Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove Adchoices


  • This topic is locked This topic is locked
13 replies to this topic

#1 lauralana9

lauralana9

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 November 2014 - 05:53 PM

I cannot seem to remove Adchoices. Have tried running the usual things and nothing finds anything wrong with my computer. Everytime I use firefox it shows up. It's driving me nuts, any help is appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18595  BrowserJavaVersion: 10.65.2
Run by Bean at 17:43:48 on 2014-11-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8085.6073 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\1427961602142334736423 : DHCPNameServer = 192.168.240.1
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\35D434752425134335D2E443F51405 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8C5589CB-E80F-4E22-99CF-753F642C33F0} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-15 20464]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-12-8 67584]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [2014-8-21 51016]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2013-12-8 1131008]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-12-9 72216]
R2 Mobizen plugin;Mobizen plugin;C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [2014-9-29 3327424]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-31 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-31 18973144]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-31 411936]
R3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2014-9-17 31744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-9-17 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-9-17 36352]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-7-15 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-7-15 84608]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-15 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-15 795632]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-11-8 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-31 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-31 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-8-15 2152736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-12-8 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 kc02us_bus;KYOCERA USB Composite Device KC02US Driver;C:\Windows\System32\drivers\kc02us_bus64.sys [2012-9-28 51608]
S3 kc02us_serd;KYOCERA USB KC02US Serial Port Driver;C:\Windows\System32\drivers\kc02us_serd64.sys [2012-9-28 66968]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-18 77592]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-18 13080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-12-3 1105000]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-7 30208]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2014-7-15 116296]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-7 1255736]
.
=============== Created Last 30 ================
.
2014-11-12 14:35:50    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-12 14:28:54    98816    ----a-w-    C:\Windows\sed.exe
2014-11-12 14:28:54    256000    ----a-w-    C:\Windows\PEV.exe
2014-11-12 14:28:54    208896    ----a-w-    C:\Windows\MBR.exe
2014-11-09 06:11:31    --------    d-----w-    C:\Program Files (x86)\Lame For Audacity
2014-11-01 04:49:21    --------    d-----w-    C:\Users\Bean\AppData\Roaming\com.live365.client.desktop.Player
2014-11-01 04:49:12    --------    d-----w-    C:\Program Files (x86)\Live365
2014-11-01 04:44:21    --------    d-----w-    C:\Program Files (x86)\Audacity
2014-10-30 16:30:40    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-26 05:54:11    --------    d-----w-    C:\Program Files\SequoiaView
2014-10-23 15:52:46    0    ---ha-w-    C:\Users\Bean\AppData\Local\BIT9185.tmp
2014-10-22 00:57:21    --------    d-----w-    C:\Program Files (x86)\Microsoft ASP.NET
2014-10-22 00:57:20    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-10-22 00:57:20    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-22 00:54:30    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-22 00:54:30    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-22 00:54:06    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-22 00:54:06    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-21 23:02:38    --------    d-----w-    C:\Users\Bean\AppData\Roaming\CDisplayEx
2014-10-21 23:02:34    --------    d-----w-    C:\Program Files\CDisplayEx
.
==================== Find3M  ====================
.
2014-11-12 13:11:32    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 02:05:59    276480    ----a-w-    C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42    507392    ----a-w-    C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-10-01 15:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-24 04:02:33    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-24 04:00:04    47616    ----a-w-    C:\Windows\System32\mshta.exe
2014-09-24 03:59:46    174592    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-24 03:59:10    1538048    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-24 03:40:34    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-24 03:38:03    50176    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-09-24 03:37:53    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-24 03:37:11    1466368    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-24 01:00:11    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-24 00:24:25    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-17 04:47:52    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-17 04:47:52    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-21 20:23:25    1002728    ----a-w-    C:\Windows\System32\WinUSBCoInstaller2.dll
.
============= FINISH: 17:43:54.66 ===============
 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:38 AM

Posted 18 November 2014 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555882 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 lauralana9

lauralana9
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 18 November 2014 - 01:36 PM

Adchoices keeps showing up in my firefox browser.  I ran ccleaner and malwarebytes. A friend tried a few things but I don't know what they were.

