View Full Version : Problem with residual conduit message
Suemarie
2014-07-01, 23:55
First, I apologize for posting this. I did find the thread about someone else have a problem with a conduit. Some time ago, spybot dug out a conduit from my computer; however there is a message window that pops up whenever I start my computer up. It says:
There was a problem starting C:\Users\SueB\AppData\Data\Local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found.
I did look through your maleware removal forum under "C" but didn't see anything about conduits.
I will be honest and say that I only have the free version of spybot-S&D. I also have Malwarebytes and Avast professional. I have been considering changing to your spybot professional. Would this be able to take the place of Avast? My subscription is due to run out soon.
The reason that I am considering spybot now is your program is the only one that was able to dig the conduit out except for this one file. I am at a loss as to even know where to look for it. Would your professional software be able to find it?
Thank you for reading this. I make my living on my computer so cannot afford to have any security issues with it.
Hi Suemarie,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt
Suemarie
2014-07-02, 16:11
I hope that I did this correctly. I tried to put it into one post, but it seems to be too long, so I will do it in several.
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt
Checkup.txt report
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Out of date Malwarebytes Anti-Malware installed!
Java 7 Update 60
Adobe Flash Player 14.0.0.125
Adobe Reader XI
Mozilla Firefox (30.0)
Mozilla Thunderbird (24.6.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
_____________________________________________________________
I am not sure if I attached the MBR zip correctly. If not, please let me know. I am having trouble getting the MBR text. though. after the scan, the screen turned blue and a message came up saying windows had closed due to finding a problem.
_________________________________________
Suemarie
2014-07-02, 16:14
First Txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by SueB (administrator) on SUEB-PC on 02-07-2014 08:43:56
Running from C:\Users\SueB\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
SearchScopes: HKCU - {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (SweetTunes) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng [2014-01-13]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (Mapit 1) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\SueB\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-12-18]
CHR HKCU\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx [2012-11-30]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\SueB\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx [2012-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-02 08:43 - 2014-07-02 08:44 - 00022137 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:43 - 2014-07-02 08:44 - 00000000 ____D () C:\FRST
2014-07-02 08:42 - 2014-07-02 08:43 - 00001437 _____ () C:\Users\SueB\Desktop\FRST64 - Shortcut.lnk
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Downloads\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:26 - 2014-07-02 08:24 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:30 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:14 - 2014-07-02 08:30 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 08:01 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:55 - 2014-07-02 07:56 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:54 - 2014-07-02 07:55 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:32 - 2014-07-01 01:33 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 14:07 - 2014-07-02 08:30 - 00000784 _____ () C:\Windows\setupact.log
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 08:34 - 2014-06-30 21:40 - 00000000 __SHD () C:\Jumpshot
2014-06-30 08:31 - 2014-07-01 01:42 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-26 21:10 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 20:58 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Java
2014-06-20 20:57 - 2014-06-20 20:58 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 07:45 - 2014-06-12 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 06:09 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:09 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:09 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:09 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:09 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:09 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:09 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:09 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:09 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 10:21 - 2014-06-05 10:23 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
==================== One Month Modified Files and Folders =======
2014-07-02 08:44 - 2014-07-02 08:43 - 00022137 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:44 - 2014-07-02 08:43 - 00000000 ____D () C:\FRST
2014-07-02 08:43 - 2014-07-02 08:42 - 00001437 _____ () C:\Users\SueB\Desktop\FRST64 - Shortcut.lnk
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Downloads\FRST64.exe
2014-07-02 08:38 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:38 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:37 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 08:34 - 2014-02-19 09:57 - 01441255 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 08:33 - 2013-09-05 20:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:30 - 2014-07-02 08:14 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:30 - 2014-07-02 08:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:30 - 2014-06-30 14:07 - 00000784 _____ () C:\Windows\setupact.log
