Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is wrong with Internet Explorer - possible damage due to forme Virus??


  • This topic is locked This topic is locked
38 replies to this topic

#1 cook2465

cook2465

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 03 October 2014 - 02:50 PM

I have gone through my maching with two other techs from this website - who were wonderful.  They say my machine is clean.  However, I have had issues with IE 11 running on Windows 7 64-bit.

 

It started partway through the first session, resolved then started again, resolved mid-session of session 2 and then yesterday it started up again. 

 

The issue is, when I open IE it says IE has stopped working (or my last session stopped unexpectedly) and has to close.  They only way I can get on and browse the internet is to go through InPrivate browsing.  Not much of an issue except that it causes me to do a few extra clicks. What bothers me is  - is this a cause of the Crack/hacker one of the other users brought into my computer that was removed in my first session on bleeping computer.  Below are links to the two former sessions for your information:

 

 

http://www.bleepingcomputer.com/forums/t/548594/id-like-to-make-sure-my-computer-is-clean/

 

http://www.bleepingcomputer.com/forums/t/549834/lets-look-deeper/

 

Thank you for any help you can offer!

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 07 October 2014 - 10:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I looked at your other FRST logs and there is possibly some left over that should have been removed.

I need a fresh log to evaluate further.
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 08 October 2014 - 06:43 PM

Please forgive my silence!  I have been away on business.  Thank you for your patience.  I will run the first steps now.



