Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove: PUP.Optional.MindSpark.A


  • This topic is locked This topic is locked
93 replies to this topic

#1 jane doe

jane doe

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 18 July 2014 - 09:55 AM

I ran Malwarebytes Pro, quarantined items deleted and restarted several times (including in safe mode) but the PUPS come back. There are 143 detected "PUP.Optional.MindSpark.A"  

 

Please help!

 

Below you will find the DDS log

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by nicole at 10:38:27 on 2014-07-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3574.1075 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Acronis\Agent\agent.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Shield\shieldtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\LifeSize\Connections\LifeSizeConnections.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Users\nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Shield\shdserv.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Acronis\BackupAndRecovery\mms.exe
C:\Program Files\Shield\shieldclnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dillistone Systems\FileFinder\Dillistone.FileFinder.FE.Windows.Host.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\dSupportSuite\dSSEventSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\nicole\Desktop\Printkey.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://google.com/
mStart Page = hxxp://www.google.com
uProxyOverride = localhost
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [LifeSize Connections] "c:\program files\lifesize\connections\LifeSizeConnections.exe" -bootmode
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [LDM] c:\users\nicole\desktop\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [AppleIEDAV] c:\program files\common files\apple\internet services\AppleIEDAV.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [BackupAndRecoveryMonitor.exe] c:\program files\acronis\backupandrecovery\BackupAndRecoveryMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\common files\acronis\timounter\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [TrayMonitor.exe] c:\program files\acronis\traymonitor\TrayMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [shield] c:\program files\shield\shieldtray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [CDAServer] c:\program files\common files\common desktop agent\CDASrv.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\nicole\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\nicole\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\nicole\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A612CE0E-4F16-4598-801A-F522813264F3} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\dillistone systems\filefinder\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist remote support customer\715\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\nicole\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\nicole\appdata\local\fuze box\fuze meeting\npfuzeshare.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 Shdbus;Shdbus;c:\windows\system32\drivers\Shdbus.sys [2013-1-3 8120]
R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [2013-1-3 90680]
R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [2013-1-3 26808]
R0 Shieldm;Shieldm;c:\windows\system32\drivers\Shieldm.sys [2013-1-3 33080]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R1 MpKsle5c5db9a;MpKsle5c5db9a;c:\programdata\microsoft\microsoft antimalware\definition updates\{7bd94dad-0e8a-461b-a6db-d71cf02c5c72}\MpKsle5c5db9a.sys [2014-7-18 39464]
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files\common files\acronis\agent\agent.exe [2010-4-1 1877880]
R2 APC Data Service;APC Data Service;c:\program files\apc\powerchute personal edition\dataserv.exe [2012-1-24 21880]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2013-4-8 152576]
R2 dSSEventSvc;dSupportSuite Event Service;c:\program files\dsupportsuite\dSSEventSvc.exe [2013-9-19 318624]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-23 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-14 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-14 860472]
R2 MMS;Acronis Managed Machine Service;c:\program files\acronis\backupandrecovery\mms.exe [2010-4-1 4487384]
R2 monblanking;monblanking;c:\windows\system32\drivers\monblanking.sys [2014-4-15 29280]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104264]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-11-8 181760]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 ShieldClientService;Shield Client Service;c:\program files\shield\ShieldClnt.exe [2013-1-3 45056]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-2-15 5120]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-3 5093216]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-23 224424]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-5-23 42264]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-5-23 10136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-14 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-7-14 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-7-14 51928]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2014-5-29 160264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cleanhlp;cleanhlp;c:\program files\dsupportsuite\3rd party tools\a2cmd\cleanhlp32.sys [2014-4-15 50200]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\citrix\gotoassist remote support customer\715\g2ax_service.exe [2014-6-27 610888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-2-23 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-2-23 246272]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-4 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown MpKsl8afeb74b;MpKsl8afeb74b; [x]
.
=============== Created Last 30 ================
.
2014-07-18 12:55:27 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7bd94dad-0e8a-461b-a6db-d71cf02c5c72}\MpKsle5c5db9a.sys
2014-07-17 18:12:09 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7bd94dad-0e8a-461b-a6db-d71cf02c5c72}\mpengine.dll
2014-07-17 15:38:14 -------- d-----r- C:\Sandbox
2014-07-16 06:01:21 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2014-07-16 03:49:37 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-15 03:30:14 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-15 02:44:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 02:44:21 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 02:44:21 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-15 02:44:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-15 02:44:20 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-15 02:38:29 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-15 02:31:20 -------- d-s---w- C:\cf8675309
2014-07-15 01:37:17 -------- d-----w- c:\users\nicole\appdata\local\temp
2014-07-15 01:23:46 98816 ----a-w- c:\windows\sed.exe
2014-07-15 01:23:46 256000 ----a-w- c:\windows\PEV.exe
2014-07-15 01:23:46 208896 ----a-w- c:\windows\MBR.exe
2014-07-11 18:19:24 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bf5298de-d51f-4230-ba1a-a8e460f710e2}\gapaengine.dll
2014-07-09 07:36:40 -------- d-----w- C:\found.000
2014-07-09 05:41:51 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 05:40:54 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-24 16:56:59 -------- d-----w- c:\users\nicole\appdata\local\EEA43CAD-CC64-4D05-BEE6-83D26D11C8BA.aplzod
.
==================== Find3M  ====================
.
2014-07-09 04:23:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 04:23:12 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-25 02:06:17 626688 ----a-w- c:\windows\system32\usp10.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST500DM0 rev.KC48 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver 
1 ntkrnlpa!IofCallDriver[0x82E52BBA] -> \Device\Harddisk0\DR0[0x883D31E8]
3 CLASSPNP[0x8D29B59E] -> ntkrnlpa!IofCallDriver[0x82E52BBA] -> \Device\Ide\IAAStorageDevice-1[0x8642B028]
kernel: MBR read successfully
_asm { CLI ; JMP 0xef;  }
user != kernel MBR !!! 
copy of MBR has been found in sector 22 !
copy of MBR has been found in sector 23 !
.
============= FINISH: 10:40:15.49 ===============
 

 

 


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 09:25 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

First,
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.
Then,
Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 09:29 AM

Thank you for your response!   I will log out and back in safe mode -- Should I perform all actions in your reply above while in safe mode? 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 09:33 AM

Why in Safe Mode? Please do them in normal mode.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 09:38 AM

OK, I will do this in normal mode.  Your first reply to this post indicated I should boot into safe mode and print  the instructions... 

