iexplorer keeps replicating creating large files

[OCD]

Hi blueskygal,

No replicating processes.. seems to be running slow.

First comment - good, second comment - not so good.

Most of those items removed with ESET were already in a quarantine foler and posed no threat to your system.

=========================

I previously had you download the following tool (Security Check) it should of been saved to your desktop. Please locate it and run a scan as outlined.

Security Check

Re-run Security Check by screen317.

• Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

AdwCleaner v3: Scan & Clean

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

• checkup.txt
• AdwCleaner[S0].txt
• JRT.txt
• New FRST.txt

[blueskygal]

Results of screen317's Security Check version 0.99.85
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
CCleaner
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.10 Adobe Reader out of Date!
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[blueskygal]

# AdwCleaner v3.216 - Report created 25/07/2014 at 15:45:54
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Colleen - COLLEEN-PC
# Running from : C:\Users\Colleen\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mega Browse
Folder Deleted : C:\Users\Colleen\AppData\Local\PackageAware
Folder Deleted : C:\Users\Colleen\AppData\Local\eMusic
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Colleen\AppData\LocalLow\eMusic
Folder Deleted : C:\Users\Colleen\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Colleen\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Colleen\AppData\Roaming\IObit\Driver Booster
Folder Deleted : C:\Users\Colleen\AppData\Roaming\eMusic
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\eMusic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\eMusic
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\eMusic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Codec Package Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mega Browse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\eMusic Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v

[ File : C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={2B971300-05FE-11E3-B9DC-001E3342056B}&crg=3.5000006.10045&st=23
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN59957865520702380&ctid=CT3298570&UM=2
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN59957865520702380&ctid=CT3298570&UM=2&UP=SPFC992021-868E-418F-B819-EBB00B2BCC64&SSPV=

*************************

AdwCleaner[R0].txt - [5301 octets] - [25/07/2014 15:36:21]
AdwCleaner[S0].txt - [5338 octets] - [25/07/2014 15:45:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5398 octets] ##########

[OCD]

Hi blueskygal,

I still need to see the following logs:

JRT.txt
New FRST.txt

[blueskygal]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Colleen (administrator) on COLLEEN-PC on 25-07-2014 19:08:36
Running from C:\Users\Colleen\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
( Advanced Software Technologies) C:\Windows\System32\AstSrv.exe
(WebEx Communications, Inc.) C:\Windows\System32\atashost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
( ) C:\Windows\System32\lxcjcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\realplayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Efficient Software) C:\Program Files\EfficientPIM\EfficientPIM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [cdloader] => C:\Users\Colleen\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Advanced SystemCare 6] => C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Amazon Cloud Player] => C:\Users\Colleen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-2114738196-1747254254-1146559385-1000\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EfficientPIM.lnk
ShortcutTarget: EfficientPIM.lnk -> C:\Program Files\EfficientPIM\EfficientPIM.exe (Efficient Software)
Startup: C:\Users\Colleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - Yahoo! URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Windows Live Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKLM - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
Toolbar: HKCU - Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T26...rt/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin - C:\Program Files\PDFlite\npPdfViewer.dll No File
FF Plugin: @Musicnotes.com/Musicnotes Viewer,version=1.18.9 - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Sibelius.com/Scorch Plugin,version=6.2.0.88 - C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Colleen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @emusic.com/dlm-plugin - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Colleen\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-06]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-12]

