Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keylogger


  • This topic is locked This topic is locked
20 replies to this topic

#1 marybub

marybub

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 06 July 2014 - 09:55 AM

I think I might have a keylooger stealing my information, recently I had my bank info compromised, and they said it could be coming from my computer how can you help me make sure my computer is clean and free of key loggers and virus I have attached the two DDS filesAttached File  attach.txt   15.03KB   1 downloadsAttached File  dds.txt   27.42KB   5 downloads thank you in advance Marybub



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 11 July 2014 - 10:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540057 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2014 - 12:02 PM

"yes I still need help, I am currently away . I will post the requested logs when I return home Monday 7-14. my bank had unusual activity from coinbase.com I have no accounts with them or any dealings. COINBASE STATED THAT MY COMPUTER WAS HACKED, but two of my bank accounts linked to them, the bank thinks my computer was hacked and info stolen." Here is the new DDS log, for review. I really appreciate all your help in the matter.

#4 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2014 - 12:14 PM

Attached File  attach.zip   5.35KB   1 downloads
Attached File  dds.txt   27.99KB   2 downloadsAttached File  dds.txt   27.99KB   2 downloadsAttached File  dds.txt   27.99KB   2 downloadsHere are the new dds logs requested

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.45.2
Run by MaryAnn at 12:56:44 on 2014-07-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.8026 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\locator.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: iWin Toolbar for Pogo: {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: iWin Toolbar for Pogo: {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN386D4GMC05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\MaryAnn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.3.26 205.171.2.26
TCP: Interfaces\{01529390-A6FD-4FCF-B689-71CF0725C667} : DHCPNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
TCP: Interfaces\{1AEA60DC-5806-404C-8CE5-13EBF8862206} : DHCPNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: iWin Toolbar for Pogo: {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-TB: iWin Toolbar for Pogo: {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-7 55280]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-17 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 50464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-28 237056]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-6-27 3241488]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-6-17 289328]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-7-5 67584]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-28 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-2 860472]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2014-3-13 230920]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2014-3-13 69640]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-11-28 1127448]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-9-6 519920]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-1-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-11-28 115216]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2011-11-28 287960]
R3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\System32\drivers\HCW723x.sys [2012-8-17 1847680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-2 63704]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/28 11:30:41;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-8 19456]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-21 15712]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-10-8 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-8 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-9 1255736]
S4 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-07-06 04:45:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-06 00:23:31 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-07-05 23:50:05 332 ----a-w- C:\Start_.cmd
2014-07-03 12:25:32 98816 ----a-w- C:\Windows\sed.exe
2014-07-03 12:25:32 256000 ----a-w- C:\Windows\PEV.exe
2014-07-03 12:25:32 208896 ----a-w- C:\Windows\MBR.exe
2014-07-02 16:46:43 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-02 16:46:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-02 16:46:13 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-02 16:46:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 10:01:20 -------- d-----w- C:\ProgramData\Promote Installer
2014-06-29 17:21:15 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\MysteryTag
2014-06-29 17:20:28 -------- d-----w- C:\Program Files (x86)\iwintoolbarforpogo
2014-06-28 14:51:25 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Adobe
2014-06-17 20:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 20:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 20:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 20:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 20:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 20:06:22 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-17 20:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 20:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-07-08 20:20:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:20:12 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-27 13:31:58 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 12:56:55.78 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2011 12:04:45 PM
System Uptime: 7/14/2014 9:37:18 AM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2A86
Processor: Intel® Core™ i7 CPU       X 990  @ 3.47GHz | CPU 1 | 3468/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1851 GiB total, 1419.41 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.302 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (UDF)
L: is FIXED (NTFS) - 931 GiB total, 155.175 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&39369215&0&00E1
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760211AD&REV_00\4&39369215&0&00E1
Service: netr28x
.
==== System Restore Points ===================
.
RP262: 6/28/2014 11:10:19 PM - HPSF Restore Point
RP263: 7/3/2014 8:25:40 AM - ComboFix created restore point
RP264: 7/10/2014 3:00:48 AM - Windows Update
.
==== Installed Programs ======================
.
1&1 EasyLogin
64 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader XI (11.0.07)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Agatha Christie - Peril at End House
Amazon MP3 Downloader 1.0.15
AnvSoft Flash Banner Maker Trial 1.00
AnvSoft Photo Flash Maker Platinum 5.48
AnvSoft Photo Slideshow Maker Free 5.57
AnvSoft Photo Slideshow Maker Platinum 5.57
Any Video Converter 3.5.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI Catalyst Install Manager
ATI Stream SDK v2 Developer
Avery Wizard 4.0
AVG 2014
Bejeweled 2 Deluxe
Bejeweled 3
Bejeweled Twist
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
Cake Mania
Calendar ImportExport version 2.0.8
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CD Label Designer
Chuzzle Deluxe
CinemaNow Media Manager
Cobian Backup 11 Gravity
Coin Elite 15.80
Coin Elite 15.95
Coin Elite 16.25
Connect
Cool Edit Pro 2.1
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Creative Pack Volume 1
CutePDF Writer 2.8
CyberKit 3.0
CyberLink PowerDVD 10
D3DX10
Dazzle Video Capture DVC100 X64 Driver 1.06
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diamond Scheduler 6
Diner Dash 2 Restaurant Rescue
DING!
DIRECTV Player
DirectX 9 Runtime
Disketch Disc Label Software
DocProc
doPDF 7.3 printer
Dora's World Adventure
Doxillion Document Converter
ESET Online Scanner v3
Expert PDF 7 Reader
Express Burn
Express Zip
Farm Frenzy
FATE - The Traitor Soul
Fax
File Uploader
FileZilla Client 3.8.0
Filmmaker's Toolkit for Studio
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Grading Pictures 15
Hollywood FX Volumes 1-3
Hope Lake
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Games
HP Imaging Device Functions 14.0
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP OfficeJet L7300/L7500/7600/7700
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Remote Solution
HP Setup
HP Setup Manager
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HTML5 Slideshow Maker Free 1.00
Hulu Desktop
HydraVision
I.R.I.S. OCR
iCloud
IGT Slots Aztec Temple
ImageSkill Background Remover 3
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
IrfanView (remove only)
iSEEK AnswerWorks English Runtime
iTunes
iWin Toolbar for Pogo
iZotope Music & Speech Cleaner
Java 7 Update 45
Java Auto Updater
Java™ 6 Update 39
Junk Mail filter update
kuler
LabelPrint
Magic Bullet Looks Studio
Mah Jong Medley
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Motion Graphics Toolkit for Studio
MPM
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Negotiations Guide
NetObjects Fusion 1&1 Edition
NetObjects Fusion 1&1 Edition 2013
Network64
Nikon Message Center
Nikon Transfer
Nitro Pro 8
Nitro Pro 9
OCR Software by I.R.I.S. 14.0
Pando Media Booster
PDF Complete Special Edition
Penguins!
PhotoPad Image Editor
PHOTORECOVERY LE
Photoshop Camera Raw
Picture Control Utility
Pinnacle Studio 14
Pinnacle Studio 16
Pinnacle Studio 16 - Install Manager
Pinnacle Studio 16 - Standard Content Pack
Pinnacle Studio 17
Pinnacle Studio 17 - Install Manager
Pinnacle Studio 17 - Standard Content Pack
Pinnacle Studio 17 Add-Ons
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Video Driver
Pixillion Image Converter
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Pogo Games
Poker Superstars III
Polar Bowler
Polar Golfer
Premium Pack Volumes 1-2
PressReader
ProductContext
QuickBooks
QuickBooks Pro 2010
Quicken 2011
Quicken 2014
Quicken WillMaker Plus 2011
QuickTime 7
Realtek High Definition Audio Driver
Recovery Manager
Red Giant ToonIt Studio
Remote Graphics Receiver
Roxio Activation Module
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Special Edition
Roxio Creator 2010 Content
Roxio Creator 2010 Special Edition
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
RoxioNow Player
Safari
Scan
ScoreFitter Volumes 1-2
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 6.14
Slingo Supreme
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Status
Suite Shared Configuration CS4
The Weather Channel App
Title Extreme
Toolbox
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
TrayApp
Tune Sweeper
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Update Installer for WildTangent Games App
VD64Inst
ViewNX
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WD SmartWare
WebReg
WebSlingPlayer ActiveX
Wedding Slideshow Studio 1.35
Wheel of Fortune 2
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
Zuma's Revenge
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/9/2014 12:13:17 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
7/9/2014 12:13:17 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
7/14/2014 9:40:37 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/14/2014 10:06:40 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user MaryAnn-HP\MaryAnn SID (S-1-5-21-3513852268-574302107-2856833128-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