I may have a windows disk in storage but am unsure.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.18595  BrowserJavaVersion: 10.65.2
Run by Bean at 13:31:50 on 2014-11-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8085.6100 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\qBittorrent\qbittorrent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\xplorer2\xplorer2_64.exe
C:\Program Files (x86)\Media\VLC\vlc.exe
C:\Program Files (x86)\Mozilla\Thunderbird\thunderbird.exe
C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\1427961602142334736423 : DHCPNameServer = 192.168.240.1
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\35D434752425134335D2E443F51405 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{5A5036DD-69BB-487C-AE65-720A824EE5BB}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8C5589CB-E80F-4E22-99CF-753F642C33F0} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-8-15 20464]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-12-8 67584]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [2014-10-29 56648]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2013-12-8 1131008]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-12-9 72216]
R2 Mobizen plugin;Mobizen plugin;C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [2014-9-29 3327424]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-31 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-7-31 18973144]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-31 411936]
R3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2014-9-17 31744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-9-17 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-9-17 36352]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-7-15 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-7-15 84608]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-8-15 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-8-15 795632]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-11-8 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-31 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-7-31 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-8-15 2152736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2013-12-8 25832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 kc02us_bus;KYOCERA USB Composite Device KC02US Driver;C:\Windows\System32\drivers\kc02us_bus64.sys [2012-9-28 51608]
S3 kc02us_serd;KYOCERA USB KC02US Serial Port Driver;C:\Windows\System32\drivers\kc02us_serd64.sys [2012-9-28 66968]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-18 77592]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-18 13080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2010-12-3 1105000]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-12-7 30208]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2014-7-15 116296]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-7 1255736]
.
=============== Created Last 30 ================
.
2014-11-18 05:24:45    --------    d-----w-    C:\Program Files (x86)\HE Auto Launcher
2014-11-18 05:09:32    --------    d-----w-    C:\Users\Bean\AppData\Local\HeroEngine
2014-11-18 05:09:28    --------    d-----w-    C:\Program Files (x86)\HeroEngine
2014-11-18 02:48:13    --------    d-----w-    C:\Users\Bean\AppData\Local\CrashDumps
2014-11-15 23:54:07    34808    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-12 23:49:25    --------    d-----w-    C:\Users\Bean\AppData\Local\Unity
2014-11-12 14:35:50    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-12 14:28:54    98816    ----a-w-    C:\Windows\sed.exe
2014-11-12 14:28:54    256000    ----a-w-    C:\Windows\PEV.exe
2014-11-12 14:28:54    208896    ----a-w-    C:\Windows\MBR.exe
2014-11-09 06:11:31    --------    d-----w-    C:\Program Files (x86)\Lame For Audacity
2014-11-01 04:49:21    --------    d-----w-    C:\Users\Bean\AppData\Roaming\com.live365.client.desktop.Player
2014-11-01 04:49:12    --------    d-----w-    C:\Program Files (x86)\Live365
2014-11-01 04:44:21    --------    d-----w-    C:\Program Files (x86)\Audacity
2014-10-30 16:30:40    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-26 05:54:11    --------    d-----w-    C:\Program Files\SequoiaView
2014-10-23 15:52:46    0    ---ha-w-    C:\Users\Bean\AppData\Local\BIT9185.tmp
2014-10-22 00:57:21    --------    d-----w-    C:\Program Files (x86)\Microsoft ASP.NET
2014-10-22 00:57:20    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-10-22 00:57:20    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-22 00:54:30    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-22 00:54:30    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-22 00:54:06    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-22 00:54:06    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-21 23:02:38    --------    d-----w-    C:\Users\Bean\AppData\Roaming\CDisplayEx
2014-10-21 23:02:34    --------    d-----w-    C:\Program Files\CDisplayEx
.
==================== Find3M  ====================
.
2014-11-14 00:09:35    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 02:05:59    276480    ----a-w-    C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42    507392    ----a-w-    C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-10-01 15:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 15:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 15:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-24 04:02:33    1188864    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-24 04:00:04    47616    ----a-w-    C:\Windows\System32\mshta.exe
2014-09-24 03:59:46    174592    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-24 03:59:10    1538048    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-24 03:40:34    981504    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-24 03:38:03    50176    ----a-w-    C:\Windows\SysWow64\mshta.exe
2014-09-24 03:37:53    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-24 03:37:11    1466368    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-24 01:00:11    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-24 00:24:25    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-17 04:47:52    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-17 04:47:52    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-21 20:23:25    1002728    ----a-w-    C:\Windows\System32\WinUSBCoInstaller2.dll
.
============= FINISH: 13:31:55.21 ===============
 


Edited by lauralana9, 18 November 2014 - 06:23 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 AM

Posted 19 November 2014 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #5 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 19 November 2014 - 12:28 PM

    # AdwCleaner v4.101 - Report created 19/11/2014 at 12:23:34
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-16.1 [Live]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Bean - BEAN-PC
    # Running from : C:\Users\Bean\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7601.18595