Chrome:
=======
CHR HomePage: hxxp://my.netzero.net/start/sp.do
CHR Plugin: (Shockwave Flash) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Colleen\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files\Musicnotes\npsibelius.dll ()
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (eMusic Remote Plugin) - C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Colleen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (RealDownloader) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-12]
CHR Extension: (FastestFox for Chrome) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-10-27]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-08-15]
CHR Extension: (Google Wallet) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Readability) - C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx [2013-06-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 astcc; C:\Windows\system32\AstSrv.exe [53248 2008-06-11] ( Advanced Software Technologies) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [537520 2007-02-08] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [425648 2006-11-22] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-10-31] (TOSHIBA CORPORATION) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [68168 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 StMp3Rec; C:\Windows\System32\Drivers\StMp3Rec.sys [68204 2005-09-12] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Colleen\AppData\Local\Temp\catchme.sys [X]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 15:56 - 2014-07-25 15:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 15:54 - 2014-07-25 15:54 - 01016261 _____ (Thisisu) C:\Users\Colleen\Desktop\JRT.exe
2014-07-25 15:48 - 2014-07-25 15:48 - 00000314 _____ () C:\Windows\PFRO.log
2014-07-25 15:36 - 2014-07-25 15:46 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-25 15:34 - 2014-07-25 15:35 - 01354223 _____ () C:\Users\Colleen\Desktop\AdwCleaner.exe
2014-07-24 16:31 - 2014-07-24 16:31 - 00001110 _____ () C:\Users\Colleen\Desktop\ESETScan.txt
2014-07-24 14:43 - 2014-07-24 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-07-24 14:29 - 2014-07-24 14:29 - 00001066 _____ () C:\Users\Colleen\Desktop\mbam txt.txt
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 14:03 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 13:59 - 2014-07-24 14:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-24 13:59 - 2014-07-24 14:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-23 14:44 - 2014-07-23 14:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-07-23 13:30 - 2014-07-23 13:30 - 00017186 _____ () C:\ComboFix.txt
2014-07-23 13:07 - 2014-07-23 13:30 - 00000000 ____D () C:\ComboFix
2014-07-22 20:55 - 2014-07-22 20:55 - 00018974 _____ () C:\Users\Colleen\Desktop\combofix.txt
2014-07-22 20:17 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 20:17 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 20:17 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 20:17 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 20:00 - 2014-07-23 13:30 - 00000000 ____D () C:\Qoobox
2014-07-22 19:35 - 2014-07-22 19:36 - 05562024 ____R (Swearware) C:\Users\Colleen\Desktop\ComboFix.exe
2014-07-22 17:40 - 2014-07-24 14:01 - 00000000 ____D () C:\Users\Colleen\Desktop\Data 7-22
2014-07-22 16:53 - 2014-07-24 14:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 16:53 - 2014-07-22 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 16:50 - 2014-07-22 18:14 - 00000000 ____D () C:\Users\Colleen\Desktop\mbar
2014-07-22 16:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 16:48 - 2014-07-22 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Colleen\Downloads\mbar-1.07.0.1012.exe
2014-07-17 14:59 - 2014-07-17 15:00 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-16 15:06 - 2014-07-25 19:08 - 00022260 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-16 15:03 - 2014-07-25 19:08 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-11 21:16 - 2014-07-21 18:26 - 00008253 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-11 21:16 - 2014-07-21 18:26 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:29 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 16:29 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 16:29 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 16:29 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 16:29 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 16:29 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 16:29 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 16:29 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-11 16:29 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 16:29 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 16:29 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 16:29 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 16:29 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 16:29 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-11 16:29 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 16:29 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-11 16:29 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 16:29 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 16:29 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:32 - 2014-07-10 13:37 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:29 - 2014-07-10 13:36 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:26 - 2014-07-25 19:08 - 00000000 ____D () C:\FRST
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 13:07 - 2014-07-25 19:08 - 01084416 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-10 12:55 - 2014-07-10 12:56 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:21 - 2014-07-08 16:22 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:47 - 2014-07-01 10:48 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-22 20:49 - 00000000 ____D () C:\Windows\ERDNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-27 17:28 - 2014-06-27 17:26 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:26 - 2006-09-18 14:41 - 00000736 _____ () C:\Windows\system32\Drivers\etc\hosts.20140627-172634.backup