2014-07-02 08:30 - 2013-12-02 17:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 08:30 - 2013-08-30 20:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2014-07-02 08:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:27 - 2014-02-27 22:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2014-07-02 08:24 - 2014-07-02 08:26 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 08:10 - 2013-11-24 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 08:01 - 2014-07-02 07:56 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:56 - 2014-07-02 07:55 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:55 - 2014-07-02 07:54 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:52 - 2013-12-02 17:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 22:51 - 2012-11-21 19:36 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\SoftGrid Client
2014-07-01 19:18 - 2012-11-23 04:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2014-07-01 18:33 - 2013-09-05 20:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job
2014-07-01 14:25 - 2014-02-27 22:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:42 - 2014-06-30 08:31 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-01 01:42 - 2012-04-12 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2014-07-01 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:32 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 01:28 - 2013-11-15 01:22 - 00002302 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-07-01 01:28 - 2013-02-22 09:01 - 00001897 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 23:24 - 2013-01-05 22:08 - 00000000 ____D () C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)
2014-06-30 22:49 - 2012-12-09 14:16 - 00000000 ____D () C:\Users\SueB\Documents\Youcam
2014-06-30 21:40 - 2014-06-30 08:34 - 00000000 __SHD () C:\Jumpshot
2014-06-30 14:14 - 2013-05-21 09:04 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4B6C508-3456-47A0-9DC4-7C361428BA62}
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 12:51 - 2014-04-08 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:35 - 2014-06-20 20:58 - 00000000 ____D () C:\Program Files\Java
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:30 - 2013-10-17 00:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:29 - 2012-11-27 18:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 09:22 - 2012-11-21 18:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 09:21 - 2012-11-21 17:54 - 00000000 ____D () C:\Users\SueB
2014-06-30 08:34 - 2012-11-21 17:55 - 07864320 ___SH () C:\Users\SueB\.ghost-ntfs-3g-00000000000000000009
2014-06-30 08:34 - 2009-07-13 22:34 - 77332480 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-06-30 08:34 - 2009-07-13 22:34 - 22806528 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-04-30 23:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-22 20:32 - 2012-11-21 17:55 - 00064416 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 03:47 - 2013-12-02 17:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 03:47 - 2013-12-02 17:17 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 21:09 - 2012-12-06 08:04 - 00000000 ____D () C:\ProgramData\Apple
2014-06-20 21:07 - 2013-11-24 14:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:07 - 2013-11-24 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 21:07 - 2013-11-24 14:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 20:58 - 2014-06-20 20:57 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:49 - 2014-04-06 23:12 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-20 20:45 - 2014-05-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 20:39 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:51 - 2013-12-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 19:26 - 2014-03-15 17:24 - 00000000 ____D () C:\ProgramData\webex
2014-06-16 18:28 - 2013-09-05 20:49 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA
2014-06-16 18:28 - 2013-09-05 20:49 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core
2014-06-13 07:02 - 2012-11-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 10:07 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 08:42 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-06-11 10:03 - 2013-08-15 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:01 - 2012-11-23 13:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 05:13 - 2014-06-26 21:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-26 21:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 17:57 - 00001409 _____ () C:\Users\SueB\Desktop\Internet Explorer.lnk
2014-06-06 02:52 - 2009-07-14 00:45 - 00295288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-05 16:47 - 2012-11-21 18:28 - 00002230 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 16:41 - 2013-08-04 13:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-06-05 10:23 - 2014-06-05 10:21 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 08:14
==================== End Of Log ============================
Suemarie
2014-07-02, 16:14
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by SueB at 2014-07-02 08:44:35
Running from C:\Users\SueB\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
24im (Remove Only) (HKLM-x32\...\24im) (Version: - 24im LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11.2.392.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{8EAB9068-AA14-4575-B8DD-322732E1F367}) (Version: 29.4.0.23 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3228 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 4.0.3228 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Georgia 2012 (HKLM-x32\...\{92DE38F8-CBF1-4A4C-B19D-DD4ADA3E6408}) (Version: 1.12.3201 - HRB Technology, LLC.)