    -\\ Mozilla Firefox v33.1 (x86 en-US)


    -\\ Google Chrome v38.0.2125.111


    *************************

    AdwCleaner[R7].txt - [784 octets] - [19/11/2014 12:22:33]
    AdwCleaner[S3].txt - [706 octets] - [19/11/2014 12:23:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [765 octets] ##########
     



    #6 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 19 November 2014 - 12:31 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
    Ran by Bean (administrator) on BEAN-PC on 19-11-2014 12:25:44
    Running from C:\Users\Bean\Desktop
    Loaded Profile: Bean (Available profiles: Bean)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
    (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
    (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
    (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-08] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
    HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
    ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB2810D58FACCF01
    HKU\S-1-5-21-3650247778-461816680-1906852284-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\S-1-5-21-3650247778-461816680-1906852284-1000 -> DefaultScope {B65270D8-5888-49AA-919B-10B085E0B109} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3650247778-461816680-1906852284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3650247778-461816680-1906852284-1000 -> {B65270D8-5888-49AA-919B-10B085E0B109} URL = https://www.google.com/search?q={searchTerms}
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: E:\Internet Temp Data\Mozilla\Firefox\Survey
    FF Homepage: hxxp://www.swagbucks.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Utilities\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\Media\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\Media\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3650247778-461816680-1906852284-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: E:\Internet Temp Data\Mozilla\Firefox\Survey\searchplugins\trovi-search.xml
    FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17]
    FF Extension: Muter - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\muter@yxl.name [2014-08-03]
    FF Extension: selectivecookiedelete - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\selectivecookiedelete@siju.mathew [2014-08-03]
    FF Extension: Toolbar Buttons - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2014-11-17]
    FF Extension: Forecastfox - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-08-03]
    FF Extension: ColorfulTabs - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
    FF Extension: Add Bookmark Here ² - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\abhere2@moztw.org.xpi [2014-08-03]
    FF Extension: feedly - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\feedly@devhd.xpi [2014-08-03]
    FF Extension: HTML5 Media Player - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\html5player@horning.us.xpi [2014-08-03]
    FF Extension: Reddit Enhancement Suite - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-08-03]
    FF Extension: MAFIAAFire Redirector - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\MafiaaFire@mafiaafire.com.xpi [2014-08-03]
    FF Extension: NoSquint - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\nosquint@urandom.ca.xpi [2014-08-03]
    FF Extension: Secure Password Generator - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\password.generator@kolya.ca.xpi [2014-08-03]
    FF Extension: Remember Passwords - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi [2014-08-03]
    FF Extension: Saved Password Editor - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-08-03]
    FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\shopearn@prodege.com.xpi [2014-08-03]
    FF Extension: Social Fixer - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\socialfixer@mattkruse.com.xpi [2014-08-20]
    FF Extension: Session Manager - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-03]
    FF Extension: Copy As Plain Text - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2014-08-03]
    FF Extension: Google Shortcuts - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2014-08-05]
    FF Extension: Download Status Bar - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-03]
    FF Extension: Password Exporter - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-08-03]
    FF Extension: Adblock Plus - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-03]
    FF Extension: Greasemonkey - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-08-03]
    FF Extension: Download Manager Tweak - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2014-08-03]
    FF Extension: Firefox 2, the theme, reloaded - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2014-08-05]
    FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17]
    FF Extension: Muter - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\muter@yxl.name [2014-11-12]
    FF Extension: Toolbar Buttons - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2014-11-17]
    FF Extension: ColorfulTabs - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-10-31]
    FF Extension: FoxClocks - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-08-05]
    FF Extension: Add Bookmark Here ² - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\abhere2@moztw.org.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\autofillForms@blueimp.net.xpi [2014-08-04]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\cookieSwap@cookieSwap.mozdev.org.xpi [2014-08-19]
    FF Extension: Autofill - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\firefox-autofill@googlegroups.com.xpi [2014-08-04]
    FF Extension: HTML5 Media Player - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\html5player@horning.us.xpi [2014-08-03]
    FF Extension: Reddit Enhancement Suite - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-08-05]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\nosquint@urandom.ca.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\password.generator@kolya.ca.xpi [2014-08-03]
    FF Extension: Saved Password Editor - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\savedpasswordeditor@daniel.dawson.xpi [2014-08-03]
    FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\shopearn@prodege.com.xpi [2014-08-05]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\simpleClocks@grbradt.org.xpi [2014-08-05]
    FF Extension: Session Manager - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-08-03]
    FF Extension: Copy As Plain Text - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-08-04]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi [2014-08-04]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2014-08-04]
    FF Extension: Password Exporter - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-08-03]
    FF Extension: Adblock Plus - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-08-03]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-08-03]
    FF Extension: Firefox 2, the theme, reloaded - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2014-08-05]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-26]
    FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found]