#4 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 08 October 2014 - 06:48 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Cook (administrator) on COOK-PC on 08-10-2014 19:45:50
Running from E:\
Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
Platform: Windows 7 Home Premium N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG Family Safety] => C:\Program Files (x86)\AVG\AVG Family Safety\BsecTray.exe
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [BringMeSports EPM Support] => "C:\PROGRA~2\BRINGM~2\bar\1.bin\1cmedint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-10] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol System Monitor] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [533568 2014-04-22] (BillP Studios)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [Google Update] => C:\Users\Cook\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-11] (Google Inc.)
HKU\S-1-5-21-3903621085-115719457-3043737636-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.hushmail.com/preview/hushmail/#folder/Inbox
https://www.facebook.com/
https://www.registrationconnection.com/profile/web/index.cfm?PKwebID=0x6461f0ab
https://www.google.com/calendar/render
http://www.bleepingcomputer.com/forums/index.php?app=core&module=usercp&tab=core&area=notifications
SearchScopes: HKCU - {6DC72A3E-7128-4BBC-B29E-5FFB5B819C5F} URL = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130519,0,0,25,7635
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Cook\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Cook\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cook\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-10] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-03] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [283032 2014-03-31] ()
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-10] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22664 2013-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-10] ()
S3 BSecACFltr; C:\Windows\System32\DRIVERS\BSecACFltr.sys [22832 2011-06-14] () [File not signed]
S3 BSecACFltr; C:\Windows\SysWOW64\DRIVERS\BSecACFltr.sys [21624 2011-06-14] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2013-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 cpuz134; \??\C:\Users\Cook\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\Internet Explorer\SABProcEnum.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 19:45 - 2014-10-08 19:45 - 00000000 ____D () C:\FRST
2014-10-01 15:24 - 2014-10-01 15:24 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Mozilla
2014-10-01 09:41 - 2014-10-01 09:41 - 00000000 ____D () C:\Program Files\WOT
2014-10-01 09:41 - 2014-10-01 09:41 - 00000000 ____D () C:\Program Files (x86)\WOT
2014-10-01 09:40 - 2014-10-01 09:41 - 01822720 _____ () C:\Users\Cook\Downloads\WOT-latest-en-x64.msi
2014-10-01 09:34 - 2014-10-01 09:35 - 00001985 _____ () C:\DelFix.txt
2014-10-01 09:25 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 09:25 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 09:11 - 2014-10-01 09:16 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-10-01 09:10 - 2014-10-01 09:16 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-29 16:05 - 2014-09-29 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-26 14:01 - 2014-09-26 14:01 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2014-09-26 14:01 - 2014-09-26 14:01 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:34 - 2014-09-25 14:34 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 14:32 - 2014-09-25 14:32 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-25 14:32 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-25 14:31 - 2014-09-25 14:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 15:29 - 2014-09-23 15:29 - 27864920 _____ (Riot Games) C:\Users\Anna\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-09-23 15:18 - 2014-10-01 15:31 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Riot Games
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\AVAST Software
2014-09-23 15:13 - 2014-09-23 15:13 - 00000000 ____D () C:\Users\Anna\AppData\Local\Wondershare
2014-09-23 13:17 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 13:17 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 07:07 - 2014-09-22 07:07 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-09-21 09:02 - 2014-09-21 09:02 - 00000000 ____D () C:\Users\Cook\Documents\Michael
2014-09-20 11:30 - 2014-09-20 11:30 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Riot Games
2014-09-19 09:44 - 2014-09-19 09:44 - 00000228 _____ () C:\Windows\SysWOW64\debug.log
2014-09-19 08:06 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-19 08:06 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-18 18:45 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-18 18:45 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-18 18:45 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-18 18:45 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-18 18:45 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-18 18:45 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-18 18:45 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-18 18:45 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-18 18:45 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-18 18:45 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-18 18:45 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-17 17:33 - 2014-09-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-17 17:27 - 2014-09-26 14:02 - 00000165 _____ () C:\Windows\Reimage.ini
2014-09-16 19:57 - 2014-10-01 09:34 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 09:42 - 2014-09-19 07:42 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-15 08:23 - 2014-09-19 07:42 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1000
2014-09-13 22:16 - 2014-09-13 22:16 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVAST Software
2014-09-13 03:12 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:12 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:12 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:12 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:12 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:12 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:12 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:12 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:12 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:12 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:12 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:12 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:12 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:12 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:12 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:12 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:12 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:12 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:12 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:12 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:12 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:12 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:12 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:12 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:12 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:12 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:12 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:12 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:12 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:12 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 08:22 - 2014-09-12 08:22 - 00003112 _____ () C:\Windows\System32\Tasks\{0A93DFAC-B0D1-4DB5-A5E5-85FE7C7F42EA}
2014-09-12 07:06 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 07:06 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 07:06 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 07:06 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 07:05 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 07:05 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 07:05 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 07:05 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 07:05 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 17:13 - 2014-09-11 17:13 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Compete
2014-09-11 17:12 - 2014-09-11 17:12 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Itibiti
2014-09-11 17:11 - 2014-09-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-09-11 17:09 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Soya Mail
2014-09-11 17:09 - 2014-09-11 17:09 - 00000000 ____D () C:\ProgramData\regid.1995-09.com.example
2014-09-11 14:27 - 2014-09-11 20:22 - 00000000 ____D () C:\Users\Cook\Documents\The Final Scene
2014-09-10 21:00 - 2014-02-19 01:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\ATL90.dll
