5B3"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (WOT) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-27]
CHR Extension: (TrafficLight) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-06-18]
CHR Extension: (AdBlock) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-27]
CHR Extension: (History Eraser) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2014-06-16]
CHR Extension: (Cookies) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\Regina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-26 13:29 - 2014-06-26 13:30 - 00013720 _____ () C:\Users\Regina\Downloads\FRST.txt
2014-06-26 13:28 - 2014-06-26 13:29 - 00000000 ____D () C:\FRST
2014-06-26 13:28 - 2014-06-26 13:28 - 02082816 _____ (Farbar) C:\Users\Regina\Downloads\FRST64.exe
2014-06-26 12:57 - 2014-06-26 12:57 - 00000056 _____ () C:\windows\setupact.log
2014-06-26 12:57 - 2014-06-26 12:57 - 00000000 _____ () C:\windows\setuperr.log
2014-06-26 12:07 - 2014-06-26 12:07 - 00001122 _____ () C:\windows\PFRO.log
2014-06-26 11:24 - 2014-06-26 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-26 00:12 - 2014-06-26 00:12 - 00000000 ____D () C:\OETemp
2014-06-25 23:33 - 2014-06-25 23:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-25 14:45 - 2011-05-09 16:13 - 00001409 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-25 14:45 - 2009-07-13 23:49 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Thunderbird
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Mozilla
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Local\Thunderbird
2014-06-24 13:06 - 2014-06-24 13:06 - 26454512 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 31.0b1.exe
2014-06-24 11:19 - 2014-06-24 11:19 - 02434048 _____ () C:\Users\Regina\Downloads\msxml (1).msi
2014-06-24 11:11 - 2014-06-24 11:11 - 02434048 _____ () C:\Users\Regina\Downloads\msxml.msi
2014-06-23 17:25 - 2014-06-23 17:25 - 00000690 _____ () C:\Users\Regina\Documents\cc_20140623_172519.reg
2014-06-23 02:27 - 2014-06-23 02:27 - 00002972 _____ () C:\windows\System32\Tasks\{9E5814C7-82CC-4909-9D04-396AD9F886F9}
2014-06-23 02:25 - 2014-06-23 02:25 - 00003008 _____ () C:\windows\System32\Tasks\{3D4CA334-B0A4-42CF-95EA-02781AF06458}
2014-06-23 02:21 - 2014-06-23 02:21 - 00003008 _____ () C:\windows\System32\Tasks\{1412ABE5-E772-4F99-82F9-243935E7F7E5}
2014-06-22 21:23 - 2014-06-22 21:23 - 00001206 _____ () C:\Users\Regina\Documents\cc_20140622_212352.reg
2014-06-22 21:21 - 2014-06-22 21:21 - 00000000 ____D () C:\Users\Regina\Downloads\New folder
2014-06-22 14:18 - 2014-06-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-22 14:17 - 2014-06-22 14:18 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-22 14:16 - 2014-06-22 14:16 - 04095448 _____ (BrightFort LLC ) C:\Users\Regina\Downloads\spywareblastersetup50.exe
2014-06-22 08:03 - 2014-06-22 08:03 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\ProductData
2014-06-22 08:02 - 2014-06-22 08:03 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-22 08:02 - 2014-06-22 08:02 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\IObit
2014-06-22 06:10 - 2014-06-22 06:10 - 00000830 _____ () C:\Users\Regina\Documents\cc_20140622_061043.reg
2014-06-21 22:00 - 2014-06-21 22:00 - 00004154 _____ () C:\Users\Regina\Documents\cc_20140621_220040.reg
2014-06-21 19:44 - 2014-06-21 19:44 - 00003094 _____ () C:\windows\System32\Tasks\{981C41F5-B10C-4CD3-82C8-825D80C79529}
2014-06-21 12:36 - 2014-06-24 11:16 - 00001997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-21 12:36 - 2014-06-24 11:16 - 00001985 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-21 12:35 - 2014-06-25 06:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-21 12:33 - 2014-06-21 12:34 - 22156720 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.4.0.exe
2014-06-20 15:08 - 2014-06-20 15:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 16:30 - 2014-06-18 16:31 - 00000346 _____ () C:\windows\system32\Perms.txt
2014-06-18 11:24 - 2014-06-18 11:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Regina\Downloads\mseinstall.exe
2014-06-18 11:23 - 2014-06-18 11:23 - 00096083 _____ () C:\ProgramData\1403108401.bdinstall.bin
2014-06-18 11:20 - 2014-06-18 11:20 - 00037691 _____ () C:\ProgramData\1403108394.bdinstall.bin
2014-06-18 11:14 - 2014-06-18 11:14 - 00058810 _____ () C:\ProgramData\1403107922.bdinstall.bin
2014-06-18 11:12 - 2014-06-18 11:12 - 00037822 _____ () C:\ProgramData\1403107917.bdinstall.bin
2014-06-17 14:15 - 2014-06-17 14:20 - 00000000 ____D () C:\Users\Regina\Downloads\myuninst
2014-06-17 14:14 - 2014-06-17 14:14 - 00046124 _____ () C:\Users\Regina\Downloads\myuninst.zip
2014-06-17 01:14 - 2014-06-17 01:14 - 00214707 _____ () C:\ProgramData\1402985429.bdinstall.bin
2014-06-15 22:31 - 2014-06-15 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-15 22:28 - 2014-06-15 22:28 - 17312072 _____ (Google Inc.) C:\Users\Regina\Downloads\picasa39-setup.exe
2014-06-15 20:48 - 2014-06-15 20:53 - 00000000 ____D () C:\be6000969945af2c4f620b29f8a3e7
2014-06-15 20:44 - 2014-06-15 20:57 - 00000000 ____D () C:\337a5051a47b7f5c479b912d
2014-06-15 17:11 - 2014-06-15 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-14 18:26 - 2014-06-21 12:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 18:25 - 2014-06-14 18:25 - 19673760 _____ (SUPERAntiSpyware) C:\Users\Regina\Downloads\SUPERAntiSpyware.exe