Edited by xXToffeeXx, 14 July 2014 - 12:52 PM.
Logs posted for ease


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:02 PM

Posted 14 July 2014 - 01:03 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi marybub,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2014 - 01:51 PM

As per your request, here are the two log files from farbar,  Also so you know I am going on vacation from 7-17- to 7-28-14 and will not have access to this computer during that time  Thanks again Maryann

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by MaryAnn (administrator) on MARYANN-HP on 14-07-2014 14:32:45
Running from C:\Users\MaryAnn\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-15] (Google Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://foxnews.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {553501A9-C52B-4BD1-BD9E-605028C6DA43} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {553501A9-C52B-4BD1-BD9E-605028C6DA43} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKCU - {A65AFE86-BC2A-4A8E-95C6-96FD76C732A4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307519&CUI=UN15700242581568411&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {FFF91399-D63C-46A7-A239-7F785DB1F413} URL = http://www.mysearchresults.com/search?c=2640&t=01&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: iWin Toolbar for Pogo -> {d925bc12-7440-413e-a040-cef15508f0c5} -> C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: iWin Toolbar for Pogo -> {d925bc12-7440-413e-a040-cef15508f0c5} -> C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-23]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP",
    "hxxp://search.conduit.com/?ctid=CT3307519&SearchSource=48&CUI=UN28593735021290489&UM=2"
CHR NewTab: "chrome-extension://lonndllmbldmmoefheenkmgkencnkdkh/Search/NewTabPages/html/new_tab.html",
    "chrome-extension://gcgpmamkljeboednbnnabhdlblmfjlhg/Search/NewTabPages/html/new_tab.html",
    "chrome-extension://fdepacjoijebcfaaenjicnejghibmebp/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (NDS PCShow Plugin) - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
CHR Plugin: (PCShow Player Plugin) - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje [2013-04-17]
CHR Extension: (YouTube) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp [2013-04-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg [2013-09-03]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh [2013-04-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-02-20]
CHR Extension: (Google Wallet) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-03-13] (Nitro PDF Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-09-06] (iWin Inc.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-08-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-14 14:32 - 2014-07-14 14:33 - 00030773 _____ () C:\Users\MaryAnn\Desktop\FRST.txt
2014-07-14 14:32 - 2014-07-14 14:32 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Desktop\FRST64.exe
2014-07-14 14:29 - 2014-07-14 14:32 - 00000000 ____D () C:\FRST
2014-07-14 14:28 - 2014-07-14 14:28 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2014-07-14 14:28 - 2014-07-14 14:28 - 01076736 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST.exe
2014-07-14 12:58 - 2014-07-14 12:58 - 00005476 _____ () C:\Users\MaryAnn\Desktop\attach.zip
2014-07-14 10:09 - 2014-07-14 12:25 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds (1).com
2014-07-09 15:16 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 15:16 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 15:16 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:16 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 15:16 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:16 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 15:16 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:16 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 15:16 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 15:16 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 15:16 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 15:16 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 15:16 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:16 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:16 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 15:16 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:16 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 15:16 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:16 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:16 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 15:16 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 15:16 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 15:16 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:16 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 15:16 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 15:16 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 15:16 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 15:16 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:16 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 15:16 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 15:16 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 15:16 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 15:16 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:16 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 15:16 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 15:16 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:16 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 15:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 15:16 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:16 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:16 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 15:16 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:15 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:15 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:15 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 15:15 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:15 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:15 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:15 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 15:15 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:15 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 15:15 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:15 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:15 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:15 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 15:15 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:15 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 15:15 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 15:15 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:15 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:15 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:15 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 15:15 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 15:15 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 15:15 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 15:15 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 10:38 - 2014-07-06 10:38 - 00028083 _____ () C:\Users\MaryAnn\Desktop\DDS1.txt
2014-07-06 10:31 - 2014-07-14 12:57 - 00028662 _____ () C:\Users\MaryAnn\Desktop\dds.txt
2014-07-06 10:31 - 2014-07-14 12:57 - 00014282 _____ () C:\Users\MaryAnn\Desktop\attach.txt
2014-07-06 10:29 - 2014-07-06 10:29 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds.com
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 20:21 - 2014-07-05 20:23 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\MaryAnn\Downloads\cbSetup.exe
2014-07-05 19:50 - 2014-07-05 19:50 - 00000332 _____ () C:\Start_.cmd
2014-07-05 19:49 - 2014-07-05 19:50 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-03 08:41 - 2014-07-03 08:41 - 00029069 _____ () C:\ComboFix.txt
2014-07-03 08:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-03 08:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-03 08:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-03 08:08 - 2014-07-03 08:41 - 00000000 ____D () C:\Qoobox
2014-07-03 08:08 - 2014-07-03 08:40 - 00000000 ____D () C:\Windows\erdnt
2014-07-03 08:07 - 2014-07-03 08:06 - 05213907 ____R (Swearware) C:\Users\MaryAnn\Desktop\ComboFix.exe
2014-07-03 08:06 - 2014-07-03 08:06 - 05213907 ____N (Swearware) C:\Users\MaryAnn\Downloads\ComboFix.exe
2014-07-02 12:46 - 2014-07-14 14:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 12:46 - 2014-07-02 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2014-07-02 12:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 12:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 11:53 - 2014-07-02 11:53 - 00492110 _____ () C:\Users\MaryAnn\Documents\sheila offer.mht
2014-06-29 13:21 - 2014-06-29 13:21 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\MysteryTag
2014-06-29 13:20 - 2014-06-29 13:20 - 00002018 _____ () C:\Users\Public\Desktop\Hope Lake.lnk
2014-06-29 13:20 - 2014-06-29 13:20 - 00000000 ____D () C:\Program Files (x86)\iwintoolbarforpogo
2014-06-28 19:12 - 2014-06-28 19:12 - 00002054 _____ () C:\Users\Public\Desktop\Bejeweled Twist.lnk
2014-06-28 10:51 - 2014-06-28 10:51 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\Adobe
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-07-14 14:33 - 2014-07-14 14:32 - 00030773 _____ () C:\Users\MaryAnn\Desktop\FRST.txt
2014-07-14 14:33 - 2013-02-06 19:17 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\Apple
2014-07-14 14:32 - 2014-07-14 14:32 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Desktop\FRST64.exe