H&R Block Virginia 2012 (HKLM-x32\...\{3CBDBF7F-2E54-4A78-B41D-7163F7BC7F06}) (Version: 1.12.3301 - HRB Technology, LLC.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6466 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TMS CallCenter (HKLM-x32\...\{3146714B-1289-46EF-BB9B-C68208D59D8B}) (Version: 2.9.38 - National Systems Corporation)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0006 - Acer Incorporated)
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Display Device (Trigger Family) 12.01.1225.3679 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 12.01.1225.3679 - StarTech)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
24-06-2014 14:32:14 Windows Update
27-06-2014 01:10:12 Windows Update
28-06-2014 21:58:52 Removed Java 8 Update 5 (64-bit)
28-06-2014 22:04:23 Installed Java 7 Update 60 (64-bit)
29-06-2014 23:00:08 Windows Backup
30-06-2014 15:11:11 Removed Java 7 Update 60
30-06-2014 15:12:01 Removed Java 7 Update 60 (64-bit)
30-06-2014 15:29:01 Installed Java 7 Update 60
30-06-2014 15:34:55 Installed Java 7 Update 60 (64-bit)
01-07-2014 05:30:35 Removed Microsoft Silverlight
01-07-2014 05:31:03 Removed Microsoft Silverlight
01-07-2014 05:37:51 Restore Operation
01-07-2014 06:10:25 Windows Update
==================== Hosts content: ==========================
2009-07-13 22:34 - 2014-04-11 01:21 - 00451013 ____R C:\Windows\system32\Drivers\etc\hosts
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.loagentvpn.liveops.com
205.167.109.11 azcad
143.61.195.18 d2000-okc
209.82.196.139 d2kappok
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0A48CDB4-2DFD-4BE2-B56C-E25848093A75} - System32\Tasks\{BDB1BDF5-9F76-4C68-9D75-494216820199} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {0B1A5240-348B-4304-847D-F2184605D1ED} - System32\Tasks\{4752F0DE-31ED-4CBC-B01F-702B976EB8D8} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2012-09-12] (CyberLink Corp.)
Task: {0D05C315-5AB0-4861-A30E-4EE92A96BF01} - System32\Tasks\{9ACEEDF3-702F-4220-A05E-0CA93CA1E2A6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {17DC4C4F-82CC-4486-AFC5-F9305C9FD1FB} - System32\Tasks\{1534418C-F0AB-4B71-8F01-3EE429F584FA} => C:\Users\SueB\Desktop\AZ\D2000AZNEWGB - Production\d2k32_cr.exe
Task: {1B97C20B-D968-4F77-8B2C-94F6AE744057} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {1DEB26B1-3131-44CF-9AE4-B79BC99DA0AF} - System32\Tasks\{B8681D4F-9C47-4AB0-A0FD-9DA821FEE5AA} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-05-01] (National Systems Corporation)
Task: {20F678C9-2A19-4D6F-8258-23B50829D7DC} - System32\Tasks\{C4A595AE-B568-42EA-85F1-276B3C74A131} => C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)\D2000AZNEWGB - Training\d2k32_cr.exe
Task: {226E9CAF-1BAC-43FC-A362-B2426B3635B0} - System32\Tasks\{638E9ADC-9F84-43B3-A9F3-DA0B58579C00} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {2A7BC5AF-D5EC-4F33-B56D-E77BD16111D4} - System32\Tasks\{6B7EE633-1721-4727-8B09-4CAD264982D5} => Chrome.exe
Task: {2FFBC69E-72B9-4168-A3ED-C14E4DFA6530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {32227CC8-7C04-447D-91BA-E4B4499CCF04} - System32\Tasks\{E619DE95-D955-49F1-99FC-47EA85FBC4FA} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {40896514-9238-4949-A4EF-5A2B6B415E6A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {440DC7A4-F6FE-400A-8A05-9E58DE665EDE} - System32\Tasks\{93712C41-9DDC-4AEA-8C2D-458F849D80B2} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {447ED454-8A73-4D1D-AC43-23172DC61152} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {458A39D4-D0C8-4D57-90C2-0B7B73E43C73} - System32\Tasks\{BD2B32D7-2270-463B-800E-E3283A7AEE5F} => C:\Users\SueB\Downloads\D2000OK_SD_Production\D2000OK_SD Production\d2k32_cr.exe
Task: {4B1F9702-2BF4-4D2A-836D-0CB42BF67804} - System32\Tasks\{8BA08670-BED0-4AA3-8712-A7401AD34809} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {4B3F9A54-2A51-413E-B15B-CE1CEE6B9004} - System32\Tasks\{C5DED3AA-9725-481F-A072-0F9C5620DC2A} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-05-01] (National Systems Corporation)
Task: {50FCA8F8-9AA8-491A-8A5D-D3C5485A4FD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {5264931F-6FD7-4517-84DC-DF6C78F5096A} - System32\Tasks\{5343B9A1-E2D3-4CEB-ADE3-161875C0DB7B} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {57873E08-56FC-41B3-9210-AA93B8AF43A0} - System32\Tasks\{865A080C-DAA1-4C23-B0B7-9DE26F8D3135} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {5D0A1D5B-A791-4D8C-9415-1F4B551F2D28} - System32\Tasks\{71A53804-1693-4846-A123-41A936D3AF27} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {632B8A8A-2977-4A14-8F3B-335C04E1D0CE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02] (AVAST Software)