"my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:"



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 09:50 AM

Sorry for the misunderstanding. But there was an "if" ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 09:53 AM

ok - I will start on your instructions now :)



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 10:07 AM

Good.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 10:37 AM

OK - here you go... below are both scan logs from FRST
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by nicole (administrator) on NICOLE-PC on 21-07-2014 11:32:07
Running from C:\Users\nicole\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
() C:\Program Files\Shield\SHDSERV.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Acronis) C:\Program Files\Acronis\BackupAndRecovery\mms.exe
() C:\Program Files\Shield\ShieldClnt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Acronis) C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Shield\shieldtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(LifeSize Inc.) C:\Program Files\LifeSize\Connections\LifeSizeConnections.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Dropbox, Inc.) C:\Users\nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Windows\System32\spool\drivers\w32x86\3\ssy3cpi.exe
(Foolish IT, LLC) C:\Program Files\dSupportSuite\dSSEventSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [631816 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [LifeSize Connections] => C:\Program Files\LifeSize\Connections\LifeSizeConnections.exe [5994824 2012-04-04] (LifeSize Inc.)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [LDM] => C:\Users\nicole\Desktop\Desktop Messenger\8876480\Program\BackWeb-8876480.exe 
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2130300898-702078995-825013717-1001\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2130300898-702078995-825013717-1004\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: chkvdiskautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Dillistone Systems\FileFinder\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bn5gwpx7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\nicole\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: WOT - C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bn5gwpx7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012-06-27]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-04-19]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-27]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://news.google.com/", "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-16]
CHR Extension: (YouTube) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Gmail) - C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
 