    Chrome:
    =======
    CHR HomePage: Default -> https://www.mobizen.com/?locale=en
    CHR StartupUrls: Default -> "https://www.mobizen.com/?locale=en"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
    CHR Extension: (Adblock Plus) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-13]
    CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-08-02]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-06-26]
    CHR Extension: (Perk for Chrome) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpaeddemekchnbmjmcjplbbeeheionp [2014-09-17]
    CHR Extension: (Stylish) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-09-13]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-09-13]
    CHR Extension: (Screenwise Trends Panel) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieefkpoaagiboijfjhidningfpomge [2014-10-22]
    CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-09-13]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-09-13]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-13]
    CHR Extension: (Super Full Feeds for Google Reader™) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbjahpecnkenngkidhioicnfpakihgo [2014-09-13]
    CHR Extension: (Woot! Watcher) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanjbjffndkhfmfmajgjieopjpckpeho [2014-09-13]
    CHR Extension: (Facebook Notifications) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-09-13]
    CHR Extension: (MuteTab) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2014-08-01]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
    CHR Profile: C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-23]
    CHR Extension: (Google Docs) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-23]
    CHR Extension: (Google Drive) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23]
    CHR Extension: (YouTube) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
    CHR Extension: (Google Search) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
    CHR Extension: (Tampermonkey) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-10-26]
    CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-10-25]
    CHR Extension: (Google Sheets) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-23]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-10-26]
    CHR Extension: (Screenwise Trends Panel) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmieefkpoaagiboijfjhidningfpomge [2014-10-23]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
    CHR Extension: (Gmail) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
    CHR Extension: (RoboForm) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-23]
    CHR Profile: C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Slides) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
    CHR Extension: (Google Docs) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
    CHR Extension: (Google Drive) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
    CHR Extension: (YouTube) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
    CHR Extension: (Google Search) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
    CHR Extension: (Google Sheets) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
    CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-11-11]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
    CHR Extension: (Gmail) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]
    CHR Extension: (RoboForm) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-11-09]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
    R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
    R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
    S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [3327424 2014-10-27] ( Rsupport Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-08] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-08] (NVIDIA Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
    S3 kc02us_bus; C:\Windows\System32\DRIVERS\kc02us_bus64.sys [51608 2012-09-28] (Kyocera Corporation)
    S3 kc02us_serd; C:\Windows\System32\DRIVERS\kc02us_serd64.sys [66968 2012-09-28] (Kyocera Corporation)
    S4 LMIRfsClientNP; No ImagePath
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-08] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-15] ()
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-07-15] (Oracle Corporation)
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 12:25 - 2014-11-19 12:25 - 00027499 _____ () C:\Users\Bean\Desktop\FRST.txt
    2014-11-19 12:25 - 2014-11-19 12:25 - 00000000 ____D () C:\FRST
    2014-11-19 12:22 - 2014-11-19 12:23 - 00000000 ____D () C:\AdwCleaner
    2014-11-19 12:14 - 2014-11-19 12:14 - 02117120 _____ (Farbar) C:\Users\Bean\Desktop\FRST64.exe
    2014-11-19 04:47 - 2014-11-19 04:47 - 00001978 _____ () C:\Users\Public\Desktop\Mobizen.lnk
    2014-11-19 04:47 - 2014-11-19 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSUPPORT
    2014-11-19 04:46 - 2014-11-19 04:46 - 36853176 _____ (RSUPPORT ) C:\Users\Bean\Downloads\mobizen.exe
    2014-11-19 04:42 - 2014-11-19 04:42 - 11454688 _____ (LG Electronics) C:\Users\Bean\Downloads\LGUnitedMobileDriver_S51MAN312AP22_ML_WHQL_Ver_3.12.3.exe
    2014-11-19 00:26 - 2014-11-19 00:26 - 00001908 _____ () C:\Windows\diagwrn.xml
    2014-11-19 00:26 - 2014-11-19 00:26 - 00001908 _____ () C:\Windows\diagerr.xml
    2014-11-18 13:20 - 2014-11-18 13:20 - 00688992 ____R (Swearware) C:\Users\Bean\Downloads\dds(1).com
    2014-11-18 00:25 - 2014-11-18 00:25 - 00002113 _____ () C:\Users\Public\Desktop\The Repopulation (BETA).lnk
    2014-11-18 00:25 - 2014-11-18 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Repopulation
    2014-11-18 00:24 - 2014-11-18 00:24 - 00000000 ____D () C:\Program Files (x86)\HE Auto Launcher
    2014-11-18 00:09 - 2014-11-18 00:43 - 00000000 ____D () C:\Users\Bean\AppData\Local\HeroEngine
    2014-11-18 00:09 - 2014-11-18 00:09 - 00098072 _____ () C:\Users\Bean\Downloads\TheRepopulationInstaller.exe
    2014-11-18 00:09 - 2014-11-18 00:09 - 00000000 ____D () C:\Program Files (x86)\HeroEngine
    2014-11-17 21:48 - 2014-11-19 12:18 - 00000000 ____D () C:\Users\Bean\AppData\Local\CrashDumps