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:31 - 2014-07-25 15:49 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-07-23 12:47 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-06-27 16:31 - 2014-06-27 17:18 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2014-06-27 21:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 16:29 - 2014-06-27 17:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 16:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-06-27 16:24 - 2014-06-27 16:26 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:21 - 2014-06-27 16:22 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:18 - 2014-06-27 16:20 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 14:59 - 2014-06-27 15:00 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 12:54 - 2014-06-27 14:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 19:09 - 2014-07-16 15:06 - 00022260 _____ () C:\Users\Colleen\Desktop\FRST.txt
2014-07-25 19:08 - 2014-07-16 15:03 - 00000000 ____D () C:\Users\Colleen\Desktop\FRST-OlderVersion
2014-07-25 19:08 - 2014-07-10 13:26 - 00000000 ____D () C:\FRST
2014-07-25 19:08 - 2014-07-10 13:07 - 01084416 _____ (Farbar) C:\Users\Colleen\Desktop\FRST.exe
2014-07-25 18:58 - 2009-12-22 23:09 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 18:43 - 2013-06-04 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 18:35 - 2014-03-06 13:01 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2114738196-1747254254-1146559385-1000.job
2014-07-25 18:27 - 2009-06-30 21:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000UA.job
2014-07-25 18:12 - 2007-09-01 08:47 - 00000256 _____ () C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2014-07-25 17:48 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 17:48 - 2006-11-02 05:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 15:58 - 2007-01-10 15:30 - 01517497 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 15:56 - 2014-07-25 15:56 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 15:54 - 2014-07-25 15:54 - 01016261 _____ (Thisisu) C:\Users\Colleen\Desktop\JRT.exe
2014-07-25 15:49 - 2014-06-27 16:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-07-25 15:49 - 2009-12-22 23:09 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 15:48 - 2014-07-25 15:48 - 00000314 _____ () C:\Windows\PFRO.log
2014-07-25 15:48 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 15:47 - 2006-11-02 06:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 15:46 - 2014-07-25 15:36 - 00000000 ____D () C:\AdwCleaner
2014-07-25 15:46 - 2009-04-05 13:18 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\IObit
2014-07-25 15:35 - 2014-07-25 15:34 - 01354223 _____ () C:\Users\Colleen\Desktop\AdwCleaner.exe
2014-07-25 15:22 - 2013-12-02 10:59 - 54738944 _____ () C:\Windows\system32\config\software.iobit
2014-07-25 15:22 - 2013-12-02 10:59 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-07-25 15:22 - 2008-01-10 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskTop Set
2014-07-24 16:37 - 2014-02-10 10:42 - 00000000 ____D () C:\Users\Colleen\Documents\Efficient Organizer AutoBackup
2014-07-24 16:31 - 2014-07-24 16:31 - 00001110 _____ () C:\Users\Colleen\Desktop\ESETScan.txt
2014-07-24 16:23 - 2008-04-05 19:28 - 00000000 ____D () C:\Program Files\Wisdom-soft AutoScreenRecorder Free
2014-07-24 14:43 - 2014-07-24 14:43 - 00000000 ____D () C:\Program Files\ESET
2014-07-24 14:29 - 2014-07-24 14:29 - 00001066 _____ () C:\Users\Colleen\Desktop\mbam txt.txt
2014-07-24 14:04 - 2014-07-22 16:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 14:03 - 2014-07-24 14:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 14:01 - 2014-07-22 17:40 - 00000000 ____D () C:\Users\Colleen\Desktop\Data 7-22
2014-07-24 14:00 - 2014-07-24 13:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-24 14:00 - 2014-07-24 13:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Colleen\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-24 13:52 - 2008-09-26 13:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 14:45 - 2010-06-05 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 14:44 - 2014-07-23 14:44 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-07-23 13:30 - 2014-07-23 13:30 - 00017186 _____ () C:\ComboFix.txt
2014-07-23 13:30 - 2014-07-23 13:07 - 00000000 ____D () C:\ComboFix
2014-07-23 13:30 - 2014-07-22 20:00 - 00000000 ____D () C:\Qoobox
2014-07-23 13:30 - 2008-08-08 11:05 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Apps\2.0
2014-07-23 13:26 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-23 12:47 - 2014-06-27 16:31 - 00000618 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-07-22 20:55 - 2014-07-22 20:55 - 00018974 _____ () C:\Users\Colleen\Desktop\combofix.txt
2014-07-22 20:54 - 2006-11-02 04:18 - 00000000 __RHD () C:\Users\Default
2014-07-22 20:53 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2014-07-22 20:49 - 2014-07-01 10:04 - 00000000 ____D () C:\Windows\ERDNT
2014-07-22 19:49 - 2007-08-10 05:54 - 00001356 _____ () C:\Users\Colleen\AppData\Local\d3d9caps.dat
2014-07-22 19:41 - 2013-06-05 14:31 - 00000000 ____D () C:\Program Files\Opera
2014-07-22 19:36 - 2014-07-22 19:35 - 05562024 ____R (Swearware) C:\Users\Colleen\Desktop\ComboFix.exe
2014-07-22 19:27 - 2009-06-30 21:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114738196-1747254254-1146559385-1000Core.job
2014-07-22 19:18 - 2014-07-22 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 18:14 - 2014-07-22 16:50 - 00000000 ____D () C:\Users\Colleen\Desktop\mbar
2014-07-22 16:49 - 2014-07-22 16:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Colleen\Downloads\mbar-1.07.0.1012.exe
2014-07-21 20:12 - 2009-09-19 03:01 - 00000000 ____D () C:\Windows\CheckSur
2014-07-21 18:26 - 2014-07-11 21:16 - 00008253 _____ () C:\Users\Colleen\Desktop\aswMBR.txt
2014-07-21 18:26 - 2014-07-11 21:16 - 00000512 _____ () C:\Users\Colleen\Desktop\MBR.dat