2014-07-14 14:32 - 2014-07-14 14:29 - 00000000 ____D () C:\FRST
2014-07-14 14:32 - 2013-11-26 18:11 - 00000000 ____D () C:\Users\MaryAnn\Documents\Outlook Files
2014-07-14 14:32 - 2011-12-14 23:37 - 1778058240 _____ () C:\Users\MaryAnn\Downloads\backup.pst
2014-07-14 14:28 - 2014-07-14 14:28 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2014-07-14 14:28 - 2014-07-14 14:28 - 01076736 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST.exe
2014-07-14 14:27 - 2011-12-17 21:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 14:20 - 2012-04-30 08:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 14:11 - 2011-12-20 08:27 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\B18941A0-3338-4315-B1AF-1423E476D8C6.aplzod
2014-07-14 14:01 - 2014-07-02 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 12:58 - 2014-07-14 12:58 - 00005476 _____ () C:\Users\MaryAnn\Desktop\attach.zip
2014-07-14 12:58 - 2012-06-30 10:37 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-07-14 12:57 - 2014-07-06 10:31 - 00028662 _____ () C:\Users\MaryAnn\Desktop\dds.txt
2014-07-14 12:57 - 2014-07-06 10:31 - 00014282 _____ () C:\Users\MaryAnn\Desktop\attach.txt
2014-07-14 12:25 - 2014-07-14 10:09 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds (1).com
2014-07-14 12:15 - 2011-12-07 13:04 - 01980938 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 12:14 - 2013-04-26 20:20 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Skype
2014-07-14 10:12 - 2009-07-14 00:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 10:12 - 2009-07-14 00:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 09:46 - 2011-12-17 21:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 09:46 - 2011-12-14 22:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-13 22:00 - 2011-12-07 12:14 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C1780D11-8620-4DD9-A17B-A74E1C561A43}
2014-07-12 15:56 - 2011-11-28 15:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-10 03:31 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 03:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 03:25 - 2009-07-14 00:51 - 00087247 _____ () C:\Windows\setupact.log
2014-07-10 03:25 - 2009-07-14 00:45 - 00477736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:23 - 2014-05-03 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:23 - 2010-11-21 03:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:07 - 2011-12-07 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:06 - 2013-07-30 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:03 - 2011-12-07 18:41 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:20 - 2012-04-30 08:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:20 - 2012-04-30 08:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:20 - 2011-12-14 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 10:38 - 2014-07-06 10:38 - 00028083 _____ () C:\Users\MaryAnn\Desktop\DDS1.txt
2014-07-06 10:29 - 2014-07-06 10:29 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds.com
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:21 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\MaryAnn\Downloads\cbSetup.exe
2014-07-05 19:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-05 19:50 - 2014-07-05 19:50 - 00000332 _____ () C:\Start_.cmd
2014-07-05 19:50 - 2014-07-05 19:49 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-04 07:56 - 2014-01-05 20:16 - 00000000 ____D () C:\Users\MaryAnn\Documents\My office files
2014-07-03 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 17:39 - 2010-11-20 23:47 - 00639024 _____ () C:\Windows\PFRO.log
2014-07-03 09:04 - 2013-05-25 14:02 - 00000440 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-07-03 09:04 - 2012-10-12 15:38 - 00006668 _____ () C:\Windows\SysWOW64\userawacs.cfg
2014-07-03 09:03 - 2014-03-31 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-03 09:03 - 2013-09-25 09:31 - 00000922 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-03 08:41 - 2014-07-03 08:41 - 00029069 _____ () C:\ComboFix.txt
2014-07-03 08:41 - 2014-07-03 08:08 - 00000000 ____D () C:\Qoobox
2014-07-03 08:41 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-03 08:40 - 2014-07-03 08:08 - 00000000 ____D () C:\Windows\erdnt
2014-07-03 08:39 - 2009-07-13 22:34 - 00000243 _____ () C:\Windows\system.ini
2014-07-03 08:06 - 2014-07-03 08:07 - 05213907 ____R (Swearware) C:\Users\MaryAnn\Desktop\ComboFix.exe
2014-07-03 08:06 - 2014-07-03 08:06 - 05213907 ____N (Swearware) C:\Users\MaryAnn\Downloads\ComboFix.exe
2014-07-02 12:46 - 2014-07-02 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2014-07-02 12:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2012-01-26 22:31 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Malwarebytes
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-02 11:53 - 2014-07-02 11:53 - 00492110 _____ () C:\Users\MaryAnn\Documents\sheila offer.mht
2014-07-02 11:32 - 2013-12-08 20:05 - 00000000 ____D () C:\Users\MaryAnn\Documents\sheila
2014-07-01 09:38 - 2012-08-14 08:02 - 00003460 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-07-01 09:20 - 2011-12-22 08:28 - 01111552 ___SH () C:\Users\MaryAnn\Documents\Thumbs.db
2014-06-30 23:53 - 2013-01-17 00:57 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Nitro
2014-06-29 22:09 - 2014-07-09 15:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 15:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:21 - 2014-06-29 13:21 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\MysteryTag
2014-06-29 13:20 - 2014-06-29 13:20 - 00002018 _____ () C:\Users\Public\Desktop\Hope Lake.lnk
2014-06-29 13:20 - 2014-06-29 13:20 - 00000000 ____D () C:\Program Files (x86)\iwintoolbarforpogo
2014-06-29 08:44 - 2014-05-14 22:06 - 00000000 ____D () C:\ProgramData\iWin
2014-06-28 19:12 - 2014-06-28 19:12 - 00002054 _____ () C:\Users\Public\Desktop\Bejeweled Twist.lnk
2014-06-28 10:51 - 2014-06-28 10:51 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\Adobe
2014-06-23 01:22 - 2011-12-17 21:44 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 01:22 - 2011-12-17 21:44 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 20:59 - 2011-12-07 21:07 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\Microsoft Help
2014-06-20 16:14 - 2014-07-09 15:16 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 15:16 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 15:15 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 15:16 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 15:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:42 - 2014-07-09 15:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:41 - 2014-07-09 15:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:41 - 2014-07-09 15:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:32 - 2014-07-09 15:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 15:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 15:15 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 15:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:24 - 2014-07-09 15:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:23 - 2014-07-09 15:15 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 15:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 15:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 15:16 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 15:16 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 15:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 15:15 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 15:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 15:15 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 15:16 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 15:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 15:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 15:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 15:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 15:16 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 15:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 15:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 15:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 15:16 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 15:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 15:16 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 15:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 15:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 15:16 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 15:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 15:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 15:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 15:16 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:58 - 2014-07-09 15:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:52 - 2014-07-09 15:16 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 15:15 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 15:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 15:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 15:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 15:16 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 15:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 15:15 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 15:16 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 15:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 15:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 15:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 15:16 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-09 12:31

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by MaryAnn at 2014-07-14 14:33:23
Running from C:\Users\MaryAnn\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