2014-06-14 18:06 - 2014-06-14 18:06 - 00003288 _____ () C:\windows\System32\Tasks\{6FF02622-5257-4BCC-B6DE-2BA9AF279835}
2014-06-12 18:34 - 2014-06-12 18:34 - 00000000 ____D () C:\Users\Regina\New folder
2014-06-12 17:48 - 2014-06-26 11:23 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 17:46 - 2014-06-26 11:22 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-12 17:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-12 17:34 - 2014-06-12 17:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0 (1).exe
2014-06-11 14:47 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 14:47 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 14:47 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 14:47 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 14:47 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 14:47 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 14:47 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 14:47 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 14:47 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 14:47 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 14:47 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 14:47 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 14:47 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 14:47 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 14:47 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 14:47 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 14:47 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 14:47 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 14:47 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 14:47 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 14:47 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 14:47 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 14:47 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 14:47 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 14:47 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 14:47 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 14:47 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 14:47 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 14:47 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 14:47 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 14:47 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 14:47 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 14:47 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 14:47 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 14:47 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 14:47 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 14:47 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 14:47 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 14:47 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 14:47 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 14:47 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 14:47 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 14:47 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 14:47 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 14:47 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 14:47 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 14:47 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 14:46 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 14:46 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 14:46 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 14:46 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 14:46 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 14:46 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 14:46 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 14:46 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 14:46 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 14:46 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 14:46 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 14:46 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 14:46 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 14:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 14:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 14:46 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 14:46 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 14:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 14:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 14:42 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 14:42 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-11 12:26 - 2014-06-11 12:26 - 00000000 ____D () C:\windows\ERUNT
2014-06-10 16:39 - 2014-06-25 06:15 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieUserList
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieSiteList
2014-06-10 14:42 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Toshiba
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\ATI
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Local\ATI
2014-06-10 14:39 - 2014-06-10 14:39 - 00058016 _____ () C:\Users\My pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 14:39 - 2014-06-10 14:39 - 00000000 ____D () C:\Users\My pc\AppData\Local\TOSHIBA