Task: {6827ACC2-63C7-4FA5-ABF6-217C21F61C9F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6DA423E6-86DE-4BF8-96EC-0140F1F7DDD1} - System32\Tasks\{1EE24F2C-0DB4-424E-84C9-D5B553767CC3} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {704C1654-35F5-4DB1-8195-4524D1870BF2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-01-18] (Acer)
Task: {7A45A029-1EF7-4437-9149-FBC27B0FE08D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7B0C3B06-3A28-47C1-AB53-295E20E1E1AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {7DFBAB0C-3563-4DBE-BEC3-0871CB07C784} - System32\Tasks\{7B6AF7DA-9AA6-402B-BEBB-2A1C1739BFC3} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {821068C7-2C55-4656-884F-AC9ED4B06CA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {8670ADD4-03F9-485B-97D7-11DB7A931235} - System32\Tasks\{71943BF6-63DE-4B39-B6A3-1BCC7FBCFBB8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {89536066-10FD-4EAA-B927-E1567E1BA3CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {96D67F5E-A707-4751-89E5-00B9EBCA27AE} - System32\Tasks\{2052277F-5188-4418-9901-057E6D3D78A1} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {A193E4A5-A330-4296-86DB-437DF851057A} - System32\Tasks\{39F3C1C6-EC4D-402B-A504-E9D6FBAE6029} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {ADA818BB-8F20-4D45-8144-98646066610B} - System32\Tasks\{288EC824-F8B4-4E9E-819A-A41CBF90B665} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {AED3E3D0-02BB-42FF-85FF-B159F530FFB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {B2D05C14-8C4D-4B91-852A-EC0148850C1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {B4AD683C-6739-4229-8058-C94164C5017D} - System32\Tasks\{F5682B18-54EF-4BA1-8B80-17EE5E0BA4D4} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {C160B179-789D-4D4B-95C1-012C0CA09292} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C190CB65-1728-45CD-803A-8DDBB674B702} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C57675A7-B82B-445E-97B8-B4D0D001CCD7} - System32\Tasks\{3777E41D-3A78-4D4C-BAE6-E5E45DEE9678} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {CA1A923E-4057-48ED-A708-6E3013B8C1B8} - System32\Tasks\{5F63685C-3140-4C71-AFC9-6F25CF2AF13D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {D1AF4EF7-20FE-4D98-AC5A-C0A78662793C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {D893FECF-D387-4112-B1B4-7E6B066A300E} - System32\Tasks\{C823354D-877A-4D2E-813F-74EB5EBE2BFC} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
Task: {E1931CC9-1569-4FA3-B128-0BC5ABBA9962} - System32\Tasks\{5EBCD752-F3FD-4149-933E-89465BEC4685} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {E7490AFC-1999-4F1C-9DED-A4E3577B7B85} - System32\Tasks\{27397021-20E6-4FA4-9E6F-B36A347219EE} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {F4B39FA3-7268-46F3-AE5E-F27332216409} - System32\Tasks\{77650567-5BA5-44DF-A667-22BB20EF1A55} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-29 22:00 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-08-30 20:14 - 2012-08-28 14:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-08-30 20:14 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2014-07-02 07:49 - 2014-07-02 07:49 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070200\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-30 20:39 - 2013-11-30 20:39 - 00057344 _____ () C:\Program Files (x86)\24im\24im Messenger\IMHOOK2.dll
2014-04-08 17:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-08 17:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-08 17:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-08 17:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-08 17:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-15 01:22 - 2013-11-15 01:22 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-13 10:33 - 2014-02-13 10:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-04-12 22:53 - 2010-11-06 02:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FDispPos => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: Google Update => "C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MCTDUtil => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TouchORB => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/02/2014 08:30:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2014 08:15:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2014 06:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:26:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:09:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 02:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 01:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 00:23:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2014 10:57:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/02/2014 08:30:30 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89a499889, 0xb3b7465eecc7d3c3, 0xfffff880009f4540, 0x0000000000000002)C:\Windows\MEMORY.DMP070214-17425-01
Error: (07/02/2014 08:30:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:27:02 AM on 7/2/2014 was unexpected.