    2014-11-15 18:54 - 2014-11-15 18:54 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-15 18:53 - 2014-11-15 18:53 - 14678104 _____ () C:\Users\Bean\Downloads\RogueKiller.exe
    2014-11-13 16:15 - 2014-11-13 16:15 - 20238336 _____ () C:\Users\Bean\Desktop\Bean-2014-11-13.QDF-backup
    2014-11-12 18:49 - 2014-11-12 18:49 - 00000000 ____D () C:\Users\Bean\AppData\Local\Unity
    2014-11-12 17:43 - 2014-11-18 13:31 - 00016515 _____ () C:\Users\Bean\Desktop\dds.txt
    2014-11-12 17:43 - 2014-11-18 13:31 - 00009210 _____ () C:\Users\Bean\Desktop\attach.txt
    2014-11-12 17:43 - 2014-11-12 17:43 - 00688992 ____R (Swearware) C:\Users\Bean\Downloads\dds.com
    2014-11-12 17:20 - 2014-11-12 17:20 - 00000632 _____ () C:\Users\Bean\Desktop\JRT.txt
    2014-11-12 17:09 - 2014-11-12 17:09 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Bean\Downloads\tdsskiller.exe
    2014-11-12 09:35 - 2014-11-12 09:35 - 00019391 _____ () C:\ComboFix.txt
    2014-11-12 09:28 - 2014-11-12 09:35 - 00000000 ____D () C:\Qoobox
    2014-11-12 09:28 - 2014-11-12 09:33 - 00000000 ____D () C:\Windows\erdnt
    2014-11-12 09:28 - 2014-11-12 09:28 - 05598118 ____R (Swearware) C:\Users\Bean\Downloads\ComboFix.exe
    2014-11-12 09:28 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-12 09:28 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-12 09:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-12 09:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-12 09:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-12 09:28 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-12 09:28 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-12 09:28 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-12 08:25 - 2014-11-12 08:25 - 01706808 _____ (Thisisu) C:\Users\Bean\Downloads\JRT.exe
    2014-11-12 08:21 - 2014-11-12 08:21 - 02140160 _____ () C:\Users\Bean\Desktop\AdwCleaner.exe
    2014-11-12 08:16 - 2013-04-16 11:01 - 00288062 _____ () C:\Users\Bean\Downloads\Into Thin Air.epub
    2014-11-11 20:56 - 2014-11-11 20:56 - 02528363 _____ () C:\Users\Bean\Downloads\BeermoneyUtility.apk
    2014-11-09 11:19 - 2014-11-09 11:19 - 00002397 _____ () C:\Users\Bean\Desktop\Swag - Chrome.lnk
    2014-11-09 01:11 - 2014-11-09 01:11 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
    2014-11-08 19:49 - 2014-11-12 08:19 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2014-11-08 19:49 - 2014-11-08 19:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2014-11-08 19:49 - 2014-11-08 19:49 - 00000000 ____D () C:\Program Files\Realtek
    2014-11-08 19:49 - 2014-11-08 19:49 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2014-11-08 19:49 - 2012-01-31 19:14 - 04739304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2014-11-08 19:49 - 2012-01-31 17:32 - 02652264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2014-11-08 19:49 - 2012-01-31 17:02 - 00223608 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2014-11-08 19:49 - 2012-01-20 13:07 - 03845736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2014-11-08 19:49 - 2012-01-10 14:48 - 00958296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2014-11-08 19:49 - 2012-01-03 15:25 - 00626264 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
    2014-11-08 19:49 - 2012-01-03 15:25 - 00561752 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
    2014-11-08 19:49 - 2011-12-23 13:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2014-11-08 19:49 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2014-11-08 19:49 - 2011-12-18 17:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
    2014-11-08 19:49 - 2011-12-18 17:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2014-11-08 19:49 - 2011-12-16 14:57 - 00894040 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
    2014-11-08 19:49 - 2011-12-16 14:57 - 00750680 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
    2014-11-08 19:49 - 2011-12-15 12:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2014-11-08 19:49 - 2011-12-13 20:22 - 02528832 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2014-11-08 19:49 - 2011-12-13 16:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2014-11-08 19:49 - 2011-12-13 11:01 - 01698408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2014-11-08 19:49 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2014-11-08 19:49 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2014-11-08 19:49 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2014-11-08 19:49 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2014-11-08 19:49 - 2010-10-15 19:20 - 02261764 _____ () C:\Windows\system32\Drivers\rtvienna.dat
    2014-11-08 19:49 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2014-11-08 19:49 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2014-11-08 19:49 - 2010-07-02 19:40 - 00080984 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
    2014-11-08 19:49 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2014-11-08 19:49 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2014-11-08 19:49 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2014-11-08 19:49 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2014-11-08 19:49 - 2009-11-18 07:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
    2014-11-08 19:49 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2014-10-31 23:49 - 2014-11-14 06:22 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\Audacity
    2014-10-31 23:49 - 2014-10-31 23:49 - 00001047 _____ () C:\Users\Public\Desktop\Live365 Desktop.lnk
    2014-10-31 23:49 - 2014-10-31 23:49 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\com.live365.client.desktop.Player
    2014-10-31 23:49 - 2014-10-31 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live365
    2014-10-31 23:49 - 2014-10-31 23:49 - 00000000 ____D () C:\Program Files (x86)\Live365
    2014-10-31 23:44 - 2014-10-31 23:44 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2014-10-31 23:44 - 2014-10-31 23:44 - 00001007 _____ () C:\Users\Public\Desktop\Audacity.lnk
    2014-10-31 23:44 - 2014-10-31 23:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