2014-06-10 14:38 - 2014-06-22 22:17 - 00000000 ____D () C:\Users\My pc\AppData\Local\Google
2014-06-10 14:38 - 2014-06-10 14:43 - 00002226 _____ () C:\Users\My pc\Desktop\Google Chrome.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00001424 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Adobe
2014-06-10 14:37 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc\AppData\Local\VirtualStore
2014-06-10 14:36 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc
2014-06-10 14:36 - 2014-06-10 14:36 - 00000904 __RSH () C:\Users\My pc\ntuser.pol
2014-06-10 14:36 - 2014-06-10 14:36 - 00000020 ___SH () C:\Users\My pc\ntuser.ini
2014-06-10 14:36 - 2014-06-07 18:38 - 00002071 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-10 14:36 - 2014-03-12 07:11 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\TuneUp Software
2014-06-10 14:36 - 2013-12-28 10:56 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Macromedia
2014-06-10 14:36 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-10 14:36 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-10 09:03 - 2014-06-10 09:03 - 00000632 __RSH () C:\Users\Regina\ntuser.pol
2014-06-10 03:22 - 2014-06-10 03:22 - 00002992 _____ () C:\windows\System32\Tasks\{AFD6359E-1B5C-4018-90F1-55AA59FF11E8}
2014-06-10 03:21 - 2014-06-10 03:21 - 00002992 _____ () C:\windows\System32\Tasks\{5405AC5F-FD1A-4D8F-A5AD-DEF5801E784A}
2014-06-10 02:48 - 2014-06-10 02:48 - 00000000 ____D () C:\Users\Regina\6-10-2014
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\windows\ERDNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-09 22:24 - 2014-06-09 22:24 - 00791393 _____ (Lars Hederer ) C:\Users\Regina\Downloads\erunt-setup.exe
2014-06-09 16:52 - 2014-06-09 16:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-09 10:53 - 2014-06-09 10:53 - 00002966 _____ () C:\windows\System32\Tasks\{FE12D23B-3324-44D4-96A1-8CD79020BF18}
2014-06-09 10:09 - 2014-06-09 10:09 - 00003166 _____ () C:\windows\System32\Tasks\{1443180B-AA07-415C-9C93-67E547F4948D}
2014-06-08 11:04 - 2014-06-10 18:01 - 00000000 ____D () C:\MATS
2014-06-08 09:02 - 2014-06-08 09:02 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Toshiba
2014-06-08 09:00 - 2014-06-08 09:00 - 00058016 _____ () C:\Users\reginamay\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\ATI
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\TOSHIBA
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\ATI
2014-06-08 08:59 - 2014-06-08 09:00 - 00002226 _____ () C:\Users\reginamay\Desktop\Google Chrome.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00001424 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Adobe
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Local\Google
2014-06-08 08:57 - 2014-06-08 08:58 - 00000000 ____D () C:\Users\reginamay
2014-06-08 08:57 - 2014-06-08 08:57 - 00000020 ___SH () C:\Users\reginamay\ntuser.ini
2014-06-08 08:57 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay\AppData\Local\VirtualStore
2014-06-08 08:57 - 2014-06-07 18:38 - 00002071 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-08 08:57 - 2014-03-12 07:11 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\TuneUp Software
2014-06-08 08:57 - 2013-12-28 10:56 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Macromedia
2014-06-08 08:57 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-08 08:57 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-06-05 05:29 - 2014-06-24 19:50 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-04 08:39 - 2014-06-04 08:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0.exe
2014-06-03 23:54 - 2014-06-03 23:59 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Google
2014-06-03 23:53 - 2014-06-04 11:10 - 00000000 ____D () C:\ProgramData\Google
2014-06-03 16:14 - 2014-06-03 16:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Regina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-02 18:01 - 2014-06-03 11:22 - 00000000 ____D () C:\Users\Regina\AppData\Local\Opera Mail
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Opera Mail
2014-06-01 23:11 - 2014-06-01 23:13 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\PhraseExpress
2014-06-01 17:48 - 2014-06-03 23:54 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-01 17:47 - 2014-06-05 11:31 - 00000000 ____D () C:\Program Files\Google
2014-05-29 14:51 - 2014-06-21 12:54 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-05-29 14:50 - 2014-06-24 15:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 12:34 - 2014-05-28 12:34 - 00003166 _____ () C:\windows\System32\Tasks\{DFEEA0CA-4E98-4D94-8D18-90027F6A4FB6}
2014-05-28 10:25 - 2014-05-28 10:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-27 10:50 - 2014-05-27 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 10:44 - 2014-06-26 13:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-27 10:44 - 2014-06-26 11:51 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-27 10:44 - 2014-05-27 10:44 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 10:44 - 2014-05-27 10:44 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 10:23 - 2014-06-04 09:56 - 00000486 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-05-27 09:10 - 2014-06-15 22:30 - 00000000 ____D () C:\Program Files (x86)\Google
 