Error: (07/02/2014 08:14:30 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89ebd8716, 0xb3b7465ef13bc250, 0xfffff880009f4540, 0x0000000000000002)C:\Windows\MEMORY.DMP070214-17503-01
Error: (07/02/2014 08:14:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:48 AM on 7/2/2014 was unexpected.
Error: (07/01/2014 01:39:48 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.
Error: (06/30/2014 10:15:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (06/30/2014 10:15:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Error: (06/30/2014 10:15:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (06/30/2014 10:15:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (06/30/2014 10:15:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Microsoft Office Sessions:
=========================
Error: (07/02/2014 08:30:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2014 08:15:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2014 06:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:26:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:09:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 11:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 02:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 01:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2014 00:23:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2014 10:57:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4034.78 MB
Available physical RAM: 2134.96 MB
Total Pagefile: 8067.73 MB
Available Pagefile: 5905.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:393.32 GB) NTFS
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:27.51 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 51B5EE98)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ================
Hi Suemarie,
Please be sure that you are running all these tools directly from the desktop. If the tool are not located on the desktop the fixes I provide may not work as designed.
Please run this Rootkit Scanner.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit1_zps4613be8c.png.html)
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit2update_zpsf85fca28.png.html)
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png.html)
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan_zps9b346fe7.png.html)
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png.html)
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable FireFox plug-in
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to disable.
My Search Dial
Sweet Tunes
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable Plug-ins in Google Chrome
Click the Chrome menu on the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:
SweetTunes
Exit Chrome settings menu.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Update for Zip Opener
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
system-log.txt
mbar-log
Fixlog.txt
Suemarie
2014-07-03, 01:17
Thank you. I will do these procedures in the morning. It is getting ready to storm here and I don't want to risk loosing power in the middle of everything. Thank you so much for taking the time to help me.
:)
Suemarie
2014-07-03, 05:20
The storm passed thru, so I went ahead and followed your instructions. At first, I thought I had done something wrong because when I did the Malwarbytes Anti-Root Kit, it didn't find anything. I did take a screen shot of it. The good news is, that pesky conduit is apparently gone. At least that popup no longer comes up. Thank you ever so much for your help. I will be sending a donation when my paycheck comes in. :)
Here is the Farbar Recovery Tool Report:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by SueB at 2014-07-02 21:50:45 Run:1
Running from C:\Users\SueB\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
*****************
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6d6503c4-6ba9-419a-9657-607ae153f4c4}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6d6503c4-6ba9-419a-9657-607ae153f4c4}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00683C20-0225-4AF9-B5B0-E79759803B69}' => Key deleted successfully.
'HKCR\CLSID\{00683C20-0225-4AF9-B5B0-E79759803B69}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml => Moved successfully.
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com" ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff' => Key deleted successfully.
"C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7A66014-EB44-41D2-9995-A969CE690FFC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A66014-EB44-41D2-9995-A969CE690FFC}' => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task' => Key deleted successfully.