2014-07-17 15:00 - 2014-07-17 14:59 - 00000000 ____D () C:\Users\Colleen\Documents\My Money
2014-07-17 15:00 - 2007-07-01 17:52 - 06885376 _____ () C:\Users\Colleen\Documents\My Money.mny
2014-07-17 13:19 - 2013-08-18 10:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 13:07 - 2006-11-02 05:47 - 00383968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 16:13 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 15:21 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-11 16:54 - 2014-07-11 16:54 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-11 16:54 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-11 16:43 - 2013-06-04 11:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-11 16:43 - 2013-06-04 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 16:02 - 2014-07-11 16:02 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-11 15:43 - 2014-07-11 15:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Colleen\Desktop\tdsskiller.exe
2014-07-11 15:36 - 2013-10-03 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-11 15:36 - 2013-06-18 21:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-11 15:36 - 2009-04-04 09:34 - 00000000 ____D () C:\Program Files\AVG
2014-07-11 14:59 - 2007-11-17 14:48 - 00000000 ____D () C:\Program Files\lx_Cats
2014-07-10 14:29 - 2014-07-10 14:29 - 00000000 ____D () C:\Users\Colleen\Desktop\Data
2014-07-10 13:37 - 2014-07-10 13:32 - 00046361 _____ () C:\Users\Colleen\Downloads\Addition.txt
2014-07-10 13:36 - 2014-07-10 13:29 - 00049605 _____ () C:\Users\Colleen\Downloads\FRST.txt
2014-07-10 13:24 - 2014-07-10 13:24 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST (1).exe
2014-07-10 13:23 - 2014-07-10 13:23 - 01075200 _____ (Farbar) C:\Users\Colleen\Downloads\FRST.exe
2014-07-10 12:56 - 2014-07-10 12:55 - 00854390 _____ () C:\Users\Colleen\Desktop\SecurityCheck.exe
2014-07-10 11:14 - 2007-07-02 20:03 - 06866952 ____R () C:\Users\Colleen\Documents\My Money Backup.mbf
2014-07-10 11:13 - 2014-07-10 11:13 - 00000443 _____ () C:\Users\Colleen\Desktop\Pictures - Shortcut.lnk
2014-07-10 11:04 - 2014-07-10 11:04 - 00000370 _____ () C:\Users\Colleen\Desktop\Downloads - Shortcut.lnk
2014-07-08 16:44 - 2014-07-08 16:44 - 00000000 ____D () C:\Users\Colleen\Documents\ProcAlyzer Dumps
2014-07-08 16:22 - 2014-07-08 16:21 - 05185536 _____ (AVAST Software) C:\Users\Colleen\Desktop\aswMBR.exe
2014-07-08 16:17 - 2014-07-08 16:17 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (2).com
2014-07-01 10:48 - 2014-07-01 10:47 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds (1).com
2014-07-01 10:07 - 2014-07-01 10:07 - 00688992 ____R (Swearware) C:\Users\Colleen\Downloads\dds.com
2014-07-01 10:04 - 2014-07-01 10:04 - 00000725 _____ () C:\Users\Colleen\Desktop\ERUNT.lnk
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-01 10:04 - 2014-07-01 10:04 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-01 10:03 - 2014-07-01 10:03 - 00791393 _____ (Lars Hederer ) C:\Users\Colleen\Downloads\erunt-setup.exe
2014-06-29 13:07 - 2014-06-29 13:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-28 08:59 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 21:32 - 2014-06-27 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-27 17:26 - 2014-06-27 17:28 - 00450609 ____R () C:\Windows\system32\Drivers\etc\hosts.20140627-172834.backup
2014-06-27 17:18 - 2014-06-27 16:31 - 00000448 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-06-27 17:14 - 2014-06-27 17:14 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license (1).exe
2014-06-27 17:14 - 2014-06-27 16:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-27 17:13 - 2014-06-27 17:13 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot2-license.exe
2014-06-27 16:30 - 2014-06-27 16:30 - 00001981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00001969 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-27 16:30 - 2014-06-27 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-27 16:26 - 2014-06-27 16:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (2).exe
2014-06-27 16:22 - 2014-06-27 16:21 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3 (1).exe
2014-06-27 16:20 - 2014-06-27 16:18 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Colleen\Downloads\spybot-2.3.exe
2014-06-27 16:13 - 2014-06-27 16:13 - 00453424 _____ (Microsoft Corporation) C:\Users\Colleen\Downloads\IE9-WindowsVista-x86-enu.exe
2014-06-27 15:43 - 2014-04-21 15:05 - 00000000 ____D () C:\Users\Colleen\Documents\A NexRep
2014-06-27 15:32 - 2006-11-30 17:44 - 00000000 ____D () C:\Program Files\Google
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523 (1).effxbak
2014-06-27 15:19 - 2014-06-27 15:19 - 03010560 _____ () C:\Users\Colleen\Downloads\My Information-140210 102523.effxbak
2014-06-27 15:00 - 2014-06-27 14:59 - 03010560 _____ () C:\Users\Colleen\Downloads\My+Information-140210+102523.effxbak
2014-06-27 14:32 - 2007-05-26 14:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Mozilla
2014-06-27 14:32 - 2007-05-26 14:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Games
2014-06-27 14:31 - 2006-11-30 17:37 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-06-27 14:30 - 2006-11-02 03:23 - 00000375 _____ () C:\Windows\win.ini
2014-06-27 14:15 - 2006-11-30 17:39 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-27 14:01 - 2014-06-27 12:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-27 13:07 - 2006-11-30 16:26 - 00000000 ____D () C:\Windows\Panther
2014-06-27 12:54 - 2014-06-27 12:54 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-27 12:35 - 2007-02-04 10:28 - 00000000 ____D () C:\Users\Colleen\AppData\Local\Google
2014-06-27 12:35 - 2006-11-30 17:44 - 00000000 ____D () C:\ProgramData\Google
2014-06-26 13:49 - 2010-06-07 15:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 10:59 - 2014-03-12 11:59 - 00000040 _____ () C:\Users\Colleen\AppData\Roaming\WB.CFG
2014-06-25 12:04 - 2014-04-24 13:20 - 00000000 ____D () C:\Users\Colleen\AppData\Roaming\Five9