==================== One Month Modified Files and Folders =======
 
2014-06-26 13:30 - 2014-06-26 13:29 - 00013720 _____ () C:\Users\Regina\Downloads\FRST.txt
2014-06-26 13:29 - 2014-06-26 13:28 - 00000000 ____D () C:\FRST
2014-06-26 13:29 - 2013-12-26 22:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 13:28 - 2014-06-26 13:28 - 02082816 _____ (Farbar) C:\Users\Regina\Downloads\FRST64.exe
2014-06-26 13:11 - 2014-02-26 13:19 - 01197180 _____ () C:\windows\WindowsUpdate.log
2014-06-26 13:05 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 13:05 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 13:01 - 2014-05-27 10:44 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 12:57 - 2014-06-26 12:57 - 00000056 _____ () C:\windows\setupact.log
2014-06-26 12:57 - 2014-06-26 12:57 - 00000000 _____ () C:\windows\setuperr.log
2014-06-26 12:57 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-26 12:07 - 2014-06-26 12:07 - 00001122 _____ () C:\windows\PFRO.log
2014-06-26 11:51 - 2014-05-27 10:44 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 11:45 - 2014-06-26 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-26 11:23 - 2014-06-12 17:48 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 11:22 - 2014-06-12 17:46 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-26 00:12 - 2014-06-26 00:12 - 00000000 ____D () C:\OETemp
2014-06-25 23:45 - 2014-06-25 23:33 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-25 22:22 - 2009-07-13 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 14:45 - 2013-12-21 14:55 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 14:45 - 2009-07-14 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-25 08:40 - 2014-04-25 12:43 - 00000000 ____D () C:\Users\Regina\Documents\New folder (4)
2014-06-25 06:22 - 2014-06-21 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-25 06:15 - 2014-06-10 16:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-24 19:50 - 2014-06-05 05:29 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-24 16:42 - 2013-12-21 14:54 - 00000000 ____D () C:\Users\Regina
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Thunderbird
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Mozilla
2014-06-24 15:43 - 2014-06-24 15:43 - 00000000 ____D () C:\Users\My pc\AppData\Local\Thunderbird
2014-06-24 15:40 - 2014-05-29 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 13:06 - 2014-06-24 13:06 - 26454512 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 31.0b1.exe
2014-06-24 11:19 - 2014-06-24 11:19 - 02434048 _____ () C:\Users\Regina\Downloads\msxml (1).msi
2014-06-24 11:16 - 2014-06-21 12:36 - 00001997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-24 11:16 - 2014-06-21 12:36 - 00001985 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-24 11:11 - 2014-06-24 11:11 - 02434048 _____ () C:\Users\Regina\Downloads\msxml.msi
2014-06-24 10:59 - 2013-12-26 22:45 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-24 10:59 - 2013-12-26 22:45 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 10:59 - 2011-10-30 22:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-23 17:25 - 2014-06-23 17:25 - 00000690 _____ () C:\Users\Regina\Documents\cc_20140623_172519.reg
2014-06-23 17:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-06-23 02:27 - 2014-06-23 02:27 - 00002972 _____ () C:\windows\System32\Tasks\{9E5814C7-82CC-4909-9D04-396AD9F886F9}
2014-06-23 02:25 - 2014-06-23 02:25 - 00003008 _____ () C:\windows\System32\Tasks\{3D4CA334-B0A4-42CF-95EA-02781AF06458}
2014-06-23 02:21 - 2014-06-23 02:21 - 00003008 _____ () C:\windows\System32\Tasks\{1412ABE5-E772-4F99-82F9-243935E7F7E5}
2014-06-22 22:17 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Local\Google
2014-06-22 21:23 - 2014-06-22 21:23 - 00001206 _____ () C:\Users\Regina\Documents\cc_20140622_212352.reg
2014-06-22 21:21 - 2014-06-22 21:21 - 00000000 ____D () C:\Users\Regina\Downloads\New folder
2014-06-22 14:18 - 2014-06-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-06-22 14:18 - 2014-06-22 14:17 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-22 14:16 - 2014-06-22 14:16 - 04095448 _____ (BrightFort LLC ) C:\Users\Regina\Downloads\spywareblastersetup50.exe
2014-06-22 08:03 - 2014-06-22 08:03 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\ProductData
2014-06-22 08:03 - 2014-06-22 08:02 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-22 08:02 - 2014-06-22 08:02 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\IObit
2014-06-22 06:10 - 2014-06-22 06:10 - 00000830 _____ () C:\Users\Regina\Documents\cc_20140622_061043.reg
2014-06-21 22:00 - 2014-06-21 22:00 - 00004154 _____ () C:\Users\Regina\Documents\cc_20140621_220040.reg