========================== Services (Whitelisted) =================
 
R2 AcronisAgent; C:\Program Files\Common Files\Acronis\Agent\agent.exe [1877880 2010-04-01] (Acronis)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [763608 2010-04-01] (Acronis)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2013-04-08] (CrashPlan) [File not signed]
R2 dSSEventSvc; C:\Program Files\dSupportSuite\dSSEventSvc.exe [318624 2014-06-13] (Foolish IT, LLC)
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.) [File not signed]
S3 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MMS; C:\Program Files\Acronis\BackupAndRecovery\mms.exe [4487384 2010-04-01] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [181760 2012-09-17] (Samsung Electronics Co., Ltd.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-05-29] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 SHDSERV; C:\Program Files\Shield\shdserv.exe [294912 2012-11-06] () [File not signed]
R2 ShieldClientService; C:\Program Files\Shield\shieldclnt.exe [45056 2012-11-06] () [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1492344 2009-03-17] (RealVNC Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 cleanhlp; C:\Program Files\dSupportSuite\3rd Party Tools\a2cmd\cleanhlp32.sys [50200 2014-04-15] (Emsisoft GmbH)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2748064 2009-11-17] (Realtek Semiconductor Corp.)
U0 jjfnjrvh; C:\Windows\System32\drivers\nocrvdf.sys [52440 2014-07-21] (Malwarebytes Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36608 2006-01-20] (Logitech, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl90b52234; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12985DD9-04FE-4907-9D71-AF19A1A5B2A2}\MpKsl90b52234.sys [39464 2014-07-21] (Microsoft Corporation)
R1 MpKsle4f16704; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12985DD9-04FE-4907-9D71-AF19A1A5B2A2}\MpKsle4f16704.sys [39464 2014-07-21] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [160264 2014-05-29] (Sandboxie Holdings, LLC)
R0 Shdbus; C:\Windows\system32\Drivers\Shdbus.sys [8120 2012-11-06] () [File not signed]
R0 Shield; C:\Windows\system32\Drivers\Shield.sys [90680 2012-11-06] () [File not signed]
R0 Shieldf; C:\Windows\system32\Drivers\Shieldf.sys [26808 2012-11-06] () [File not signed]
R0 Shieldm; C:\Windows\system32\Drivers\Shieldm.sys [33080 2012-11-06] () [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2012-02-15] (Samsung Electronics) [File not signed]
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2009-03-17] (RealVNC Ltd.)
S3 catchme; \??\C:\Users\nicole\AppData\Local\Temp\catchme.sys [X]
U2 KillEmAllPlusService; 
S3 L8042Kbd; System32\Drivers\L8042Kbd.sys [X]
S3 L8042mou; System32\Drivers\L8042mou.sys [X]
S3 LMouKE; System32\Drivers\LMouKE.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 11:32 - 2014-07-21 11:32 - 00023251 _____ () C:\Users\nicole\Downloads\FRST.txt
2014-07-21 11:14 - 2014-07-21 11:14 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\nocrvdf.sys
2014-07-21 10:57 - 2014-07-21 11:32 - 00000000 ____D () C:\FRST
2014-07-21 10:56 - 2014-07-21 10:56 - 01080320 _____ (Farbar) C:\Users\nicole\Downloads\FRST.exe
2014-07-21 10:02 - 2014-07-21 10:04 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-21 10:00 - 2014-07-21 10:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-21 10:00 - 2014-07-21 10:00 - 10279264 _____ (SurfRight B.V.) C:\Users\nicole\Downloads\HitmanPro (1).exe
2014-07-21 09:59 - 2014-07-21 10:00 - 10279264 _____ (SurfRight B.V.) C:\Users\nicole\Downloads\HitmanPro.exe
2014-07-21 09:57 - 2014-07-21 09:57 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (5).exe
2014-07-21 09:56 - 2014-07-21 09:57 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (4).exe
2014-07-21 09:56 - 2014-07-21 09:56 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (3).exe
2014-07-21 09:53 - 2014-07-21 09:53 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216 (2).exe
2014-07-21 09:53 - 2014-07-21 09:53 - 00513552 _____ (Popeler · sl) C:\Users\nicole\Downloads\AdwCleaner (2).exe
2014-07-21 09:52 - 2014-07-21 09:52 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216 (1).exe
2014-07-21 09:48 - 2014-07-21 09:48 - 00001127 _____ () C:\Users\nicole\Desktop\7.21.14 AdwCleaner[S1].txt
2014-07-21 09:41 - 2014-07-21 09:41 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (1).exe
2014-07-21 09:40 - 2014-07-21 09:40 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216.exe
2014-07-21 08:46 - 2014-07-21 08:46 - 00000182 _____ () C:\Users\nicole\Desktop\ESETScan.txt
2014-07-18 15:15 - 2014-07-18 15:17 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu (2).exe
2014-07-18 15:15 - 2014-07-18 15:15 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu (1).exe
2014-07-18 14:41 - 2014-07-18 14:41 - 00000000 ____D () C:\Program Files\ESET
2014-07-18 14:40 - 2014-07-18 14:40 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu.exe
2014-07-18 14:39 - 2014-07-18 14:39 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT (2).exe
2014-07-18 14:39 - 2014-07-18 14:39 - 00000634 _____ () C:\Users\nicole\Desktop\JRT.txt
2014-07-18 14:33 - 2014-07-18 14:33 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT (1).exe
2014-07-18 14:18 - 2014-07-18 14:19 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT.exe
2014-07-18 14:09 - 2014-07-18 14:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nicole\Downloads\tdsskiller (1).exe
2014-07-18 14:07 - 2014-07-18 14:07 - 00000000 ___HD () C:\Users\nicole\AppData\Local\dvmexptemp
2014-07-18 14:07 - 2014-07-18 14:07 - 00000000 ___HD () C:\Users\nicole\AppData\Local\dvmexp
2014-07-18 13:58 - 2014-07-18 13:58 - 00003880 _____ () C:\Users\nicole\Desktop\AdwCleaner[R0].txt
2014-07-18 13:55 - 2014-07-21 09:43 - 00000000 ____D () C:\AdwCleaner
2014-07-18 13:55 - 2014-07-18 13:55 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner.exe
2014-07-18 13:46 - 2014-07-18 13:46 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-18 13:39 - 2014-07-18 13:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nicole\Downloads\tdsskiller.exe
2014-07-18 13:39 - 2014-07-18 13:39 - 00043309 _____ () C:\Users\nicole\Desktop\Result.txt
2014-07-18 13:38 - 2014-07-18 13:39 - 00043309 _____ () C:\Users\nicole\Downloads\Result.txt
2014-07-18 13:37 - 2014-07-18 13:37 - 00401920 _____ (Farbar) C:\Users\nicole\Downloads\MiniToolBox.exe
2014-07-18 10:40 - 2014-07-18 10:42 - 00025061 _____ () C:\Users\nicole\Desktop\dds.txt
2014-07-18 10:40 - 2014-07-18 10:41 - 00017526 _____ () C:\Users\nicole\Desktop\attach.txt
2014-07-18 10:36 - 2014-07-18 10:36 - 00688992 ____R (Swearware) C:\Users\nicole\Downloads\dds (1).com
2014-07-18 10:35 - 2014-07-18 10:35 - 00688992 _____ (Swearware) C:\Users\nicole\Downloads\dds.com
2014-07-17 14:01 - 2014-07-17 16:32 - 00000442 _____ () C:\Users\nicole\Desktop\updating emails for constant contacts.txt
2014-07-17 11:38 - 2014-07-17 11:38 - 00000000 ___RD () C:\Sandbox
2014-07-16 16:04 - 2014-07-16 16:04 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 16:04 - 2014-07-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 16:03 - 2014-07-21 11:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 16:03 - 2014-07-21 10:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 16:03 - 2014-07-16 16:04 - 00000000 ____D () C:\Program Files\Google
2014-07-16 02:01 - 2014-07-16 02:01 - 00031616 _____ () C:\Windows\system32\FoolishEventLogMsgHelper.dll
2014-07-14 23:31 - 2014-07-14 23:31 - 00000000 ____D () C:\Windows\Sun