==== End of Fixlog ====
Hi Suemarie,
It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
AdwCleaner[S0].txt
JRT.txt
FRST.txt
Suemarie
2014-07-03, 16:17
# AdwCleaner v3.214 - Report created 03/07/2014 at 08:28:28
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SueB - SUEB-PC
# Running from : C:\Users\SueB\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\SweetTunes
Folder Deleted : C:\Users\SueB\AppData\Local\genienext
Folder Deleted : C:\Users\SueB\AppData\Local\Mobogenie
Folder Deleted : C:\Users\SueB\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\SueB\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\SueB\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\SueB\AppData\LocalLow\SweetTunes
Folder Deleted : C:\Users\SueB\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\SueB\Documents\Mobogenie
Folder Deleted : C:\Users\SueB\AppData\Local\Software
Folder Deleted : C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng
Folder Deleted : C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl
File Deleted : C:\Users\SueB\daemonprocess.txt
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{010AB0F6-CC08-4787-A92D-C76BD84DFA45}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E069BEC-081D-43FB-865A-FA8F54A6DBCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetTunes
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SweetTunes
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16921
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\prefs.js ]
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311875");
Line Deleted : user_pref("extensions.irmysearch.aflt", "suma_14_14_ie");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0Bt[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "1648369585");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_c");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "suma_14_14_ie");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "1648369585");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "00FFA9370978287E");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16166");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_c");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.019:14:41");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "P7UWHJRWFECGQGYEM7PV+JK96RFK0C6IT/VCX4RBFFDGDCS3SLSFGZETZ2IXLLQ1W77YN/DCZSXEM12YJBX0GW");
-\\ Google Chrome v
[ File : C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
Deleted [Extension] : blklojfklgnogjaijkibhfjepakiocng
Deleted [Extension] : jbkceikmmebhmgcjiemejoaeholbnnjl
*************************
AdwCleaner[R0].txt - [11088 octets] - [03/07/2014 08:27:15]
AdwCleaner[S0].txt - [11146 octets] - [03/07/2014 08:28:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11207 octets] ##########
Suemarie
2014-07-03, 16:18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by SueB on Thu 07/03/2014 at 8:50:56.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3890881620-3642371930-2457045338-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{434EF701-C1E6-4B55-AA37-150AB2714D56}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{545600B7-9ECA-48FB-991B-9E10A342AA13}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{934B7021-5598-441F-B86E-F9688BD5E846}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{A1DB95BE-CB92-4D42-9604-1C6F8B421719}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{AFB21E67-35BB-4843-B2C5-D74E76B99150}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{D7E81879-EBCB-4760-957C-E851D5688774}
Successfully deleted: [Empty Folder] C:\Users\SueB\appdata\local\{EB3AAD12-DC75-41E4-A948-4406C4BF1E04}
~~~ FireFox
Emptied folder: C:\Users\SueB\AppData\Roaming\mozilla\firefox\profiles\7s6elucx.default\minidumps [60 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/03/2014 at 9:00:22.67
End of JRT log
Suemarie
2014-07-03, 16:24
I am having trouble posting the Farbar Report. I will try breaking it down into smaller sizes.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by SueB (administrator) on SUEB-PC on 03-07-2014 09:05:02
Running from C:\Users\SueB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine
Suemarie
2014-07-03, 16:26
Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Suemarie
2014-07-03, 16:27
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
Suemarie
2014-07-03, 16:28
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
Suemarie
2014-07-03, 16:28
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
Suemarie
2014-07-03, 16:33
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
Suemarie
2014-07-03, 16:35
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-03 09:05 - 2014-07-03 09:05 - 00018412 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-03 09:00 - 2014-07-03 09:00 - 00001824 _____ () C:\Users\SueB\Desktop\JRT.txt
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:48 - 2014-07-03 08:48 - 01016261 _____ (Thisisu) C:\Users\SueB\Desktop\JRT.exe
2014-07-03 08:29 - 2014-07-03 08:29 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 08:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 08:26 - 2014-07-03 08:28 - 00000000 ____D () C:\AdwCleaner
2014-07-03 08:25 - 2014-07-03 08:25 - 01346519 _____ () C:\Users\SueB\Desktop\AdwCleaner.exe
2014-07-02 20:40 - 2014-07-02 20:49 - 00000000 ____D () C:\Users\SueB\Desktop\mbar
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:34 - 2014-07-02 20:34 - 00001202 _____ () C:\Users\SueB\Desktop\mbar-1.07.0.1012 - Shortcut.lnk
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:45 - 2014-07-02 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 19:45 - 2014-07-02 20:41 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 19:35 - 2014-07-02 20:39 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 19:29 - 2014-07-02 20:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 08:44 - 2014-07-02 08:45 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:43 - 2014-07-03 09:05 - 00000000 ____D () C:\FRST