    2014-10-29 20:25 - 2014-08-20 08:50 - 02430882 _____ () C:\Users\Bean\Downloads\Root Explorer_3.2.apk
    2014-10-26 00:54 - 2014-10-26 00:54 - 00000826 _____ () C:\Users\Bean\Desktop\SequoiaView.lnk
    2014-10-26 00:54 - 2014-10-26 00:54 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
    2014-10-26 00:54 - 2014-10-26 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
    2014-10-26 00:54 - 2014-10-26 00:54 - 00000000 ____D () C:\Program Files\SequoiaView
    2014-10-26 00:53 - 2014-10-26 00:54 - 00567003 _____ () C:\Users\Bean\Downloads\Sequoia1_3XPInstall.exe
    2014-10-23 10:52 - 2014-10-23 10:52 - 00000000 ____H () C:\Users\Bean\AppData\Local\BIT9185.tmp
    2014-10-23 10:52 - 2014-10-23 10:52 - 00000000 _____ () C:\Users\Bean\AppData\Local\{71230039-1FC2-41C0-AC28-EA96E7651DF1}
    2014-10-23 01:49 - 2014-10-23 01:49 - 00002397 _____ () C:\Users\Bean\Desktop\Fluffy - Chrome.lnk
    2014-10-23 01:49 - 2014-10-23 01:49 - 00002353 _____ () C:\Users\Bean\Desktop\Mobile - Chrome.lnk
    2014-10-21 21:18 - 2014-10-21 21:18 - 00000000 ____D () C:\Users\Bean\Documents\Fax
    2014-10-21 19:57 - 2014-10-21 19:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
    2014-10-21 19:57 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-10-21 19:57 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-10-21 19:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-21 19:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-21 19:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-21 19:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-21 19:55 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-21 19:55 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-21 19:55 - 2014-09-23 23:02 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-21 19:55 - 2014-09-23 23:02 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-21 19:55 - 2014-09-23 23:02 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 12288512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 09056768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-10-21 19:55 - 2014-09-23 23:01 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-21 19:55 - 2014-09-23 23:00 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-10-21 19:55 - 2014-09-23 23:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-10-21 19:55 - 2014-09-23 22:59 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-21 19:55 - 2014-09-23 22:59 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-21 19:55 - 2014-09-23 22:40 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 06025728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 01266688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-10-21 19:55 - 2014-09-23 22:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-21 19:55 - 2014-09-23 22:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-10-21 19:55 - 2014-09-23 22:38 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-10-21 19:55 - 2014-09-23 22:37 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-21 19:55 - 2014-09-23 22:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-21 19:55 - 2014-09-23 20:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-21 19:55 - 2014-09-23 19:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-21 19:55 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-21 19:55 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-21 19:55 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-10-21 19:55 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-10-21 19:55 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-21 19:55 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-21 19:55 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-21 19:55 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-10-21 19:55 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-10-21 19:55 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-21 19:55 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-21 19:55 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-21 19:55 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-21 19:55 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-21 19:55 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-21 19:55 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-21 19:55 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-21 19:55 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-21 19:55 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-21 19:55 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-21 19:55 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-10-21 19:55 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-10-21 19:55 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-10-21 19:55 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-10-21 19:55 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-10-21 19:55 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-10-21 19:55 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-21 19:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-21 19:55 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-21 19:55 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-21 19:55 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-21 19:55 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-21 19:55 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-21 19:55 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-21 19:55 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-21 19:55 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-10-21 19:54 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-21 19:54 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-21 19:54 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-21 19:54 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-21 18:02 - 2014-10-24 23:10 - 00000880 _____ () C:\Users\Bean\Desktop\CDisplayEx.lnk
    2014-10-21 18:02 - 2014-10-21 20:00 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\CDisplayEx
    2014-10-21 18:02 - 2014-10-21 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
    2014-10-21 18:02 - 2014-10-21 18:02 - 00000000 ____D () C:\Program Files\CDisplayEx