2014-07-14 23:31 - 2014-07-14 23:31 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Oracle
2014-07-14 23:30 - 2014-07-14 23:30 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-14 23:30 - 2014-07-14 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-14 23:19 - 2014-07-14 23:19 - 00918440 _____ (Oracle Corporation) C:\Users\nicole\Downloads\jre-7u60-windows-i586-iftw.exe
2014-07-14 23:17 - 2014-07-14 23:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-14 23:14 - 2014-07-14 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-14 22:44 - 2014-07-21 10:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 22:44 - 2014-07-14 22:44 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 22:44 - 2014-05-12 07:55 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 22:44 - 2014-05-12 07:54 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 22:44 - 2014-05-12 07:54 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-14 22:31 - 2014-07-14 22:31 - 00000000 ___SD () C:\cf8675309
2014-07-14 21:23 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-14 21:23 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-14 21:23 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-14 21:23 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-14 21:23 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-14 21:23 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-14 21:23 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-14 21:23 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-14 21:22 - 2014-07-21 08:55 - 00000000 ____D () C:\Windows\erdnt
2014-07-10 09:29 - 2014-07-10 09:32 - 00005281 _____ () C:\Windows\system32\jupdate-1.7.0_55-b15.log
2014-07-10 09:17 - 2014-07-10 09:17 - 00000164 _____ () C:\Users\nicole\Desktop\computer towers.txt
2014-07-09 03:36 - 2014-07-09 03:36 - 00000000 ____D () C:\found.000
2014-07-09 01:42 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 01:42 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 01:42 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 01:42 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 01:42 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 01:42 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 01:42 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 01:42 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 01:42 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 01:42 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 01:42 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 01:42 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 01:42 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 01:42 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 01:42 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 01:42 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 01:42 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 01:42 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 01:42 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 01:42 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 01:42 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 01:42 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 01:42 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 01:42 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 01:42 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 01:42 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 01:42 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 01:42 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 01:42 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 01:42 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 01:41 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 01:41 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 01:41 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 01:41 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 01:41 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 01:40 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-27 09:56 - 2014-06-27 09:56 - 00001548 _____ () C:\Users\nicole\Desktop\GoToAssist Customer.lnk
2014-06-27 09:56 - 2014-06-27 09:56 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-24 12:56 - 2014-07-21 11:26 - 00000000 ____D () C:\Users\nicole\AppData\Local\EEA43CAD-CC64-4D05-BEE6-83D26D11C8BA.aplzod
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 11:32 - 2014-07-21 11:32 - 00023251 _____ () C:\Users\nicole\Downloads\FRST.txt
2014-07-21 11:32 - 2014-07-21 10:57 - 00000000 ____D () C:\FRST
2014-07-21 11:30 - 2013-03-25 11:08 - 00000000 ____D () C:\Users\nicole\Documents\Outlook Files
2014-07-21 11:30 - 2013-02-25 11:36 - 157975552 _____ () C:\Users\nicole\Desktop\ARCHIVE.pst
2014-07-21 11:26 - 2014-06-24 12:56 - 00000000 ____D () C:\Users\nicole\AppData\Local\EEA43CAD-CC64-4D05-BEE6-83D26D11C8BA.aplzod
2014-07-21 11:23 - 2014-06-10 11:23 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2130300898-702078995-825013717-1001.job
2014-07-21 11:23 - 2012-04-11 08:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 11:14 - 2014-07-21 11:14 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\nocrvdf.sys
2014-07-21 11:14 - 2009-07-14 03:50 - 00000000 ____D () C:\Windows\CSC
2014-07-21 11:08 - 2014-07-16 16:03 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 11:03 - 2011-03-03 13:59 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\TeraCopy
2014-07-21 10:56 - 2014-07-21 10:56 - 01080320 _____ (Farbar) C:\Users\nicole\Downloads\FRST.exe
2014-07-21 10:49 - 2011-03-08 23:19 - 01366171 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 10:49 - 2009-07-14 00:34 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 10:49 - 2009-07-14 00:34 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 10:46 - 2014-01-24 15:39 - 00000000 ___RD () C:\Users\nicole\Dropbox
2014-07-21 10:46 - 2014-01-24 14:32 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\DropboxMaster
2014-07-21 10:46 - 2014-01-24 14:32 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Dropbox
2014-07-21 10:45 - 2014-07-14 22:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 10:41 - 2014-07-16 16:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 10:41 - 2014-03-23 01:00 - 00002978 _____ () C:\Windows\setupact.log
2014-07-21 10:41 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 10:40 - 2013-09-24 11:57 - 00415804 _____ () C:\Windows\PFRO.log
2014-07-21 10:38 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Globalization
2014-07-21 10:27 - 2014-07-21 10:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-21 10:04 - 2014-07-21 10:02 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-21 10:00 - 2014-07-21 10:00 - 10279264 _____ (SurfRight B.V.) C:\Users\nicole\Downloads\HitmanPro (1).exe
2014-07-21 10:00 - 2014-07-21 09:59 - 10279264 _____ (SurfRight B.V.) C:\Users\nicole\Downloads\HitmanPro.exe
2014-07-21 09:57 - 2014-07-21 09:57 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (5).exe
2014-07-21 09:57 - 2014-07-21 09:56 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (4).exe
2014-07-21 09:56 - 2014-07-21 09:56 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (3).exe
2014-07-21 09:53 - 2014-07-21 09:53 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216 (2).exe
2014-07-21 09:53 - 2014-07-21 09:53 - 00513552 _____ (Popeler · sl) C:\Users\nicole\Downloads\AdwCleaner (2).exe
2014-07-21 09:52 - 2014-07-21 09:52 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216 (1).exe