1&1 EasyLogin (HKLM-x32\...\1&1 EasyLogin) (Version:  - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (HKLM-x32\...\Adobe_acce07fd2c8fe7f9e3f26243e626578) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
AnvSoft Flash Banner Maker Trial 1.00 (HKLM-x32\...\AnvSoft Flash Banner Maker Trial) (Version: 1.00 - AnvSoft, Inc.)
AnvSoft Photo Flash Maker Platinum 5.48 (HKLM-x32\...\AnvSoft Photo Flash Maker Platinum) (Version: 5.48 - AnvSoft, Inc.)
AnvSoft Photo Slideshow Maker Free 5.57 (HKLM-x32\...\AnvSoft Photo Slideshow Maker Free) (Version: 5.57 - AnvSoft, Inc.)
AnvSoft Photo Slideshow Maker Platinum 5.57 (HKLM-x32\...\AnvSoft Photo Slideshow Maker Platinum) (Version: 5.57 - AnvSoft, Inc.)
Any Video Converter 3.5.2 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{9A6AD916-D45D-1D1C-E2C0-A0402F511999}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version: 1.0.3.7482 - Pogo.com)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calendar ImportExport version 2.0.8 (HKLM-x32\...\{E06D2805-BBB6-453A-88D1-2868FEBC7BF7}_is1) (Version: 2.0.8 - Topalt.com)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0113.2337.42366 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help English (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help French (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help German (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0113.2336.42366 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
ccc-utility64 (Version: 2011.0113.2337.42366 - ATI) Hidden
CD Label Designer (HKLM-x32\...\CD Label Designer_is1) (Version: CD Label Designer 4.1 - Dataland Software)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Coin Elite 15.80 (HKLM-x32\...\Coin Elite 15.80) (Version:  - )
Coin Elite 15.95 (HKLM-x32\...\Coin Elite 15.95) (Version:  - )
Coin Elite 16.25 (HKLM-x32\...\Coin Elite 16.25) (Version:  - )
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.100.0000 - Corel Corporation)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel Painter Photo Essentials 4 (HKLM-x32\...\_{707EB912-C597-49D8-9460-46CC9AB03EBE}) (Version:  - Corel Corporation)
Corel Painter Photo Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberKit 3.0 (HKLM-x32\...\{1DF064B9-AA24-11D3-A809-525400DA15B9}) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2615 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.1.2615 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diamond Scheduler 6 (HKLM-x32\...\Diamond Scheduler_is1) (Version:  - Cactusware)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DING! (HKLM-x32\...\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}) (Version: 1.05.005 - Southwest Airlines)
DIRECTV Player (HKLM-x32\...\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}) (Version: 4.00 - DIRECTV)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Disketch Disc Label Software (HKLM-x32\...\Disketch) (Version:  - NCH Software)
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (Version: 7.3.393 - Softland) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version:  - NCH Software)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{2444562A-A7DC-42B8-A4D8-1BCF704B1480}) (Version: 1.0.1 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Grading Pictures 15 (HKLM-x32\...\Grading Pictures 15) (Version:  - )
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
Hope Lake (HKLM-x32\...\Hope Lake) (Version: 4.1.5.1944 - Pogo.com)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Remote Solution (x32 Version: 1.1.14.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTML5 Slideshow Maker Free 1.00 (HKLM-x32\...\HTML5 Slideshow Maker Free) (Version: 1.00 - AnvSoft, Inc.)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IGT Slots Aztec Temple (HKLM-x32\...\IGT Slots Aztec Temple) (Version: 4.0.1.62181 - Pogo.com)
ImageSkill Background Remover 3 (HKLM-x32\...\ImageSkill Background Remover 3) (Version: 3.0 - ImageSkill)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
iWin Toolbar for Pogo (HKLM\...\iwintoolbarforpogo) (Version: 1.0.0.10 - Visicom Media inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.390 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{178D71F4-DFB1-40EC-9D95-326FD8A3E7A0}) (Version: 1.00.0000 - Red Giant)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{E5C99F9E-E97D-40B6-BAFC-8BCBFF1031E4}) (Version: 1.0.1 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Motion Graphics Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Negotiations Guide (HKLM-x32\...\ST5UNST #1) (Version:  - )
NetObjects Fusion 1&1 Edition (HKLM-x32\...\{D6DA907A-EDBC-4EB6-89CE-D471E4DCB36A}) (Version: 11.0 - )
NetObjects Fusion 1&1 Edition 2013 (HKLM-x32\...\{8311B8DD-0E3A-49DF-AE0E-8F980F38A758}) (Version: 13.0 1and1 - NetObjects)
NetObjects Fusion 1&1 Edition 2013 (x32 Version: 13.00.5000.5524 - NetObjects) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.3.0 - Nikon)
Nitro Pro 8 (HKLM\...\{FD46B7B1-FF9A-43EE-8E12-D8F61BD67A25}) (Version: 8.5.2.10 - Nitro)
Nitro Pro 9 (HKLM-x32\...\{fdfaef5c-7b60-4f39-9098-a919ab9ea8b6}) (Version: 9.0.7.5 - Nitro)
Nitro Pro 9 (Version: 9.0.7.5 - Nitro) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version:  - NCH Software)
PHOTORECOVERY LE (HKLM-x32\...\{8D03A164-B586-4318-AFE6-870A5E2739C1}) (Version: 1.0.0 - LC Technology International)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.3 - Nikon)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio 16 - Install Manager (HKLM-x32\...\{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}) (Version: 16.10.115 - Corel Corporation)
Pinnacle Studio 16 - Standard Content Pack (HKLM-x32\...\{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}) (Version: 16.0.1 - Corel Corporation)
Pinnacle Studio 16 (HKLM-x32\...\{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}) (Version: 16.1.0.115 - Corel Corporation)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.128 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.3.0.280 - Corel Corporation)
Pinnacle Studio 17 Add-Ons (x32 Version: 17.0 - Corel) Hidden
Pinnacle Studio Ultimate Collection Plugins (HKLM-x32\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version:  - NCH Software)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken WillMaker Plus 2011 (HKLM-x32\...\Quicken WillMaker Plus 2011) (Version:  - Nolo)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Red Giant ToonIt Studio (HKLM-x32\...\Red Giant ToonIt Studio) (Version:  - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager CDB (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.3 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2009 Special Edition (x32 Version: 1.2.193 - Roxio) Hidden
Roxio Creator 2010 Content (x32 Version: 12.0.013 - Roxio) Hidden
Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator 2010 Special Edition (x32 Version: 5.0.0 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Roxio Venue (x32 Version: 2.2.170 - Sonic Solutions) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM-x32\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM-x32\...\Trapcode Shine Studio) (Version:  - )
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Tune Sweeper (HKLM-x32\...\{2531BB60-FE82-495D-B499-ABA9C43EE96B}) (Version: 3.07 - Wide Angle Software)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.2.0 - Nikon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.20 - Western Digital)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (HKLM-x32\...\{9D90E3BE-4F0E-4C8E-A2F3-D08A95641939}) (Version: 1.5.13743 - Sling Media)
Wedding Slideshow Studio 1.35 (HKLM-x32\...\Wedding Slideshow Studio_is1) (Version:  - wedding-slideshow-studio.com)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\BFG-Zuma's Revenge) (Version:  - )
Zuma's Revenge (HKLM-x32\...\Zuma's Revenge) (Version: 1.0.4.9495 - Pogo.com)