2014-06-21 21:36 - 2013-12-21 14:59 - 00000000 ____D () C:\Users\Regina\AppData\Local\VirtualStore
2014-06-21 19:44 - 2014-06-21 19:44 - 00003094 _____ () C:\windows\System32\Tasks\{981C41F5-B10C-4CD3-82C8-825D80C79529}
2014-06-21 12:54 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Local\Thunderbird
2014-06-21 12:42 - 2014-06-14 18:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-21 12:34 - 2014-06-21 12:33 - 22156720 _____ (Mozilla) C:\Users\Regina\Downloads\Thunderbird Setup 24.4.0.exe
2014-06-20 15:08 - 2014-06-20 15:08 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\SUPERAntiSpyware.com
2014-06-18 16:31 - 2014-06-18 16:30 - 00000346 _____ () C:\windows\system32\Perms.txt
2014-06-18 11:32 - 2014-02-23 19:35 - 00002150 _____ () C:\windows\epplauncher.mif
2014-06-18 11:25 - 2014-06-18 11:24 - 13829304 _____ (Microsoft Corporation) C:\Users\Regina\Downloads\mseinstall.exe
2014-06-18 11:23 - 2014-06-18 11:23 - 00096083 _____ () C:\ProgramData\1403108401.bdinstall.bin
2014-06-18 11:20 - 2014-06-18 11:20 - 00037691 _____ () C:\ProgramData\1403108394.bdinstall.bin
2014-06-18 11:14 - 2014-06-18 11:14 - 00058810 _____ () C:\ProgramData\1403107922.bdinstall.bin
2014-06-18 11:12 - 2014-06-18 11:12 - 00037822 _____ () C:\ProgramData\1403107917.bdinstall.bin
2014-06-17 14:20 - 2014-06-17 14:15 - 00000000 ____D () C:\Users\Regina\Downloads\myuninst
2014-06-17 14:14 - 2014-06-17 14:14 - 00046124 _____ () C:\Users\Regina\Downloads\myuninst.zip
2014-06-17 10:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-06-17 01:14 - 2014-06-17 01:14 - 00214707 _____ () C:\ProgramData\1402985429.bdinstall.bin
2014-06-17 01:11 - 2014-05-11 13:22 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\QuickScan
2014-06-17 00:34 - 2014-05-18 20:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-15 22:31 - 2014-06-15 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-15 22:30 - 2014-05-27 09:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-15 22:28 - 2014-06-15 22:28 - 17312072 _____ (Google Inc.) C:\Users\Regina\Downloads\picasa39-setup.exe
2014-06-15 20:57 - 2014-06-15 20:44 - 00000000 ____D () C:\337a5051a47b7f5c479b912d
2014-06-15 20:53 - 2014-06-15 20:48 - 00000000 ____D () C:\be6000969945af2c4f620b29f8a3e7
2014-06-15 17:11 - 2014-06-15 17:11 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-15 11:05 - 2014-01-14 04:19 - 00000469 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\My Yahoo.website
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 18:25 - 2014-06-14 18:25 - 19673760 _____ (SUPERAntiSpyware) C:\Users\Regina\Downloads\SUPERAntiSpyware.exe
2014-06-14 18:06 - 2014-06-14 18:06 - 00003288 _____ () C:\windows\System32\Tasks\{6FF02622-5257-4BCC-B6DE-2BA9AF279835}
2014-06-12 18:34 - 2014-06-12 18:34 - 00000000 ____D () C:\Users\Regina\New folder
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 17:46 - 2014-06-12 17:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 17:34 - 2014-06-12 17:34 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0 (1).exe
2014-06-11 14:58 - 2013-12-21 16:50 - 00000000 ____D () C:\windows\system32\MRT
2014-06-11 14:55 - 2013-12-21 16:50 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 14:48 - 2014-04-24 08:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 12:26 - 2014-06-11 12:26 - 00000000 ____D () C:\windows\ERUNT
2014-06-10 18:01 - 2014-06-08 11:04 - 00000000 ____D () C:\MATS
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieUserList
2014-06-10 15:04 - 2014-06-10 15:04 - 00000000 __SHD () C:\Users\My pc\AppData\Local\EmieSiteList
2014-06-10 14:43 - 2014-06-10 14:38 - 00002226 _____ () C:\Users\My pc\Desktop\Google Chrome.lnk
2014-06-10 14:42 - 2014-06-10 14:42 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Toshiba
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\ATI
2014-06-10 14:40 - 2014-06-10 14:40 - 00000000 ____D () C:\Users\My pc\AppData\Local\ATI
2014-06-10 14:39 - 2014-06-10 14:39 - 00058016 _____ () C:\Users\My pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-10 14:39 - 2014-06-10 14:39 - 00000000 ____D () C:\Users\My pc\AppData\Local\TOSHIBA
2014-06-10 14:38 - 2014-06-10 14:38 - 00001424 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-10 14:38 - 2014-06-10 14:38 - 00000000 ____D () C:\Users\My pc\AppData\Roaming\Adobe
2014-06-10 14:37 - 2014-06-10 14:37 - 00000000 ____D () C:\Users\My pc\AppData\Local\VirtualStore
2014-06-10 14:37 - 2014-06-10 14:36 - 00000000 ____D () C:\Users\My pc
2014-06-10 14:36 - 2014-06-10 14:36 - 00000904 __RSH () C:\Users\My pc\ntuser.pol
2014-06-10 14:36 - 2014-06-10 14:36 - 00000020 ___SH () C:\Users\My pc\ntuser.ini