2014-07-02 08:43 - 2014-07-02 21:00 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:26 - 2014-07-02 08:24 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:30 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:14 - 2014-07-02 08:30 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 08:01 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck
Suemarie
2014-07-03, 16:36
(2).exe
2014-07-02 07:55 - 2014-07-02 07:56 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:54 - 2014-07-02 07:55 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:32 - 2014-07-01 01:33 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 14:07 - 2014-07-03 08:29 - 00001232 _____ () C:\Windows\setupact.log
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
Suemarie
2014-07-03, 16:37
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 08:34 - 2014-06-30 21:40 - 00000000 __SHD () C:\Jumpshot
2014-06-30 08:31 - 2014-07-01 01:42 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-26 21:10 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 20:58 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Java
2014-06-20 20:57 - 2014-06-20 20:58 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 07:45 - 2014-06-12 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 06:09 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:09 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:09 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation)
Suemarie
2014-07-03, 16:37
C:\Windows\system32\jscript9.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
Suemarie
2014-07-03, 16:38
2014-06-11 06:09 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:09 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:09 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:09 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:09 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:09 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:09 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation)
Suemarie
2014-07-03, 16:40
C:\Windows\SysWOW64\msxml3r.dll
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 10:21 - 2014-06-05 10:23 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
==================== One Month Modified Files and Folders =======
2014-07-03 09:05 - 2014-07-03 09:05 - 00018412 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-03 09:05 - 2014-07-02 08:43 - 00000000 ____D () C:\FRST
2014-07-03 09:00 - 2014-07-03 09:00 - 00001824 _____ () C:\Users\SueB\Desktop\JRT.txt
2014-07-03 08:52 - 2013-12-02 17:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:48 - 2014-07-03 08:48 - 01016261 _____ (Thisisu) C:\Users\SueB\Desktop\JRT.exe
2014-07-03 08:37 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 08:37 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 08:36 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 08:33 - 2013-09-05 20:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job
2014-07-03 08:29 - 2014-07-03 08:29 - 00000306 _____ () C:\Windows\PFRO.log
2014-07-03 08:29 - 2014-06-30 14:07 - 00001232 _____ () C:\Windows\setupact.log
2014-07-03 08:29 - 2014-02-19 09:57 - 01484341 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 08:29 - 2013-12-02 17:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 08:29 - 2013-08-30 20:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2014-07-03 08:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 08:28 - 2014-07-03 08:26 - 00000000 ____D () C:\AdwCleaner
2014-07-03 08:28 - 2012-11-21 17:54 - 00000000 ____D () C:\Users\SueB
2014-07-03 08:27 - 2014-02-27 22:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2014-07-03 08:25 - 2014-07-03 08:25 - 01346519 _____ () C:\Users\SueB\Desktop\AdwCleaner.exe
2014-07-03 08:10 - 2013-11-24 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 21:00 - 2014-07-02 08:43 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 20:49 - 2014-07-02 20:40 - 00000000 ____D () C:\Users\SueB\Desktop\mbar
2014-07-02 20:49 - 2014-07-02 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 20:41 - 2014-07-02 19:45 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 20:41 - 2014-07-02 19:29 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 20:39 - 2014-07-02 19:35 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:34 - 2014-07-02 20:34 - 00001202 _____ () C:\Users\SueB\Desktop\mbar-1.07.0.1012 - Shortcut.lnk
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 18:49 - 2012-11-23 04:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2014-07-02 18:33 - 2013-09-05 20:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job
2014-07-02 08:45 - 2014-07-02 08:44 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:30 - 2014-07-02 08:14 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:30 - 2014-07-02 08:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:24 - 2014-07-02 08:26 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 08:01 - 2014-07-02 07:56 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:56 - 2014-07-02 07:55 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:55 - 2014-07-02 07:54 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 22:51 - 2012-11-21 19:36 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\SoftGrid Client
2014-07-01 14:25 - 2014-02-27 22:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:42 - 2014-06-30 08:31 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-01 01:42 - 2012-04-12 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2014-07-01 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:32 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 01:28 - 2013-11-15 01:22 - 00002302 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-07-01 01:28 - 2013-02-22 09:01 - 00001897 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 23:24 - 2013-01-05 22:08 - 00000000 ____D () C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)