Some content of TEMP:
====================
C:\Users\Colleen\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-25 16:00

==================== End Of Log ============================

[blueskygal]

OCD,

I was posting as i was doing but the junkware seemed like it stalled out after the initial scan.
i mean it was probably 1-2 hrs and nothing.

so this is what i have. computer seems faster now.

[OCD]

Hi blueskygal,

I was posting as i was doing but the junkware seemed like it stalled out after the initial scan.
i mean it was probably 1-2 hrs and nothing.

OK, that's fine. Don't worry about running that scan.

=========================

Please make another pass with AdwCleaner.

Re- run AdwCleaner

It should be on your desktop

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

In your next post please provide the following:

• AdwCleaner[S1].txt
• Any remaining issues?

[blueskygal]

# AdwCleaner v3.216 - Report created 26/07/2014 at 13:39:37
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Colleen - COLLEEN-PC
# Running from : C:\Users\Colleen\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v

[ File : C:\Users\Colleen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5301 octets] - [25/07/2014 15:36:21]
AdwCleaner[R1].txt - [884 octets] - [26/07/2014 13:32:06]
AdwCleaner[S0].txt - [5478 octets] - [25/07/2014 15:45:54]
AdwCleaner[S1].txt - [806 octets] - [26/07/2014 13:39:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [865 octets] ##########

[blueskygal]

computer running fine -- seems like you got 'em OCD! Thanks for all your help and patience. I've made a donation to spybot. I think you guys are doing great work!

blueskygal

[OCD]

Hi blueskygal,

Thank you for the donation.

Your log appears to be clean.
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

Remove Disinfection Tools

• Download Delfix
• Tick the following boxes:
  
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
  
  
  
  
  
• Click Run
• Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• Java 7 Update 55
• Adobe Reader 8
• Adobe Reader 10.1.10

=========================

Update Java

• Get the current version of Java (Version 7 Update 65) by going to http://java.com/en/download/installed.jsp
• Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

Adobe Reader:

Go to http://get.adobe.com/reader/otherversions/

• Use the drop down menu's to select your operating system
• Select your language > Select The current version of Adobe Reader for your language
• Remove the check mark from the box "Free! McAfee Security Scan Plus"
• Click the Download button, and follow the onscreen directions to complete the installation.

Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

Disk Defragmenter for Vista

• Open Disk Defragmenter by clicking the Start button, > All Programs, > Accessories, > System Tools and then clicking Disk Defragmenter..
• If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
• Click Defragment Now.

Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.

Tutorial: http://windows.microsoft.com/en-US/w...your-hard-disk

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
• AdBlockPlus

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

• Avast Free Antivirus
• Avira Free Antivirus 2013
• PC Tools AntiVirus Free
• Ad-Aware Free Antivirus +

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

• Online Armor Free
• Agnitum Outpost Firewall Free
• Comodo Firewall

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware



= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

• Green should be good to go
• Yellow for caution
• Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

• FBI Cyber Education Letter
• USAToday
• infoworld

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

• Windows XP:
  Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
  If you are running Windows XP, please take the time to read the information provided at these links.
  
  • Windows XP - The Elephant In The Room
  • Windows XP - The end of the road
• Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
• Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.