2014-06-10 09:03 - 2014-06-10 09:03 - 00000632 __RSH () C:\Users\Regina\ntuser.pol
2014-06-10 09:03 - 2009-07-13 22:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-06-10 03:22 - 2014-06-10 03:22 - 00002992 _____ () C:\windows\System32\Tasks\{AFD6359E-1B5C-4018-90F1-55AA59FF11E8}
2014-06-10 03:21 - 2014-06-10 03:21 - 00002992 _____ () C:\windows\System32\Tasks\{5405AC5F-FD1A-4D8F-A5AD-DEF5801E784A}
2014-06-10 02:48 - 2014-06-10 02:48 - 00000000 ____D () C:\Users\Regina\6-10-2014
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\windows\ERDNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-09 22:24 - 2014-06-09 22:24 - 00791393 _____ (Lars Hederer ) C:\Users\Regina\Downloads\erunt-setup.exe
2014-06-09 16:52 - 2014-06-09 16:52 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files\MSBuild
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-06-09 15:03 - 2014-06-09 15:03 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-09 12:27 - 2014-01-03 13:30 - 00007604 _____ () C:\Users\Regina\AppData\Local\resmon.resmoncfg
2014-06-09 10:53 - 2014-06-09 10:53 - 00002966 _____ () C:\windows\System32\Tasks\{FE12D23B-3324-44D4-96A1-8CD79020BF18}
2014-06-09 10:09 - 2014-06-09 10:09 - 00003166 _____ () C:\windows\System32\Tasks\{1443180B-AA07-415C-9C93-67E547F4948D}
2014-06-08 09:02 - 2014-06-08 09:02 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Toshiba
2014-06-08 09:00 - 2014-06-08 09:00 - 00058016 _____ () C:\Users\reginamay\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\ATI
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\TOSHIBA
2014-06-08 09:00 - 2014-06-08 09:00 - 00000000 ____D () C:\Users\reginamay\AppData\Local\ATI
2014-06-08 09:00 - 2014-06-08 08:59 - 00002226 _____ () C:\Users\reginamay\Desktop\Google Chrome.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00001424 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Roaming\Adobe
2014-06-08 08:59 - 2014-06-08 08:59 - 00000000 ____D () C:\Users\reginamay\AppData\Local\Google
2014-06-08 08:58 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay
2014-06-08 08:57 - 2014-06-08 08:57 - 00000020 ___SH () C:\Users\reginamay\ntuser.ini
2014-06-08 08:57 - 2014-06-08 08:57 - 00000000 ____D () C:\Users\reginamay\AppData\Local\VirtualStore
2014-06-08 04:13 - 2014-06-11 14:42 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 14:42 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-07 18:52 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-06-07 18:38 - 2014-06-10 14:36 - 00002071 _____ () C:\Users\My pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 18:38 - 2014-06-08 08:57 - 00002071 _____ () C:\Users\reginamay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-06-05 11:31 - 2014-06-01 17:47 - 00000000 ____D () C:\Program Files\Google
2014-06-04 11:10 - 2014-06-03 23:53 - 00000000 ____D () C:\ProgramData\Google
2014-06-04 11:10 - 2014-01-10 21:05 - 00000000 ____D () C:\Users\Regina\AppData\Local\Google
2014-06-04 09:56 - 2014-05-27 10:23 - 00000486 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-06-04 08:39 - 2014-06-04 08:39 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Regina\Downloads\mbam-clean-2.0.2.0.exe
2014-06-03 23:59 - 2014-06-03 23:54 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Google
2014-06-03 23:54 - 2014-06-01 17:48 - 00000000 ____D () C:\ProgramData\Google Updater
2014-06-03 16:16 - 2014-06-03 16:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Regina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 11:49 - 2014-01-12 00:15 - 00000449 _____ () C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website
2014-06-03 11:22 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Local\Opera Mail
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Opera Mail
2014-06-02 15:16 - 2014-05-01 22:42 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-02 15:15 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-01 23:13 - 2014-06-01 23:11 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\PhraseExpress
2014-05-31 02:24 - 2014-02-26 13:15 - 00032618 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-05-30 20:37 - 2014-05-21 00:43 - 00000000 ____D () C:\Users\Regina\AppData\Local\Windows Live