==================== Restore Points  =========================

29-06-2014 03:10:19 HPSF Restore Point
03-07-2014 12:25:40 ComboFix created restore point
10-07-2014 07:00:48 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-07-03 08:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A5DFB83-20F0-4394-8899-7E03B85ABB69} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-09-06] (iWin Inc.)
Task: {0AFC090D-9CF4-451E-8AEA-039D01CCE348} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {0C874735-F303-4DD4-8272-5E5C326372BB} - System32\Tasks\{D3D5C915-95EC-4536-8C7D-877469730B2B} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-05-26] (Apple Inc.)
Task: {27C1E845-C7D1-4CF6-9F1E-9977BB0779E1} - System32\Tasks\NCH Software\ExpressZipReminder => C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe [2012-09-07] (NCH Software)
Task: {2D22798F-6616-43F3-80C3-3D523468D814} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {3B943F8A-73AB-4EDD-B80B-DE0EB4E953B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {43B852A8-4A1B-4AAA-AB59-1D031A052219} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {507B08AA-27C6-402A-924F-F2F347DEE5E6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {5080902F-ACDC-4E95-987A-7EC0452431ED} - System32\Tasks\HP AR Program Upload - d78752bc5114453487cd32955c7383d37dc0c0853978464585056c0bc44cef29 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {619845EB-E7C8-4688-9D63-0F1AADCAF7F9} - System32\Tasks\4875 => Wscript.exe C:\Users\MaryAnn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6818477E-F803-419E-BBA8-50E6C165EE82} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C2FE385-0F88-40D6-9DB6-5AE6EA1B6630} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {79F4BF8F-CB40-448E-92E7-4E1BCF92DC47} - System32\Tasks\HP AR Program Upload - 97083b79c06444a6af26d5aef8686bab2c35920428dd4265815d621b993bed8b => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {86653482-ADB3-4351-8E79-DED1539040FE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {881A9678-3DB6-491A-A0B3-2145345D8D8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17] (Google Inc.)
Task: {8E2CBACA-E100-4AAC-8778-FC2672B20F07} - System32\Tasks\HP AR Program Upload - 7c819c297ab94210b43ac9403296b34ceeb3ab5312e2402e9e763996f7789174 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {95F6C405-E423-4988-8AB5-C4494970F8AC} - System32\Tasks\HP AR Program Upload - e3163a455aa744a0ac2f0b6a8b66da341d614a3bac9a451081c40687c27552e5 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9CED2F37-D2CE-4B37-AA39-B8AA18B3D9A7} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {A58F92FB-587F-4FFC-9633-11DEDB7197AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17] (Google Inc.)
Task: {ABD59C5C-E3CE-4E16-8DC2-75ACD66F9E27} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B2E7375C-58A3-4A58-9473-2D36404838B0} - System32\Tasks\Test TimeTrigger => C:\Users\MaryAnn\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {DB8496EA-F39F-447F-9A53-D709E7EC1A45} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {F3FB6307-50F4-421C-B223-03C5B7CF8623} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F49CC82C-6DD2-467A-BE11-13BBA1E68216} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {FD88B301-95AD-4F18-849B-225ACFF9A2BB} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {FDFF7CE3-1E66-4A11-AD50-756FF08D5E86} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-09 19:38 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 ____N () C:\Windows\SysWOW64\PSIService.exe
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-09-07 12:47 - 2012-09-07 12:47 - 00088064 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2009-08-19 16:49 - 2009-08-19 16:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 15:18 - 2009-02-25 15:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-03-14 10:47 - 2013-03-14 10:47 - 15500800 _____ () C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00020480 _____ () C:\Users\MaryAnn\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00069632 _____ () C:\Users\MaryAnn\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00126976 _____ () C:\Users\MaryAnn\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00159744 _____ () C:\Users\MaryAnn\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2014-02-13 04:31 - 2014-02-13 04:31 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-11-28 15:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:73BDADA8
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:F0B1838C

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MaryAnn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk => C:\Windows\pss\DING!.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MaryAnn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NexDef Plug-in.lnk => C:\Windows\pss\NexDef Plug-in.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: CPMonitor => "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
MSCONFIG\startupreg: SearchEngineProtection => C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WLSync => "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 03:26:00 AM) (Source: MsiInstaller) (EventID: 11720) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,

Error: (07/10/2014 03:25:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/07/2014 01:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953

Error: (07/07/2014 01:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9953

System errors:
=============
Error: (07/14/2014 01:03:57 PM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 01:03:41 PM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 01:03:06 PM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 01:03:06 PM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 01:03:06 PM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 10:06:40 AM) (Source: DCOM) (EventID: 10016) (User: MaryAnn-HP)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}MaryAnn-HPMaryAnnS-1-5-21-3513852268-574302107-2856833128-1000LocalHost (Using LRPC)

Error: (07/14/2014 09:40:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/09/2014 00:13:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (07/09/2014 00:13:17 PM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (07/09/2014 00:13:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (07/10/2014 03:26:00 AM) (Source: MsiInstaller) (EventID: 11720) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,  (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 03:25:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (07/10/2014 01:05:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (07/08/2014 04:42:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/07/2014 01:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9953

Error: (07/07/2014 01:16:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9953

CodeIntegrity Errors:
===================================
  Date: 2014-07-03 08:38:49.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-03 08:38:49.159
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 12279.06 MB
Available physical RAM: 8107.85 MB
Total Pagefile: 24556.3 MB
Available Pagefile: 19392.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1851.39 GB) (Free:1419 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.53 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:155.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 451EF2CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-211110854656) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002AE3F)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:02 PM

Posted 15 July 2014 - 12:49 PM

Hi Maryann,
 
Thank you for letting me know.
 
We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
iWin Toolbar for Pogo
Pando Media Booster
Pogo Games
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 15 July 2014 - 08:57 PM

ok I ran Revo and found pando and pogo games but not iwin, I did remove the both of them, then I ran adaware as instructed here is the log,

# AdwCleaner v3.215 - Report created 15/07/2014 at 21:40:37
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : MaryAnn - MARYANN-HP
# Running from : C:\Users\MaryAnn\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\MaryAnn\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje
Folder Deleted : C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [39346 octets] - [14/05/2014 09:44:37]
AdwCleaner[R1].txt - [3117 octets] - [15/07/2014 21:39:51]
AdwCleaner[S0].txt - [39247 octets] - [14/05/2014 11:43:28]
AdwCleaner[S1].txt - [2949 octets] - [15/07/2014 21:40:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3009 octets] ##########

hope this helps, I do play pogo games. Maryann

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:02 PM

Posted 16 July 2014 - 01:43 PM

Hi Maryann,
 
The removal of pogo games is more to do with the fact the client tends to bundle toolbars which are adware and is a little on the dubious side.
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Malwarebytes log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 16 July 2014 - 05:01 PM

Here is the MBAM log as per your request, as I told you tomorrow I leave on vacation until 7/28/14, I will respond back to you on that date, thank you again for all your help Maryann

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/16/2014
Scan Time: 5:05:53 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.16.09
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MaryAnn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334293
Time Elapsed: 17 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:02 PM

Posted 17 July 2014 - 12:47 PM

Hi Maryann,
 
Thank you for the reminder and for letting me know, I will not close the topic.
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • ESET log
  • New FRST log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 29 July 2014 - 04:01 PM

Hi I am back from vacation and ready to go as per our last conversation here are the two logs you requested:

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Disketch\disketch.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Disketch\disketchsetup_v3.00.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Disketch\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillion.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.02.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\burnsetup_v4.58.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\zipsetup_v2.03.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoPad\photopad.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoPad\ppadsetup_v2.22.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PhotoPad\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Pixillion\pixillion.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Pixillion\pixsetup_v2.42.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Pixillion\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\ldrtbWise.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\tbWise.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert\WiseConvertToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_B\hk64tbWise.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_B\hktbWise.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_B\ldrtbWise.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_B\prxtbWise.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WiseConvert_B\tbWise.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\APISupport.old.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Conduit\CT3196716\WiseConvertAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert\ldrtbWise.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert\tbWise.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert_B\hk64tbWise.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert_B\hktbWise.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert_B\ldrtbWise.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert_B\tbWise.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\MaryAnn\AppData\LocalLow\WiseConvert_B\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\iwintoolbarforpogo\dtuser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\iwintoolbarforpogo\uninstall.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Users\MaryAnn\AppData\Roaming\VisicomToolBar\gamesagogo_en_w3i_toolbar_3.2.0.36.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application deleted - quarantined
C:\Users\MaryAnn\Downloads\cbsidlm-tr1_13-Wedding_Slideshow_Studio-ORG-196312.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\MaryAnn\Downloads\disketchsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\MaryAnn\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen potentially unwanted application deleted - quarantined
C:\Users\MaryAnn\Pictures\New folder (2)\New Briefcase\virus removers\TOOLS\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined
L:\Documents\New folder\wpsetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
L:\TOSAVENOW\New Briefcase\virus removers\TOOLS\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined
L:\TOSAVENOW\New Briefcase (2)\virus removers`\TOOLS\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined
L:\TOSAVENOW\virus removers\TOOLS\QUAD_Registry_Cleaner_Installer.exe a variant of Win32/Adware.QUADRegClean application cleaned by deleting - quarantined

 

and frst log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by MaryAnn (administrator) on MARYANN-HP on 29-07-2014 16:41:05
Running from C:\Users\MaryAnn\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-15] (Google Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3513852268-574302107-2856833128-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\MaryAnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\MaryAnn\AppData\Local\Autobahn\nexdef.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://foxnews.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {553501A9-C52B-4BD1-BD9E-605028C6DA43} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {553501A9-C52B-4BD1-BD9E-605028C6DA43} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKCU - {A65AFE86-BC2A-4A8E-95C6-96FD76C732A4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307519&CUI=UN15700242581568411&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {FFF91399-D63C-46A7-A239-7F785DB1F413} URL = http://www.mysearchresults.com/search?c=2640&t=01&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: iWin Toolbar for Pogo -> {d925bc12-7440-413e-a040-cef15508f0c5} -> C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-23]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP",
    "hxxp://search.conduit.com/?ctid=CT3307519&SearchSource=48&CUI=UN28593735021290489&UM=2"
CHR NewTab: "chrome-extension://lonndllmbldmmoefheenkmgkencnkdkh/Search/NewTabPages/html/new_tab.html",
    "chrome-extension://gcgpmamkljeboednbnnabhdlblmfjlhg/Search/NewTabPages/html/new_tab.html",
    "chrome-extension://fdepacjoijebcfaaenjicnejghibmebp/Search/NewTabPages/html/new_tab.html"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Approve TB Plugin) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh\10.15.2.23_0\plugins/ChromeApproveTBPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (NDS PCShow Plugin) - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
CHR Plugin: (PCShow Player Plugin) - C:\Users\MaryAnn\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp [2013-04-20]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg [2013-09-03]
CHR Extension: (No Name) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh [2013-04-20]
CHR Extension: (Google Wallet) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-03-13] (Nitro PDF Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-27] (AVG Technologies)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-08-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 16:41 - 2014-07-29 16:41 - 00000000 ____D () C:\Users\MaryAnn\Desktop\FRST-OlderVersion
2014-07-29 16:40 - 2014-07-29 16:40 - 00010719 _____ () C:\Users\MaryAnn\Desktop\esetscan.txt
2014-07-16 18:00 - 2014-07-16 18:00 - 00002072 _____ () C:\Users\MaryAnn\Desktop\HPPSDr.lnk
2014-07-16 16:57 - 2014-07-16 17:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MaryAnn\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 14:37 - 2014-07-16 14:37 - 00001821 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 14:37 - 2014-07-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\Zumas Revenge.url
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\IGT Slots Aztec Temple.url
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\Bejeweled Twist.url
2014-07-15 21:25 - 2014-07-15 21:25 - 01348263 _____ () C:\Users\MaryAnn\Downloads\AdwCleaner (1).exe
2014-07-15 21:24 - 2014-07-15 21:24 - 00001302 _____ () C:\Users\MaryAnn\Desktop\Revo Uninstaller.lnk
2014-07-15 21:24 - 2014-07-15 21:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-15 21:23 - 2014-07-15 21:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryAnn\Downloads\revosetup.exe
2014-07-14 14:33 - 2014-07-14 14:33 - 00065615 _____ () C:\Users\MaryAnn\Desktop\Addition.txt
2014-07-14 14:32 - 2014-07-29 16:41 - 02093568 _____ (Farbar) C:\Users\MaryAnn\Desktop\FRST64.exe
2014-07-14 14:32 - 2014-07-29 16:41 - 00029899 _____ () C:\Users\MaryAnn\Desktop\FRST.txt
2014-07-14 14:29 - 2014-07-29 16:41 - 00000000 ____D () C:\FRST
2014-07-14 14:28 - 2014-07-14 14:28 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2014-07-14 14:28 - 2014-07-14 14:28 - 01076736 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST.exe
2014-07-14 12:58 - 2014-07-14 12:58 - 00005476 _____ () C:\Users\MaryAnn\Desktop\attach.zip
2014-07-14 10:09 - 2014-07-14 12:25 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds (1).com
2014-07-09 15:16 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 15:16 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 15:16 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:16 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 15:16 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:16 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 15:16 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:16 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 15:16 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 15:16 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 15:16 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 15:16 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 15:16 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:16 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:16 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 15:16 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:16 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 15:16 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 15:16 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:16 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 15:16 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 15:16 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 15:16 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:16 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 15:16 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 15:16 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 15:16 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 15:16 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 15:16 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 15:16 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 15:16 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 15:16 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 15:16 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 15:16 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 15:16 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 15:16 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:16 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 15:16 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:16 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 15:16 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:16 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:16 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 15:16 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 15:16 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 15:16 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:15 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:15 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:15 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 15:15 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:15 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:15 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:15 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 15:15 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:15 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 15:15 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:15 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:15 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:15 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 15:15 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 15:15 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 15:15 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 15:15 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:15 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:15 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:15 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 15:15 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 15:15 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 15:15 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 15:15 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 10:38 - 2014-07-06 10:38 - 00028083 _____ () C:\Users\MaryAnn\Desktop\DDS1.txt
2014-07-06 10:31 - 2014-07-14 12:57 - 00028662 _____ () C:\Users\MaryAnn\Desktop\dds.txt
2014-07-06 10:31 - 2014-07-14 12:57 - 00014282 _____ () C:\Users\MaryAnn\Desktop\attach.txt
2014-07-06 10:29 - 2014-07-06 10:29 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds.com
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 20:21 - 2014-07-05 20:23 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\MaryAnn\Downloads\cbSetup.exe
2014-07-05 19:50 - 2014-07-05 19:50 - 00000332 _____ () C:\Start_.cmd
2014-07-05 19:49 - 2014-07-05 19:50 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-03 08:41 - 2014-07-03 08:41 - 00029069 _____ () C:\ComboFix.txt
2014-07-03 08:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-03 08:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-03 08:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-03 08:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-03 08:08 - 2014-07-03 08:41 - 00000000 ____D () C:\Qoobox
2014-07-03 08:08 - 2014-07-03 08:40 - 00000000 ____D () C:\Windows\erdnt
2014-07-03 08:07 - 2014-07-03 08:06 - 05213907 ____R (Swearware) C:\Users\MaryAnn\Desktop\ComboFix.exe
2014-07-03 08:06 - 2014-07-03 08:06 - 05213907 ____N (Swearware) C:\Users\MaryAnn\Downloads\ComboFix.exe
2014-07-02 12:46 - 2014-07-16 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 12:46 - 2014-07-16 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2014-07-16 17:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 12:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 12:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-02 11:53 - 2014-07-02 11:53 - 00492110 _____ () C:\Users\MaryAnn\Documents\sheila offer.mht
2014-06-29 13:21 - 2014-06-29 13:21 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\MysteryTag
2014-06-29 13:20 - 2014-07-29 13:46 - 00000000 ____D () C:\Program Files (x86)\iwintoolbarforpogo