2014-09-10 08:35 - 2014-09-10 08:35 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 08:34 - 2014-09-10 08:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 08:32 - 2014-09-10 08:32 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\AVAST Software
2014-09-10 08:30 - 2014-09-10 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 08:29 - 2014-10-06 15:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 08:29 - 2014-09-10 08:35 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 08:29 - 2014-09-10 08:35 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 19:44 - 2013-11-05 12:56 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000UA.job
2014-10-08 19:44 - 2013-11-05 12:56 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1000Core.job
2014-10-08 19:34 - 2012-11-30 20:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007UA.job
2014-10-08 19:33 - 2012-04-05 18:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 19:29 - 2013-01-14 22:43 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005UA.job
2014-10-08 19:20 - 2012-12-26 10:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 19:20 - 2012-12-26 10:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 19:13 - 2013-10-17 15:35 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003UA.job
2014-10-08 18:50 - 2014-07-10 10:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-08 15:17 - 2012-03-12 08:49 - 01083721 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 14:13 - 2013-10-17 15:35 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1003Core.job
2014-10-08 13:29 - 2013-01-14 22:43 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1005Core.job
2014-10-08 09:59 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 09:59 - 2009-07-14 00:50 - 00020928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 08:34 - 2012-11-30 20:34 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3903621085-115719457-3043737636-1007Core.job
2014-10-07 11:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 11:41 - 2009-07-14 00:56 - 00160718 _____ () C:\Windows\setupact.log
2014-10-03 18:18 - 2012-04-03 10:06 - 00000000 ____D () C:\Users\Cook\AppData\Local\CrashDumps
2014-10-02 18:07 - 2014-02-25 12:04 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\MediaMonkey
2014-10-02 17:40 - 2012-03-17 13:00 - 03644526 _____ () C:\Windows\PFRO.log
2014-10-02 16:33 - 2012-10-07 21:15 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5055FE43-DE42-4BE4-85A3-253099ABBAFA}
2014-10-02 15:56 - 2014-08-12 20:31 - 00000000 ____D () C:\Users\Cook\Documents\Grand Connection
2014-10-01 15:22 - 2012-06-01 07:07 - 00000278 __RSH () C:\Users\Anna\ntuser.pol
2014-10-01 15:22 - 2012-05-31 21:48 - 00000000 ____D () C:\Users\Anna
2014-10-01 10:10 - 2012-10-17 21:45 - 00000000 ____D () C:\Program Files (x86)\Real
2014-10-01 10:10 - 2012-10-17 21:44 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Real
2014-10-01 10:10 - 2012-09-10 22:17 - 00000000 ____D () C:\ProgramData\Real
2014-10-01 09:39 - 2013-05-07 13:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-30 09:46 - 2012-10-02 18:12 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Mozilla
2014-09-30 09:39 - 2009-07-14 01:12 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-30 09:35 - 2013-03-13 13:19 - 00000008 __RSH () C:\Users\Cook\ntuser.pol
2014-09-30 09:35 - 2012-03-12 17:53 - 00000000 ____D () C:\Users\Cook
2014-09-30 09:33 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-29 16:02 - 2014-07-10 08:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 14:34 - 2012-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:31 - 2012-03-17 22:43 - 00000000 ____D () C:\ProgramData\Apple
2014-09-24 18:36 - 2012-05-14 11:39 - 00000000 ____D () C:\Users\Cook\Documents\Recipes
2014-09-24 09:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 16:21 - 2012-06-01 07:14 - 00000000 ____D () C:\Users\Anna\AppData\Local\CrashDumps
2014-09-23 15:13 - 2013-09-01 20:48 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2013-09-01 20:47 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3903621085-115719457-3043737636-1007
2014-09-23 15:13 - 2012-05-31 21:50 - 00110328 _____ () C:\Users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 17:03 - 2012-03-13 12:31 - 00110328 _____ () C:\Users\Cook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 17:02 - 2009-07-14 00:50 - 00418248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 16:57 - 2009-07-13 22:34 - 00000665 _____ () C:\Windows\win.ini
2014-09-22 16:53 - 2012-04-23 14:07 - 00786474 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-22 07:05 - 2013-04-22 14:39 - 00000000 ____D () C:\Users\Cook\Documents\Virus Info
2014-09-22 02:42 - 2012-03-12 18:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 00:09 - 2013-04-22 14:40 - 00000000 ____D () C:\Users\Cook\Documents\Matthew
2014-09-21 00:08 - 2012-04-25 17:59 - 00000000 ____D () C:\Users\Cook\Documents\Caroline
2014-09-20 23:59 - 2014-09-05 15:42 - 00000000 ____D () C:\Riot Games
2014-09-20 18:05 - 2012-05-31 19:46 - 00000000 ____D () C:\Users\Mike
2014-09-19 09:44 - 2012-03-17 23:40 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Adobe
2014-09-18 19:06 - 2013-03-12 21:05 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-09-18 17:32 - 2014-08-13 18:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 17:29 - 2012-05-31 19:47 - 00110328 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 15:15 - 2013-05-14 21:00 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Riot Games
2014-09-17 18:18 - 2009-07-13 22:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_740
2014-09-17 17:21 - 2012-03-12 20:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 17:20 - 2013-06-13 13:43 - 00000000 ____D () C:\download
2014-09-17 17:12 - 2012-07-10 18:46 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-09-17 17:12 - 2009-07-14 01:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 17:11 - 2014-05-09 15:54 - 00000000 ____D () C:\Users\Cook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-17 17:08 - 2013-11-13 17:48 - 00000000 ____D () C:\ProgramData\Big Fish
2014-09-17 17:07 - 2014-04-29 15:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-17 17:04 - 2012-03-31 12:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-17 09:23 - 2014-06-20 12:30 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 08:32 - 2012-03-17 16:41 - 00000000 ____D () C:\Program Files (x86)\CMMFS 2007
2014-09-16 20:16 - 2013-05-08 20:25 - 00002149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-15 22:25 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-15 20:57 - 2012-03-18 09:16 - 00000000 ____D () C:\Users\Cook\AppData\Local\Google
2014-09-13 22:18 - 2012-05-31 20:07 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-09-13 03:15 - 2012-03-12 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 03:10 - 2013-08-15 09:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:10 - 2013-05-08 20:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 03:10 - 2013-05-08 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 03:01 - 2012-03-12 18:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 03:00 - 2014-05-07 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 08:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-12 08:28 - 2012-10-15 15:56 - 00000000 ____D () C:\Users\Cook\AppData\Local\Unity
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-11 20:40 - 2012-07-31 21:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-11 20:24 - 2009-07-14 01:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{BDF256EE-292E-4963-84D8-E71715E4D166}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{A494BE66-E69A-41E9-A2FE-4EDBD6B80570}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{4912538D-53F0-4B18-9DF2-EFBBAAC0DDE6}
2014-09-11 20:23 - 2012-07-25 15:48 - 00000000 __HDC () C:\ProgramData\{1F34AB84-82BF-430B-8958-5A34483DA776}
2014-09-11 20:22 - 2012-05-31 21:52 - 00000000 ____D () C:\Users\Anna\AppData\Local\Google
2014-09-11 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-11 11:45 - 2013-06-25 16:06 - 00000000 ____D () C:\Users\Anna\AppData\Local\CRE
2014-09-10 21:44 - 2012-03-18 09:16 - 00000000 ____D () C:\Program Files\Google
2014-09-10 21:40 - 2012-04-03 09:50 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 10:20 - 2014-01-17 09:01 - 00000000 ____D () C:\ProgramData\Google
2014-09-10 08:49 - 2014-09-03 14:29 - 00000000 ____D () C:\Users\Cook\AppData\Local\Adobe
2014-09-10 08:49 - 2012-04-05 18:21 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 08:49 - 2012-04-05 18:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 08:49 - 2012-03-18 09:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 08:39 - 2014-01-09 18:27 - 00000000 ____D () C:\Users\Cook\Documents\Montreal 2014 Vacation
2014-09-10 08:35 - 2012-03-12 19:33 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 08:18 - 2012-03-12 19:11 - 00000000 ____D () C:\ProgramData\AVAST Software