2014-07-21 09:48 - 2014-07-21 09:48 - 00001127 _____ () C:\Users\nicole\Desktop\7.21.14 AdwCleaner[S1].txt
2014-07-21 09:43 - 2014-07-18 13:55 - 00000000 ____D () C:\AdwCleaner
2014-07-21 09:41 - 2014-07-21 09:41 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner (1).exe
2014-07-21 09:40 - 2014-07-21 09:40 - 01354223 _____ () C:\Users\nicole\Downloads\adwcleaner_3.216.exe
2014-07-21 08:55 - 2014-07-14 21:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-21 08:46 - 2014-07-21 08:46 - 00000182 _____ () C:\Users\nicole\Desktop\ESETScan.txt
2014-07-21 00:01 - 2013-09-19 20:41 - 00000000 ____D () C:\Program Files\dSupportSuite
2014-07-18 15:17 - 2014-07-18 15:15 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu (2).exe
2014-07-18 15:15 - 2014-07-18 15:15 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu (1).exe
2014-07-18 14:41 - 2014-07-18 14:41 - 00000000 ____D () C:\Program Files\ESET
2014-07-18 14:40 - 2014-07-18 14:40 - 02347384 _____ (ESET) C:\Users\nicole\Downloads\esetsmartinstaller_enu.exe
2014-07-18 14:39 - 2014-07-18 14:39 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT (2).exe
2014-07-18 14:39 - 2014-07-18 14:39 - 00000634 _____ () C:\Users\nicole\Desktop\JRT.txt
2014-07-18 14:33 - 2014-07-18 14:33 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT (1).exe
2014-07-18 14:19 - 2014-07-18 14:18 - 01016261 _____ (Thisisu) C:\Users\nicole\Downloads\JRT.exe
2014-07-18 14:09 - 2014-07-18 14:09 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nicole\Downloads\tdsskiller (1).exe
2014-07-18 14:07 - 2014-07-18 14:07 - 00000000 ___HD () C:\Users\nicole\AppData\Local\dvmexptemp
2014-07-18 14:07 - 2014-07-18 14:07 - 00000000 ___HD () C:\Users\nicole\AppData\Local\dvmexp
2014-07-18 13:58 - 2014-07-18 13:58 - 00003880 _____ () C:\Users\nicole\Desktop\AdwCleaner[R0].txt
2014-07-18 13:55 - 2014-07-18 13:55 - 01354223 _____ () C:\Users\nicole\Downloads\AdwCleaner.exe
2014-07-18 13:46 - 2014-07-18 13:46 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-18 13:39 - 2014-07-18 13:39 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nicole\Downloads\tdsskiller.exe
2014-07-18 13:39 - 2014-07-18 13:39 - 00043309 _____ () C:\Users\nicole\Desktop\Result.txt
2014-07-18 13:39 - 2014-07-18 13:38 - 00043309 _____ () C:\Users\nicole\Downloads\Result.txt
2014-07-18 13:37 - 2014-07-18 13:37 - 00401920 _____ (Farbar) C:\Users\nicole\Downloads\MiniToolBox.exe
2014-07-18 10:42 - 2014-07-18 10:40 - 00025061 _____ () C:\Users\nicole\Desktop\dds.txt
2014-07-18 10:41 - 2014-07-18 10:40 - 00017526 _____ () C:\Users\nicole\Desktop\attach.txt
2014-07-18 10:36 - 2014-07-18 10:36 - 00688992 ____R (Swearware) C:\Users\nicole\Downloads\dds (1).com
2014-07-18 10:35 - 2014-07-18 10:35 - 00688992 _____ (Swearware) C:\Users\nicole\Downloads\dds.com
2014-07-17 16:32 - 2014-07-17 14:01 - 00000442 _____ () C:\Users\nicole\Desktop\updating emails for constant contacts.txt
2014-07-17 11:38 - 2014-07-17 11:38 - 00000000 ___RD () C:\Sandbox
2014-07-17 10:29 - 2011-12-15 11:45 - 00000175 _____ () C:\Users\nicole\Desktop\researchers addresses.txt
2014-07-17 10:18 - 2013-12-06 12:35 - 00001298 _____ () C:\Users\nicole\Desktop\bills.txt
2014-07-16 16:04 - 2014-07-16 16:04 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 16:04 - 2014-07-16 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 16:04 - 2014-07-16 16:03 - 00000000 ____D () C:\Program Files\Google
2014-07-16 16:03 - 2011-11-08 13:12 - 00000000 ____D () C:\Users\nicole\AppData\Local\Google
2014-07-16 16:03 - 2011-03-21 14:54 - 00000000 ____D () C:\Users\nicole\AppData\Local\Deployment
2014-07-16 16:03 - 2011-03-21 14:54 - 00000000 ____D () C:\Users\nicole\AppData\Local\Apps\2.0
2014-07-16 14:46 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-16 14:03 - 2013-12-11 04:02 - 00683870 _____ () C:\Windows\IE11_main.log
2014-07-16 02:01 - 2014-07-16 02:01 - 00031616 _____ () C:\Windows\system32\FoolishEventLogMsgHelper.dll
2014-07-15 11:49 - 2011-03-08 20:04 - 00004722 _____ () C:\Windows\Sandboxie.ini
2014-07-14 23:37 - 2012-04-30 22:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-14 23:31 - 2014-07-14 23:31 - 00000000 ____D () C:\Windows\Sun
2014-07-14 23:31 - 2014-07-14 23:31 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Oracle
2014-07-14 23:30 - 2014-07-14 23:30 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-14 23:30 - 2014-07-14 23:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-14 23:30 - 2014-07-14 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-14 23:19 - 2014-07-14 23:19 - 00918440 _____ (Oracle Corporation) C:\Users\nicole\Downloads\jre-7u60-windows-i586-iftw.exe
2014-07-14 23:17 - 2014-07-14 23:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-14 23:17 - 2011-03-06 23:38 - 00000000 ____D () C:\Users\nicole\AppData\Local\Mozilla
2014-07-14 23:17 - 2011-03-06 23:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-07-14 23:14 - 2014-07-14 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-14 22:44 - 2014-07-14 22:44 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 22:31 - 2014-07-14 22:31 - 00000000 ___SD () C:\cf8675309
2014-07-14 21:37 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2014-07-14 21:35 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-14 21:34 - 2013-09-24 14:36 - 00000000 ____D () C:\Users\melanie
2014-07-14 21:34 - 2011-03-02 23:43 - 00000000 ____D () C:\Users\nicole
2014-07-14 20:48 - 2014-05-16 14:28 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-14 20:48 - 2011-03-03 21:59 - 00000000 ____D () C:\Users\RollbackRx
2014-07-14 20:48 - 2011-03-02 19:37 - 00000000 ____D () C:\Users\_Admin_
2014-07-14 20:48 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Default
2014-07-14 11:33 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 13:47 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\addins
2014-07-10 13:30 - 2013-02-22 15:48 - 00000000 ____D () C:\Users\nicole\Desktop\Nicole
2014-07-10 09:36 - 2013-11-07 16:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-10 09:32 - 2014-07-10 09:29 - 00005281 _____ () C:\Windows\system32\jupdate-1.7.0_55-b15.log
2014-07-10 09:32 - 2012-02-26 12:19 - 00000000 ____D () C:\Program Files\Java
2014-07-10 09:28 - 2011-03-06 23:02 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Malwarebytes
2014-07-10 09:28 - 2011-03-06 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 09:17 - 2014-07-10 09:17 - 00000164 _____ () C:\Users\nicole\Desktop\computer towers.txt
2014-07-09 03:42 - 2009-07-14 00:33 - 00398920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:36 - 2014-07-09 03:36 - 00000000 ____D () C:\found.000
2014-07-09 03:25 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 00:23 - 2012-04-11 08:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 00:23 - 2011-06-02 00:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-27 09:56 - 2014-06-27 09:56 - 00001548 _____ () C:\Users\nicole\Desktop\GoToAssist Customer.lnk
2014-06-27 09:56 - 2014-06-27 09:56 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-27 09:56 - 2011-03-21 12:10 - 00000000 ____D () C:\Users\nicole\AppData\Local\Citrix
2014-06-27 09:56 - 2011-03-21 12:10 - 00000000 ____D () C:\Program Files\Citrix
2014-06-27 09:03 - 2014-03-13 10:31 - 00000562 _____ () C:\Users\nicole\Desktop\canned text - MTG - per your conversation.txt
2014-06-26 09:52 - 2013-11-08 01:34 - 00000000 ____D () C:\Users\nicole\Documents\Scan
2014-06-24 12:56 - 2012-09-10 14:34 - 00000000 ____D () C:\Users\nicole\AppData\Roaming\Apple Computer
 