2014-05-30 05:21 - 2014-06-11 14:46 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 05:02 - 2014-06-11 14:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 05:02 - 2014-06-11 14:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 04:45 - 2014-06-11 14:47 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 04:39 - 2014-06-11 14:47 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 04:39 - 2014-06-11 14:46 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 04:38 - 2014-06-11 14:47 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 04:28 - 2014-06-11 14:47 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 04:27 - 2014-06-11 14:47 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 04:24 - 2014-06-11 14:47 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 04:21 - 2014-06-11 14:47 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 04:21 - 2014-06-11 14:46 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 04:20 - 2014-06-11 14:46 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 04:18 - 2014-06-11 14:47 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 04:11 - 2014-06-11 14:46 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 04:08 - 2014-06-11 14:46 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 04:06 - 2014-06-11 14:47 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 04:02 - 2014-06-11 14:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 03:55 - 2014-06-11 14:47 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 03:49 - 2014-06-11 14:46 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 03:46 - 2014-06-11 14:47 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 03:44 - 2014-06-11 14:47 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 03:44 - 2014-06-11 14:47 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 03:43 - 2014-06-11 14:47 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 03:42 - 2014-06-11 14:47 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 03:38 - 2014-06-11 14:47 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 03:35 - 2014-06-11 14:47 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 03:34 - 2014-06-11 14:47 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 03:33 - 2014-06-11 14:47 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 03:30 - 2014-06-11 14:47 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 03:29 - 2014-06-11 14:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 03:28 - 2014-06-11 14:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 03:27 - 2014-06-11 14:47 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 03:24 - 2014-06-11 14:47 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 03:23 - 2014-06-11 14:47 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 03:16 - 2014-06-11 14:47 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 03:10 - 2014-06-11 14:47 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 03:06 - 2014-06-11 14:47 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 03:04 - 2014-06-11 14:47 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 03:02 - 2014-06-11 14:47 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 02:56 - 2014-06-11 14:47 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 02:56 - 2014-06-11 14:46 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 02:54 - 2014-06-11 14:47 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 02:50 - 2014-06-11 14:47 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 02:49 - 2014-06-11 14:47 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 02:43 - 2014-06-11 14:47 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 02:40 - 2014-06-11 14:47 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 02:30 - 2014-06-11 14:47 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 02:21 - 2014-06-11 14:47 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 02:15 - 2014-06-11 14:47 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 02:13 - 2014-06-11 14:47 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-30 02:13 - 2014-06-11 14:46 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-29 19:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Globalization
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Thunderbird
2014-05-29 14:51 - 2014-05-29 14:51 - 00000000 ____D () C:\Users\Regina\AppData\Roaming\Mozilla
2014-05-28 21:55 - 2009-07-13 23:45 - 00000000 ____D () C:\windows\Setup
2014-05-28 12:34 - 2014-05-28 12:34 - 00003166 _____ () C:\windows\System32\Tasks\{DFEEA0CA-4E98-4D94-8D18-90027F6A4FB6}
2014-05-28 11:39 - 2014-05-12 08:27 - 00000000 ____D () C:\Users\Regina\AppData\Local\CrashDumps
2014-05-28 10:25 - 2014-05-28 10:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-05-27 10:50 - 2014-05-27 10:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-27 10:44 - 2014-05-27 10:44 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-27 10:44 - 2014-05-27 10:44 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-27 10:44 - 2014-01-12 00:57 - 00000000 ____D () C:\Users\Regina\AppData\Local\Deployment
 