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 16:41 - 2014-07-29 16:41 - 00000000 ____D () C:\Users\MaryAnn\Desktop\FRST-OlderVersion
2014-07-29 16:41 - 2014-07-14 14:32 - 02093568 _____ (Farbar) C:\Users\MaryAnn\Desktop\FRST64.exe
2014-07-29 16:41 - 2014-07-14 14:32 - 00029899 _____ () C:\Users\MaryAnn\Desktop\FRST.txt
2014-07-29 16:41 - 2014-07-14 14:29 - 00000000 ____D () C:\FRST
2014-07-29 16:41 - 2013-02-06 19:17 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\Apple
2014-07-29 16:40 - 2014-07-29 16:40 - 00010719 _____ () C:\Users\MaryAnn\Desktop\esetscan.txt
2014-07-29 16:27 - 2011-12-17 21:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 16:20 - 2012-04-30 08:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-29 15:30 - 2011-12-07 12:14 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C1780D11-8620-4DD9-A17B-A74E1C561A43}
2014-07-29 13:46 - 2014-06-29 13:20 - 00000000 ____D () C:\Program Files (x86)\iwintoolbarforpogo
2014-07-29 10:50 - 2011-12-14 22:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-29 09:47 - 2011-12-07 13:04 - 02084745 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 09:43 - 2013-11-26 18:11 - 00000000 ____D () C:\Users\MaryAnn\Documents\Outlook Files
2014-07-29 09:43 - 2011-12-14 23:37 - 1860338688 _____ () C:\Users\MaryAnn\Downloads\backup.pst
2014-07-29 09:32 - 2011-12-20 08:27 - 00000000 ____D () C:\Users\MaryAnn\AppData\Local\B18941A0-3338-4315-B1AF-1423E476D8C6.aplzod
2014-07-29 03:01 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 03:00 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-29 03:00 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-29 01:27 - 2011-12-17 21:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 22:59 - 2013-04-26 20:20 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Skype
2014-07-28 20:47 - 2013-02-20 13:05 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-28 15:45 - 2009-07-14 00:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 15:45 - 2009-07-14 00:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 15:30 - 2011-11-28 15:30 - 00000000 ____D () C:\ProgramData\PDFC
2014-07-16 18:01 - 2013-11-25 08:56 - 00002042 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-07-16 18:00 - 2014-07-16 18:00 - 00002072 _____ () C:\Users\MaryAnn\Desktop\HPPSDr.lnk
2014-07-16 18:00 - 2013-02-07 08:56 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Nitro PDF
2014-07-16 17:48 - 2014-07-02 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 17:04 - 2014-07-16 16:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MaryAnn\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 17:04 - 2014-07-02 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 17:04 - 2014-07-02 12:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 17:04 - 2012-01-26 22:31 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 14:37 - 2014-07-16 14:37 - 00001821 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 14:37 - 2014-07-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 14:36 - 2014-07-16 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 21:49 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 21:42 - 2013-03-31 09:54 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-07-15 21:42 - 2010-11-20 23:47 - 00639338 _____ () C:\Windows\PFRO.log
2014-07-15 21:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 21:42 - 2009-07-14 00:51 - 00087303 _____ () C:\Windows\setupact.log
2014-07-15 21:40 - 2014-05-14 09:44 - 00000000 ____D () C:\AdwCleaner
2014-07-15 21:35 - 2012-08-14 08:02 - 00000000 ____D () C:\ProgramData\PogoDGC
2014-07-15 21:34 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\Zumas Revenge.url
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\IGT Slots Aztec Temple.url
2014-07-15 21:33 - 2014-07-15 21:33 - 00000062 _____ () C:\Users\Public\Desktop\Bejeweled Twist.url
2014-07-15 21:33 - 2012-08-14 08:02 - 00003364 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-07-15 21:25 - 2014-07-15 21:25 - 01348263 _____ () C:\Users\MaryAnn\Downloads\AdwCleaner (1).exe
2014-07-15 21:24 - 2014-07-15 21:24 - 00001302 _____ () C:\Users\MaryAnn\Desktop\Revo Uninstaller.lnk
2014-07-15 21:24 - 2014-07-15 21:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-15 21:24 - 2014-07-15 21:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryAnn\Downloads\revosetup.exe
2014-07-15 10:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 14:33 - 2014-07-14 14:33 - 00065615 _____ () C:\Users\MaryAnn\Desktop\Addition.txt
2014-07-14 14:28 - 2014-07-14 14:28 - 02086912 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST64.exe
2014-07-14 14:28 - 2014-07-14 14:28 - 01076736 _____ (Farbar) C:\Users\MaryAnn\Downloads\FRST.exe
2014-07-14 12:58 - 2014-07-14 12:58 - 00005476 _____ () C:\Users\MaryAnn\Desktop\attach.zip
2014-07-14 12:58 - 2012-06-30 10:37 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-07-14 12:57 - 2014-07-06 10:31 - 00028662 _____ () C:\Users\MaryAnn\Desktop\dds.txt
2014-07-14 12:57 - 2014-07-06 10:31 - 00014282 _____ () C:\Users\MaryAnn\Desktop\attach.txt
2014-07-14 12:25 - 2014-07-14 10:09 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds (1).com
2014-07-10 03:25 - 2009-07-14 00:45 - 00477736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:23 - 2014-05-03 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:23 - 2010-11-21 03:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:07 - 2011-12-07 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:06 - 2013-07-30 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:03 - 2011-12-07 18:41 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:20 - 2012-04-30 08:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:20 - 2012-04-30 08:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:20 - 2011-12-14 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 10:38 - 2014-07-06 10:38 - 00028083 _____ () C:\Users\MaryAnn\Desktop\DDS1.txt
2014-07-06 10:29 - 2014-07-06 10:29 - 00688992 ____R (Swearware) C:\Users\MaryAnn\Downloads\dds.com
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:23 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 20:23 - 2014-07-05 20:21 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\MaryAnn\Downloads\cbSetup.exe
2014-07-05 19:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-05 19:50 - 2014-07-05 19:50 - 00000332 _____ () C:\Start_.cmd
2014-07-05 19:50 - 2014-07-05 19:49 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-04 07:56 - 2014-01-05 20:16 - 00000000 ____D () C:\Users\MaryAnn\Documents\My office files
2014-07-03 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 09:04 - 2013-05-25 14:02 - 00000440 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-07-03 09:04 - 2012-10-12 15:38 - 00006668 _____ () C:\Windows\SysWOW64\userawacs.cfg
2014-07-03 09:03 - 2014-03-31 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-03 09:03 - 2013-09-25 09:31 - 00000922 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-03 08:41 - 2014-07-03 08:41 - 00029069 _____ () C:\ComboFix.txt
2014-07-03 08:41 - 2014-07-03 08:08 - 00000000 ____D () C:\Qoobox
2014-07-03 08:41 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-07-03 08:40 - 2014-07-03 08:08 - 00000000 ____D () C:\Windows\erdnt
2014-07-03 08:39 - 2009-07-13 22:34 - 00000243 _____ () C:\Windows\system.ini
2014-07-03 08:06 - 2014-07-03 08:07 - 05213907 ____R (Swearware) C:\Users\MaryAnn\Desktop\ComboFix.exe
2014-07-03 08:06 - 2014-07-03 08:06 - 05213907 ____N (Swearware) C:\Users\MaryAnn\Downloads\ComboFix.exe
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Malwarebytes
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 12:46 - 2011-12-20 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-02 11:53 - 2014-07-02 11:53 - 00492110 _____ () C:\Users\MaryAnn\Documents\sheila offer.mht
2014-07-02 11:32 - 2013-12-08 20:05 - 00000000 ____D () C:\Users\MaryAnn\Documents\sheila
2014-07-01 09:20 - 2011-12-22 08:28 - 01111552 ___SH () C:\Users\MaryAnn\Documents\Thumbs.db
2014-06-30 23:53 - 2013-01-17 00:57 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\Nitro
2014-06-29 22:09 - 2014-07-09 15:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 15:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:21 - 2014-06-29 13:21 - 00000000 ____D () C:\Users\MaryAnn\AppData\Roaming\MysteryTag