Files to move or delete:
====================
C:\Users\nicole\en_res.dll
C:\Users\nicole\es_res.dll
C:\Users\nicole\fr_res.dll
C:\Users\nicole\gotomypc_540.exe
C:\Users\nicole\grm_res.dll
C:\Users\nicole\it_res.dll
C:\Users\nicole\jp_res.dll
C:\Users\nicole\mfc80u.dll
C:\Users\nicole\msvcr80.dll
C:\Users\nicole\PCPE Setup.exe
C:\Users\nicole\Printkey.exe
C:\Users\nicole\pt_res.dll
C:\Users\nicole\ru_res.dll
C:\Users\nicole\zh_res.dll
 
 
Some content of TEMP:
====================
C:\Users\nicole\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphua67s.dll
C:\Users\nicole\AppData\Local\temp\Quarantine.exe
C:\Users\nicole\AppData\Local\temp\SandboxieInstall.exe
C:\Users\nicole\AppData\Local\temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-14 10:54
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by nicole at 2014-07-21 11:33:17
Running from C:\Users\nicole\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Acronis Backup & Recovery 10 Tray Monitor (HKLM\...\{07F6BABF-0653-41A0-BCB7-8C2148AD2F1A}) (Version: 10.0.11639 - Acronis)
Acronis Backup & Recovery 10 Upgrade Tool (HKLM\...\{0665E2D2-2CF0-47C3-A0BA-11DCEFB0636F}) (Version: 10.0.11639 - Acronis)
Acronis Backup & Recovery 10 Agent (HKLM\...\{878CE295-04CC-4E9F-88ED-8B475826CA08}) (Version: 10.0.11639 - Acronis)
Acronis Backup & Recovery 10 Bootable Media Builder (HKLM\...\{549A7C7E-6A55-4838-83CB-C2879C661F45}) (Version: 10.0.11639 - Acronis)
Acronis Backup & Recovery 10 Standalone Management Console (HKLM\...\{4FB3E151-3AFE-458B-8DE8-D8913CCB2527}) (Version: 10.0.11639 - Acronis)
Acronis Backup & Recovery 10 Universal Restore (HKLM\...\{CB64E215-F6BB-4BB4-8039-9F800C80B211}) (Version: 10.0.11639 - Acronis)
Adobe Acrobat X Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 4.0 (HKLM\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BowdlerTechSupportSuite (HKLM\...\{657CC843-63D6-4F42-BEC4-F86D48996EC6}_is1) (Version:  - BowdlerTech)
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Constant Contact QuickImport v2 for Outlook (HKLM\...\{ABA21F31-80C0-4726-852D-7505D07152DE}) (Version: 2.7.0 - Constant Contact)
CrashPlan (HKLM\...\{42E52398-5674-414E-892C-907BF65CA46E}) (Version: 3.5.3 - CrashPlan)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version:  - Microsoft)
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.154 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.00.154 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileFinder (HKLM\...\{7612F37A-8D51-4FA0-9BBC-E7ACADBF1F48}) (Version: 10.6.9 - Dillistone Systems)
FileFinder 10 Admin (HKLM\...\{E4AC30B8-168A-4D21-8C26-0AD8D02FD982}) (Version: 10.6.9 - Dillistone Systems)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Customer 2.1.0.715 (HKLM\...\GoToAssist Express Customer) (Version: 2.1.0.715 - Citrix Online)
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0 - Dell) Hidden
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.0.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LifeSize Connections (HKLM\...\LifeSize Connections) (Version: 1.1 (7547) - LifeSize Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
PowerChute Personal Edition 3.0.2 (HKLM\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Reader 2.1 (HKLM\...\Reader2.1) (Version: 2.1.2.1143 - Dell Inc.)
Reader 2.1 (Version: 2.1.2.1143 - Dell Inc.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5876 - Realtek Semiconductor Corp.)
Rollback Rx (HKLM\...\Rollback Rx) (Version: 9.1.0.0 - www.horizon-datasys.com)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung CLX-6260 Series (HKLM\...\Samsung CLX-6260 Series) (Version: 1.05 (10/16/2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.04.12 (9/5/2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.02.70.02(9/21/2012) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.06.34 (9/4/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.20.03 - Samsung Electronics Co., Ltd.) Hidden
Sandboxie 4.12 (32-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.4001) (HKLM\...\Secunia PSI) (Version: 3.0.0.4001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Surround MP4 Tool 3.4.2 (HKLM\...\Surround MP4 Tool) (Version: 3.4.2 - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{150A0FF0-AF69-4132-BD93-1E34F63FC8A3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VNC Enterprise Edition E4.5 (HKLM\...\RealVNC_is1) (Version: E4.5 - RealVNC Ltd.)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.6.0 (HKLM\...\VNCPrinter_is1) (Version: 1.6.0 - RealVNC Ltd.)
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.601  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WOT for Internet Explorer (HKLM\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:04 - 2014-07-16 15:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0D50112C-04FB-4381-9832-FD027F67B6AF} - System32\Tasks\ccleaner => C:\Program Files\CCleaner\CCleaner.exe
Task: {13C566D3-2502-4964-8C37-917683DA7B1C} - System32\Tasks\{51D496D9-B877-4AA6-BD63-0C68F10F2AF4} => C:\Program Files\Dillistone Systems\FileFinder\Dillistone.FileFinder.FE.Windows.Host.exe [2013-08-15] (Dillistone Systems)
Task: {3AC2C4D2-20B9-4710-80DB-78B7964B98D0} - System32\Tasks\MTB-Acronis-FULL-SNAPSHOT-INCREMENTAL => C:\usr\local\NICOLE-PC\scripts\AcronisUtil\MTB-Acronis-FULL-SNAPSHOT-INCREMENTAL.bat [2011-04-07] ()
Task: {4546BFDB-BA26-461E-96C5-3A83CFA601AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {4ACFE9C5-3163-48DE-A07D-7D5496B7F3AF} - System32\Tasks\{D48BBA25-DCE0-431B-B1BD-72EF53362227} => C:\Program Files\Dillistone Systems\FileFinder\Dillistone.FileFinder.FE.Windows.Host.exe [2013-08-15] (Dillistone Systems)
Task: {6B5B1C23-6640-487F-A1A3-6D09D1F80ED4} - System32\Tasks\BowdlerTechSupportSuite - Maintenance Task => C:\Program Files\dSupportSuite\dSupportSuite.exe [2014-06-13] (Foolish IT LLC)
Task: {791B5CBF-9596-448F-ABB9-7BE86291C0CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {7B13F24A-BF2C-4600-AE1F-4F6932CD2D41} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {B7B34C4D-DEB6-4751-AAB5-99AFB54B04F5} - System32\Tasks\_Backit-SharedDocs-EOM => F:\.archive\shared-docs\MTB-Backit\_Backit-SharedDocs-EOM.bat [2011-03-29] ()
Task: {D3050321-1300-460D-8ABE-4060D19AA7B4} - System32\Tasks\RollbackRx Hourly => C:\usr\local\NICOLE-PC\scripts\rollbackrx\MTB-RollbackRxSnap.bat [2010-05-01] ()
Task: {DC2EB175-D9F0-47FF-88C4-A8769FB02F95} - System32\Tasks\MTB-Acronis-FULL-SNAPSHOT => C:\usr\local\NICOLE-PC\scripts\AcronisUtil\MTB-Acronis-FULL-SNAPSHOT.bat [2011-04-05] ()
Task: {DFDD4048-ED21-4CA4-95DD-019B326331AF} - System32\Tasks\BowdlerTechSupportSuite - System Restore Point 0 => C:\Program Files\dSupportSuite\dSupportSuite.exe [2014-06-13] (Foolish IT LLC)
Task: {E2590DB0-957D-4FC4-BA41-38DA4DE27D30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {ECCBA4E1-3961-4443-B3FE-D21EDA2C17C4} - System32\Tasks\G2MUpdateTask-S-1-5-21-2130300898-702078995-825013717-1001 => C:\Users\nicole\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F34FF23A-05C8-4D47-A3C6-CC33BF24FC8D} - System32\Tasks\BowdlerTechSupportSuite - Heartbeat => C:\Program Files\dSupportSuite\dSupportSuite.exe [2014-06-13] (Foolish IT LLC)
Task: {FDED5CFF-E537-4777-925F-7FB19BAC3C3D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2130300898-702078995-825013717-1001.job => C:\Users\nicole\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-16 20:23 - 2009-03-17 00:04 - 00026624 _____ () C:\Windows\System32\VNCpm.dll
2013-05-30 07:52 - 2013-05-30 11:52 - 00024064 _____ () C:\Windows\System32\ssy3clm.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-08 19:35 - 2013-04-08 19:35 - 00013312 _____ () C:\Program Files\CrashPlan\md5.dll
2014-02-27 05:52 - 2014-02-27 05:52 - 00197120 _____ () C:\Program Files\CrashPlan\cpnative.dll
2013-01-03 21:17 - 2012-11-06 11:08 - 00077824 ____N () C:\Program Files\Shield\idle.dll
2011-03-03 13:59 - 2009-06-22 00:26 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2013-01-03 21:17 - 2012-11-06 11:11 - 00040960 ____N () C:\Program Files\Shield\shieldshell.dll
2013-01-03 21:17 - 2012-11-06 11:12 - 00294912 ____N () C:\Program Files\Shield\shdserv.exe
2013-01-03 21:17 - 2012-11-06 11:07 - 00143360 ____N () C:\Program Files\Shield\shdapi.dll
2013-01-03 21:17 - 2012-11-06 11:07 - 00155648 ____N () C:\Program Files\Shield\schedule.dll
2013-01-03 21:17 - 2012-11-06 11:07 - 00028672 ____N () C:\Program Files\Shield\shdservps.dll
2010-03-31 23:49 - 2010-03-31 23:49 - 00209808 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2010-03-31 23:49 - 2010-03-31 23:49 - 00281200 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2010-04-01 00:18 - 2010-04-01 00:18 - 00422768 _____ () C:\Program Files\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2013-01-03 21:17 - 2012-11-06 11:08 - 00045056 ____N () C:\Program Files\Shield\shieldclnt.exe
2013-01-03 21:17 - 2012-11-06 11:08 - 00757848 ____N () C:\Program Files\Shield\client.dll
2014-02-13 04:46 - 2014-02-13 04:46 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2011-02-23 22:21 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-11-17 12:35 - 2010-11-17 12:35 - 00514544 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-25 00:44 - 2010-11-25 00:44 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2013-01-03 21:17 - 2012-11-06 11:12 - 03519544 ____N () C:\Program Files\Shield\shieldtray.exe
2013-01-03 21:17 - 2012-11-06 11:07 - 00196608 ____N () C:\Program Files\Shield\ps.dll
2012-02-20 23:22 - 2012-02-20 23:22 - 00344064 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-02-20 23:22 - 2012-02-20 23:22 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-04-04 16:55 - 2012-04-04 16:55 - 00042520 _____ () C:\Program Files\LifeSize\Connections\SDL.dll
2012-04-04 16:56 - 2012-04-04 16:56 - 01013344 _____ () C:\Program Files\LifeSize\Connections\vpxmd.dll
2012-04-04 16:56 - 2012-04-04 16:56 - 00198768 _____ () C:\Program Files\LifeSize\Connections\g7221.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-07-21 10:46 - 2014-07-21 10:46 - 00043008 _____ () c:\users\nicole\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphua67s.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\nicole\AppData\Roaming\Dropbox\bin\libcef.dll
2013-05-30 07:52 - 2013-05-30 11:52 - 00234032 _____ () C:\windows\system32\spool\drivers\w32x86\3\ssy3cpi.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D7Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dSSEventSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\D7Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dSSEventSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2014 10:45:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleIEDAV.exe, version: 1.2.12.0, time stamp: 0x52867716
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0005663b
Faulting process id: 0x3ac
Faulting application start time: 0xAppleIEDAV.exe0
Faulting application path: AppleIEDAV.exe1
Faulting module path: AppleIEDAV.exe2
Report Id: AppleIEDAV.exe3
 