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-19 12:24 - 2014-08-15 22:26 - 00053418 _____ () C:\Windows\PFRO.log
    2014-11-19 12:24 - 2014-08-14 19:09 - 00003791 _____ () C:\Windows\setupact.log
    2014-11-19 12:24 - 2014-07-31 02:24 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-11-19 12:24 - 2014-01-31 04:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-19 12:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-19 12:23 - 2014-01-31 04:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-19 12:23 - 2013-12-07 21:48 - 01147318 _____ () C:\Windows\WindowsUpdate.log
    2014-11-19 04:49 - 2009-07-13 23:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 04:49 - 2009-07-13 23:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-19 04:47 - 2014-09-13 16:34 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\Rsupport
    2014-11-19 04:47 - 2014-09-13 16:34 - 00000000 ____D () C:\Program Files (x86)\RSUPPORT
    2014-11-19 03:44 - 2013-12-09 00:25 - 00000000 ____D () C:\Users\Bean\AppData\Roaming\vlc
    2014-11-19 00:26 - 2014-08-14 19:09 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-18 13:23 - 2013-12-08 02:21 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-18 13:21 - 2014-08-05 21:06 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
    2014-11-17 19:46 - 2009-07-14 00:13 - 00781754 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-17 13:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-11-17 00:05 - 2014-09-21 17:48 - 00000000 ____D () C:\INET
    2014-11-14 21:18 - 2014-01-31 04:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-14 21:18 - 2014-01-31 04:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 19:09 - 2014-05-09 22:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-12 19:18 - 2013-12-08 02:13 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-12 14:21 - 2013-12-08 01:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-12 09:37 - 2014-09-18 19:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-12 09:32 - 2014-08-16 16:08 - 00000000 ____D () C:\Program Files (x86)\ComcastUsageMeter
    2014-11-12 09:32 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2014-11-08 19:49 - 2014-02-19 14:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-10-28 09:18 - 2014-01-31 04:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-23 02:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-22 23:57 - 2014-08-28 22:21 - 00000000 ____D () C:\Users\Bean\Documents\Ghost Mouse Saves
    2014-10-22 11:01 - 2014-07-04 23:56 - 00000000 ____D () C:\Windows\PCHEALTH
    2014-10-22 11:01 - 2009-07-13 23:45 - 00305944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-22 11:00 - 2014-04-25 12:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-22 11:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-22 11:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-21 21:18 - 2014-08-28 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GhostMouse
    2014-10-21 20:00 - 2014-07-04 23:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-21 19:59 - 2013-12-08 02:03 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-10-21 19:57 - 2013-12-09 04:44 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-21 19:51 - 2014-05-09 22:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-21 19:51 - 2014-05-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-21 19:51 - 2014-05-09 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    Some content of TEMP:
    ====================
    C:\Users\Bean\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Bean\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe
    C:\Users\Bean\AppData\Local\Temp\Quarantine.exe
    C:\Users\Bean\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-15 00:15