Some content of TEMP:
====================
C:\Users\MaryAnn\AppData\Local\Temp\HPPSdr.exe
C:\Users\MaryAnn\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 23:03

==================== End Of Log ============================

 

 



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:02 PM

Posted 30 July 2014 - 11:04 AM

Hi marybub,
 
Welcome back, I hope you had a good vacation.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
C:\Program Files (x86)\iwintoolbarforpogo
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\Temp:73BDADA8
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:F0B1838C
Task: {619845EB-E7C8-4688-9D63-0F1AADCAF7F9} - System32\Tasks\4875 => Wscript.exe C:\Users\MaryAnn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\MaryAnn\AppData\Local\Temp\launchie.vb
Task: {9CED2F37-D2CE-4B37-AA39-B8AA18B3D9A7} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ABD59C5C-E3CE-4E16-8DC2-75ACD66F9E27} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKCU - {A65AFE86-BC2A-4A8E-95C6-96FD76C732A4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307519&CUI=UN15700242581568411&UM=2
SearchScopes: HKCU - {FFF91399-D63C-46A7-A239-7F785DB1F413} URL = http://www.mysearchresults.com/search?c=2640&t=01&q={searchTerms}
BHO: iWin Toolbar for Pogo -> {d925bc12-7440-413e-a040-cef15508f0c5} -> C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} -  No File
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Emsisoft log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 31 July 2014 - 06:56 AM

I ran both reports as I try to post them I get this message

You have posted a message with more emoticons than this community allows. Please reduce the number of emoticons you've added to the message

I will try again individually


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2014
Ran by MaryAnn at 2014-07-30 14:32:09 Run:1
Running from C:\Users\MaryAnn\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\iwintoolbarforpogo
HKLM-x32\...\Run: [] => [X]
AlternateDataStreams: C:\ProgramData\Temp:73BDADA8
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB
AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0
AlternateDataStreams: C:\ProgramData\Temp:F0B1838C
Task: {619845EB-E7C8-4688-9D63-0F1AADCAF7F9} - System32\Tasks\4875 => Wscript.exe C:\Users\MaryAnn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\MaryAnn\AppData\Local\Temp\launchie.vb
Task: {9CED2F37-D2CE-4B37-AA39-B8AA18B3D9A7} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {ABD59C5C-E3CE-4E16-8DC2-75ACD66F9E27} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - Yahoo URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=oberhp&type=iwintoolbarforpogo
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=101&systemid=463&q={searchTerms}
SearchScopes: HKCU - {A65AFE86-BC2A-4A8E-95C6-96FD76C732A4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307519&CUI=UN15700242581568411&UM=2
SearchScopes: HKCU - {FFF91399-D63C-46A7-A239-7F785DB1F413} URL = http://www.mysearchresults.com/search?c=2640&t=01&q={searchTerms}
BHO: iWin Toolbar for Pogo -> {d925bc12-7440-413e-a040-cef15508f0c5} -> C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - C:\Program Files (x86)\iwintoolbarforpogo\encyclopediabritannicagamesbarX64.dll ()
Toolbar: HKLM-x32 - iWin Toolbar for Pogo - {d925bc12-7440-413e-a040-cef15508f0c5} - No File
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

C:\Program Files (x86)\iwintoolbarforpogo => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\ProgramData\Temp => ":73BDADA8" ADS removed successfully.
C:\ProgramData\Temp => ":9033BDFB" ADS removed successfully.
C:\ProgramData\Temp => ":A1D3FEF0" ADS removed successfully.
C:\ProgramData\Temp => ":F0B1838C" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{619845EB-E7C8-4688-9D63-0F1AADCAF7F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{619845EB-E7C8-4688-9D63-0F1AADCAF7F9}" => Key deleted successfully.
C:\Windows\System32\Tasks\4875 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4875" => Key deleted successfully.
"C:\Users\MaryAnn\AppData\Local\Temp\launchie.vb" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CED2F37-D2CE-4B37-AA39-B8AA18B3D9A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CED2F37-D2CE-4B37-AA39-B8AA18B3D9A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABD59C5C-E3CE-4E16-8DC2-75ACD66F9E27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD59C5C-E3CE-4E16-8DC2-75ACD66F9E27}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yahoo" => Key deleted successfully.
"HKCR\CLSID\Yahoo" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A65AFE86-BC2A-4A8E-95C6-96FD76C732A4}" => Key deleted successfully.
"HKCR\CLSID\{A65AFE86-BC2A-4A8E-95C6-96FD76C732A4}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFF91399-D63C-46A7-A239-7F785DB1F413}" => Key deleted successfully.
"HKCR\CLSID\{FFF91399-D63C-46A7-A239-7F785DB1F413}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d925bc12-7440-413e-a040-cef15508f0c5}" => Key deleted successfully.
"HKCR\CLSID\{d925bc12-7440-413e-a040-cef15508f0c5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d925bc12-7440-413e-a040-cef15508f0c5} => value deleted successfully.
"HKCR\CLSID\{d925bc12-7440-413e-a040-cef15508f0c5}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d925bc12-7440-413e-a040-cef15508f0c5} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{d925bc12-7440-413e-a040-cef15508f0c5}" => Key deleted successfully.
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp => Moved successfully.
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgpmamkljeboednbnnabhdlblmfjlhg => Moved successfully.
C:\Users\MaryAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lonndllmbldmmoefheenkmgkencnkdkh => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

#15 marybub

marybub
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 31 July 2014 - 07:02 AM

it will not allow me to post, the other log I will try to attach it. Maryann same error as before Attached File  a2scan_140730-144115.txt   9.21KB   2 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users