Error: (07/21/2014 10:13:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\nicole\Downloads\HitmanPro.exe ; Description = Checkpoint by HitmanPro; Error = 0x8004231f).
 
Error: (07/21/2014 10:11:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0x80000003
Fault offset: 0x004aa883
Faulting process id: 0x1d80
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (07/21/2014 09:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleIEDAV.exe, version: 1.2.12.0, time stamp: 0x52867716
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00057092
Faulting process id: 0x10e4
Faulting application start time: 0xAppleIEDAV.exe0
Faulting application path: AppleIEDAV.exe1
Faulting module path: AppleIEDAV.exe2
Report Id: AppleIEDAV.exe3
 
Error: (07/21/2014 09:01:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleIEDAV.exe, version: 1.2.12.0, time stamp: 0x52867716
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00057092
Faulting process id: 0x1884
Faulting application start time: 0xAppleIEDAV.exe0
Faulting application path: AppleIEDAV.exe1
Faulting module path: AppleIEDAV.exe2
Report Id: AppleIEDAV.exe3
 
Error: (07/21/2014 06:48:06 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},004B6570).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:48:05 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0048C860).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:30:55 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},004DCD20).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:30:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},004DCD20).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:13:42 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},004B30F0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
System errors:
=============
Error: (07/21/2014 11:08:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:45:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:45:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:44:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:44:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:43:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The dSupportSuite Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/21/2014 10:41:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (07/21/2014 10:40:43 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.
 