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-06 17:36

==================== End Of Log ============================



#5 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 08 October 2014 - 06:50 PM

There was no Addition.txt created since I have run this program in the past.  Do you want to see the original one created 9/29?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 09 October 2014 - 08:55 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll No File
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
    CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
    S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
    S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
    S3 cpuz134; \??\C:\Users\Cook\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    S3 SABProcEnum; \??\C:\Program Files (x86)\Internet Explorer\SABProcEnum.sys [X]
    S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
    S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?

    p.s.
    If IE is still giving you problems try this.

    Open Internet Explorer:
    Menu > Tools > Internet Options > General Tab.
    Click the Reset button on the bottom of the pane.
    Click the Apply button.
    Close IE.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 18 October 2014 - 09:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#8 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,256 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:05:35 PM

Posted 20 October 2014 - 12:07 PM

This topic has been re-opened at the request of the person who originally posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 20 October 2014 - 12:48 PM

I'm listening.

#10 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 20 October 2014 - 02:10 PM

Thank you!  Again, I'm sorry for the delay - I was gone for a week before I saw your most recent response.  I will do your instructions above and when complete will post the proper logs, etc.  Thank you for your patience and re-opening this thread.



#11 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 20 October 2014 - 02:56 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01
Ran by Cook at 2014-10-20 15:24:40 Run:1
Running from E:\
Loaded Profile: Cook (Available profiles: Cook & Mike & Anna)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
CHR HKLM-x32\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx []
S2 Bsecure; C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S3 cpuz134; \??\C:\Users\Cook\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 SABProcEnum; \??\C:\Program Files (x86)\Internet Explorer\SABProcEnum.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

End
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc" => Key deleted successfully.
"C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc" => Key deleted successfully.
"C:\Users\Cook\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx" => File/Directory not found.
Bsecure => Service deleted successfully.
ReimageRealTimeProtector => Service deleted successfully.
cpuz134 => Service deleted successfully.
EagleX64 => Service deleted successfully.
MREMP50 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
SABProcEnum => Service deleted successfully.
wacommousefilter => Service deleted successfully.
wacomvhid => Service deleted successfully.

==== End of Fixlog ====



#12 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 20 October 2014 - 03:03 PM

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 11.7.700.169 Flash Player out of Date! 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#13 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 20 October 2014 - 03:15 PM

You asked how the computer is running - my IE is still not working only if I right click and choose InPrivate browsing.  Otherwise it states htat the last session ended unexpectedly and needs to restart, but then crashes.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 PM

Posted 21 October 2014 - 09:06 AM

InPrivate: frequently asked questions

http://windows.microsoft.com/en-ca/windows/inprivate-faq#1TC=windows-7

Turn it off

#15 cook2465

cook2465
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:35 PM

Posted 21 October 2014 - 09:52 AM

Before I do this, can I ask you - no matter how I attempt to connect via IE, I constantly get the message:  Internet Explorer has stopped working, it is checking to see if there is a solution.  Something has gone wrong and IE has to shut down.  I cannot get online unless I choose to do InPrivate when right clicking on it.  I don't want to make it that I cant get online to fix everything  Please adivse...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users