    ==================== End Of Log ============================



    #7 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 19 November 2014 - 12:38 PM

    Computer is running ok. Sometimes it will slow down if I have the browser open for a while.

    Thanks for helping me!



    #8 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 19 November 2014 - 12:39 PM

    Forgot to click the button to upload.

    Attached Files



    #9 nasdaq

    nasdaq

    • Malware Response Team
    • 38,228 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:38 AM

    Posted 19 November 2014 - 02:15 PM

     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
     
    SearchScopes: HKU\S-1-5-21-3650247778-461816680-1906852284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Homepage: hxxp://www.swagbucks.com/
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Utilities\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: E:\Internet Temp Data\Mozilla\Firefox\Survey\searchplugins\trovi-search.xml
    FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17]
    FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\[email protected]<script type="text/javascript">
    /*  */
    </script> [2014-08-03]
    FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17]
    FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\[email protected]
    /*  */
     [2014-08-05]
    FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-08-04]
    FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found]
    CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-09-13]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
    CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-11-11]
    CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
    S4 LMIRfsClientNP; No ImagePath
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    C:\Users\Bean\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Bean\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe
     
    End
    
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log Fixlog.txt please post it to your reply.
    ===
     
    Download Security Check by screen317 from here.
    •  
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?
     


    #10 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 19 November 2014 - 08:47 PM

    Adchoices is still showing up

     

     

     

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
    Ran by Bean at 2014-11-19 20:41:57 Run:1
    Running from C:\Users\Bean\Desktop
    Loaded Profile: Bean (Available profiles: Bean)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start SearchScopes: HKU\S-1-5-21-3650247778-461816680-1906852284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Homepage: hxxp://www.swagbucks.com/ FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Utilities\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF SearchPlugin: E:\Internet Temp Data\Mozilla\Firefox\Survey\searchplugins\trovi-search.xml FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17] FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Main\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-08-03] FF Extension: Hola Better Internet - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-11-17] FF Extension: Swagbucks Extension - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\[email protected] /* */ [2014-08-05] FF Extension: No Name - E:\Internet Temp Data\Mozilla\Firefox\Survey\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-08-04] FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found] CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-09-13] CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31] CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23] CHR Extension: (Swagbucks Extension) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-11-11] CHR Extension: (Google Wallet) - C:\Users\Bean\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09] S4 LMIRfsClientNP; No ImagePath S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] C:\Users\Bean\AppData\Local\Temp\dllnt_dump.dll C:\Users\Bean\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.432.exe End
    *****************

    "HKU\S-1-5-21-3650247778-461816680-1906852284-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\start {0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKCR\CLSID\start {0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

    ==== End of Fixlog ====

     

     

     

     

     

     

     

     

     Results of screen317's Security Check version 0.99.90  
     Windows 7 Service Pack 1 x64 (UAC is disabled!)  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Security Center service is not running! This report may not be accurate!
     Windows Firewall Enabled!  
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Java 7 Update 65  
     Java version out of Date!
     Adobe Flash Player 15.0.0.152  
     Adobe Reader XI  
     Mozilla Firefox (33.1)
     Mozilla Thunderbird (24.6.0)
     Google Chrome (38.0.2125.104)
     Google Chrome (38.0.2125.111)
     Google Chrome (chrome.exe..)
     Google Chrome (debug.log..)
     Google Chrome (Dictionaries...)
     Google Chrome (old_chrome.exe..)
     Google Chrome (plugins...)
    ````````Process Check: objlist.exe by Laurent````````  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     



    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,228 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:38 AM

    Posted 20 November 2014 - 08:56 AM

    Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
     
    You can manually check your present version and update as recommended.
     
    Be careful not to install malware posing as Java update!
    Important read this blog.
     
    Quoted from the page.
    "In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
     
    How to disable Java in your browsers
     
     
    If present remove the old version(s) of Java using the Add/Remove Programs applet.
     
    Java 7 Update 65
     
    ===
     
    Reset the Browser(s) that are corrupted.
     
    Reset Chrome...
    Click on "Customize and control Google Chrome":
     
    p22003758.gif
     
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
     
    Click "Reset browser settings" button.
     
    Restart Chrome.
    ====
     
    Firefox:
    Reset Default Browsing settings:
    ===
     
    Internet Explorer:
    Menu > Tools > Internet Options > General Tab.
    Click the Reset button on the bottom of the pane.
    Click the Apply button.
    Close IE.
     
    ===
     
    How is the computer running now?


    #12 lauralana9

    lauralana9
    • Topic Starter

    • Members
    • 8 posts
    • OFFLINE
    •  
    • Local time:07:38 AM

    Posted 20 November 2014 - 03:29 PM

    I believe my problem has been fixed. Thanks!



    #13 nasdaq

    nasdaq

    • Malware Response Team
    • 38,228 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:38 AM

    Posted 21 November 2014 - 07:43 AM

    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
    ===


    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,228 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:38 AM

    Posted 27 November 2014 - 10:34 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users