Files to move or delete:
====================
C:\Users\Regina\MDSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 09:20
 
==================== End Of Log ============================


#8 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 04 July 2014 - 01:47 PM

Security check- Results of screen317's Security Check version 0.99.85  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate!
 
 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java version out of Date! 
 Adobe Flash Player 14.0.0.125  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 05 July 2014 - 06:45 AM

You posted the same FRST log dated 26-06-2014.

If you have followed my instructions on the Fix you should post the Fixlog.txt for my review.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

How is the computer running now?

#10 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 05 July 2014 - 07:49 AM

OK  That is strange the flash player is out of date, I have google chrome and it says the adobe is up to date.

 

I see the security check says java is out of date and that was fine with me as I took java off my pc long ago.

 

Pc is running ok but I still have some concerns as to why I cannot download certain programs.

I cannot say which ones right now as I forget the programs I was trying to download but sometimes I get error messages like 2203 message as a error. AND also

I was thinking the registry keys are not right on my pc that something is a miss with the registry.



#11 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 05 July 2014 - 07:57 AM

Can't uninstall or install programs and just tried to uninstall adobe reader and error messages is 2203 C:\windows installer cannot open database file system error -2147287035

And this is same message I get when I try to uninstall several programs.

 

 

This is what I have been trying to get help with.



#12 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 05 July 2014 - 07:59 AM

You posted the same FRST log dated 26-06-2014.

If you have followed my instructions on the Fix you should post the Fixlog.txt for my review.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>


Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

How is the computer running now?

Just also checked the version and I have the latest version 14.0.0.125 installed



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 05 July 2014 - 09:21 AM

My mistake, you only needed to update the Adobe Reader.

How is the computer performing?

#14 rp-57

rp-57
  • Topic Starter

  • Members
  • 468 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:oklahoma
  • Local time:11:17 PM

Posted 05 July 2014 - 09:50 AM

Just tried to update adobe reader still get error message 2203 I think there is a windows problem that is causing me not to be able to install and uninstall programs.

I have tried over and over to use revo and that don't work at all.

still get same error message.

As far as the PC runing you ask me is doing OK for now.

only problem is uninstall and install programs. going on.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:17 AM

Posted 05 July 2014 - 10:01 AM

Adjusting the Temp and Tmp environment variables from their default values causes this error.

How to edit the environment variables back to default:

1. Right-click My Computer --> Properties --> Select the Advanced System setting --> Select Environment Variables in the bottom.

2. In the section titled "User Variables for Administrator" edit the TEMP and the TMP values to be the following:

Variable Name: TEMP Variable Value: %USERPROFILE%\Local Settings\Temp

Variable Name: TMP Variable Value: %USERPROFILE%\Local Settings\Temp

Restart the computer normally.

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users