Error: (07/21/2014 10:40:22 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (07/21/2014 10:40:22 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.
 
 
Microsoft Office Sessions:
=========================
Error: (07/21/2014 10:45:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.1.7601.18247521ea91cc00000050005663b3ac01cfa4f2646c3d32C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\Windows\SYSTEM32\ntdll.dllb4ba71df-10e5-11e4-ad84-782bcb87b088
 
Error: (07/21/2014 10:13:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\nicole\Downloads\HitmanPro.exe Checkpoint by HitmanPro0x8004231f
 
Error: (07/21/2014 10:11:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8ad80000003004aa8831d8001cfa4ea7e283910C:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\36.0.1985.125\chrome.dllde2c4cf2-10e0-11e4-b1fa-782bcb87b088
 
Error: (07/21/2014 09:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.1.7601.18247521ea91cc00000050005709210e401cfa4ea36a9bdf4C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\Windows\SYSTEM32\ntdll.dll91dec9a0-10dd-11e4-b1fa-782bcb87b088
 
Error: (07/21/2014 09:01:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.1.7601.18247521ea91cc000000500057092188401cfa4e3c83ab5ebC:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\Windows\SYSTEM32\ntdll.dll13e84b01-10d7-11e4-967a-782bcb87b088
 
Error: (07/21/2014 06:48:06 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},004B6570)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:48:05 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0048C860)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:30:55 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},004DCD20)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:30:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},004DCD20)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (07/21/2014 06:13:42 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},004B30F0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 3574.36 MB
Available physical RAM: 2207.25 MB
Total Pagefile: 7147 MB
Available Pagefile: 5581.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.96 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.9 GB) (Free:70.18 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:0.69 GB) NTFS
Drive f: (BACKUP) (Fixed) (Total:1863.01 GB) (Free:303.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 74B8E46E)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 10:38 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 11:06 AM

Here is the Adware log: 

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 11:45:11
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : nicole - NICOLE-PC
# Running from : C:\Users\nicole\Downloads\AdwCleaner (9).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bn5gwpx7.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3880 octets] - [18/07/2014 13:55:56]
AdwCleaner[R1].txt - [1063 octets] - [21/07/2014 09:42:10]
AdwCleaner[R2].txt - [1184 octets] - [21/07/2014 11:42:18]
AdwCleaner[R3].txt - [1244 octets] - [21/07/2014 11:43:41]
AdwCleaner[S0].txt - [4161 octets] - [18/07/2014 13:59:53]
AdwCleaner[S1].txt - [1127 octets] - [21/07/2014 09:43:35]
AdwCleaner[S2].txt - [1168 octets] - [21/07/2014 11:45:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1228 octets] ##########


#12 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 11:12 AM

Here is the mbam log: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/21/2014
Scan Time: 11:53:43 AM
Logfile: mbam 7.21.14.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.21.05
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: nicole
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458150
Time Elapsed: 16 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 18
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\thirdpartyinstallers, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\gen1, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\ie9mesg, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\message, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\settings, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\settings, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\myfuncards_5m, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\myfuncards_5m\cache, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
 
Files: 125
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\bootstrap.js, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome.manifest, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\install.rdf, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\installkeys.js, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome\5mffxtbr.jar, No Action By User, [00a1b2ee017ab2842ffb0ca2fb07be42], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmlbtn.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mauxstb.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbar.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbarsvc.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbprtct.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbrmon.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbrstub.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdatact.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdlghk.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdyn.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mfeedmg.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhighin.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhkstub.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhtmlmu.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhttpct.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5midle.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mieovr.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mimpipe.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmedint.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmsg.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mplugin.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mradio.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mregfft.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mreghk.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mregiet.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mscript.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mskin.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msknlcr.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mskplay.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msrcas.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msrchmn.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mtpinst.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5muabtn.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\bootstrap.js, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome.manifest, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\crext.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\crextp5m.exe, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\install.rdf, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\installkeys.js, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\logo.bmp, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\np5mstub.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8extex.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8extpex.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8html.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8res.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8ticker.dll, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome\5mffxtbr.jar, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\gen1\common.t8s, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\ie9mesg\common.t8s, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\message\common.t8s, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\settings\s_pid.dat, No Action By User, [277a5a46e29950e6033687270ef449b7], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ldb.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lobm.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\btmarrow.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\cancel.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\config.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\continue.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\dispatch.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\divider.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\gcancel.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\index.htm, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\infobar.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\jquery.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\la.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lbcs.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lbms.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lca.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcfc.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcm.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcs.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcso.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lctn.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ldbg.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lddg.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lff.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lffb.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lg.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lgs.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lgw.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lha.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lhp.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lia.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\liwon.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lkazulah.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmd.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmfc.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmh.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmma.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmosh.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmwf.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmws.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\loryte.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lpss.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lqc.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrb.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrg.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrr.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lsc.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lscr.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lsi.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lssd.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ltrs.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ltvf.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lvs.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lwb.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lwf.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lzwinky.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ok.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\overlay.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\pid.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\qstring.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\shield.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\spacer.swf, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\toolbar.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\yelgrey.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\yellowbg.png, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.css, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.htm, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.js, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\settings\s_ie9mrd.dat, No Action By User, [cad789176e0dd85e82f9744151b1c43c], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\afd.sys, Replace-on-Reboot, [9ebbba55060f786f0fcaa3893bfa2806], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\cng.sys, Replace-on-Reboot, [247b4ce2dab1160cd422d532d5241e1f], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\Diskdump.sys, Replace-on-Reboot, [d0f0d7a97c90fe72a79732812e65f822], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\drmk.sys, Replace-on-Reboot, [27f9288af019e6daca281ede51ff5928], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys, Replace-on-Reboot, [16498ebc04ae9dd07049a8884b205c05], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys, Replace-on-Reboot, [cb7a9abb12b8415bce5d74994c7ba3ae], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\FWPKCLNT.SYS, Replace-on-Reboot, [aab149ee616952bb84308c28e75ed20d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 11:14 AM

Please follow my instructions carefully and remove what MBAM found.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 11:19 AM

I removed the files after exporting the log. However, mbam didn't require a reboot and I know that it normally does. I'm now about to run JRT and then FRST again.



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:56 AM

Posted 21 July 2014 - 12:25 PM

OK can you confirm that MBAM comes back clean after a new scan? I wait for further logs.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users