2014-06-30 22:49 - 2012-12-09 14:16 - 00000000 ____D () C:\Users\SueB\Documents\Youcam
2014-06-30 21:40 - 2014-06-30 08:34 - 00000000 __SHD () C:\Jumpshot
2014-06-30 14:14 - 2013-05-21 09:04 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4B6C508-3456-47A0-9DC4-7C361428BA62}
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 12:51 - 2014-04-08 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:35 - 2014-06-20 20:58 - 00000000 ____D () C:\Program Files\Java
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:30 - 2013-10-17 00:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
Suemarie
2014-07-03, 16:41
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:29 - 2012-11-27 18:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 09:22 - 2012-11-21 18:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 08:34 - 2012-11-21 17:55 - 07864320 ___SH () C:\Users\SueB\.ghost-ntfs-3g-00000000000000000009
2014-06-30 08:34 - 2009-07-13 22:34 - 77332480 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-06-30 08:34 - 2009-07-13 22:34 - 22806528 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-04-30 23:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-22 20:32 - 2012-11-21 17:55 - 00064416 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 03:47 - 2013-12-02 17:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 03:47 - 2013-12-02 17:17 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 21:09 - 2012-12-06 08:04 - 00000000 ____D () C:\ProgramData\Apple
2014-06-20 21:07 - 2013-11-24 14:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:07 - 2013-11-24 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Suemarie
2014-07-03, 16:43
2014-06-20 21:07 - 2013-11-24 14:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 20:58 - 2014-06-20 20:57 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:49 - 2014-04-06 23:12 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-20 20:45 - 2014-05-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 20:39 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:51 - 2013-12-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 19:26 - 2014-03-15 17:24 - 00000000 ____D () C:\ProgramData\webex
2014-06-16 18:28 - 2013-09-05 20:49 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA
2014-06-16 18:28 - 2013-09-05 20:49 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core
2014-06-13 07:02 - 2012-11-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 10:07 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 08:42 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-06-11 10:03 - 2013-08-15 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:01 - 2012-11-23 13:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 05:13 - 2014-06-26 21:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-26 21:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 17:57 - 00001409 _____ () C:\Users\SueB\Desktop\Internet Explorer.lnk
2014-06-06 02:52 - 2009-07-14 00:45 - 00295288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-05 16:47 - 2012-11-21 18:28 - 00002230 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 16:41 - 2013-08-04 13:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-06-05 10:23 - 2014-06-05 10:21 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
Suemarie
2014-07-03, 16:44
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
Some content of TEMP:
====================
C:\Users\SueB\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Suemarie
2014-07-03, 16:45
That should be all of it.
Suemarie
2014-07-03, 17:29
The only problem I have now is trying to put a photo on my facebook page.
Hi Suemarie,
I am having trouble posting the Farbar Report. I will try breaking it down into smaller sizes. :bigthumb: FYI, you can probably make the posts a little larger than the last group. :)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Reset / Change Homepage in Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings.
On Startup
Select the "Open a specific page or set of pages" radio button.
Click Set pages in the pop-up window you will see two (2) URL's:
hxxps://www.google.com/
hxxp://start.mysearchdial.com/)
Hold the cursor over the My Searchdial URL and click the "x" to delete it.
Save changes as required, then close Chrome setting menu.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)
Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
new FRST.txt
How's the computer running, any symptoms?
The only problem I have now is trying to put a photo on my facebook page.
Hi Suemarie,
Not my area of expertise but, see if any of these help. You can always try Google, it usually turns up good results.
https://www.facebook.com/help/118731871603814 - Uploading Photos & Profile Pictures
https://www.facebook.com/help/174641285926169 - How do I upload photos?
https://www.facebook.com/help/220070894714080 - How do I add or change my cover photo?
Suemarie
2014-07-04, 02:36
Hi,
I was able to do the first part. The weather is kicking up again. We are getting feeder bans from the Tropical Storm. They seem to come fast and furious and then leave just a quickly.
I will have better luck in the morning. :)
BTW. I do have Malewarebytes Pro in my system. Would it be ok to run that one?
Hi Suemarie
Post the logs when you can, & MBAM Pro scan is fine. :)
Suemarie
2014-07-04, 07:27
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2014.07.03.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16921
SueB :: SUEB-PC [administrator]
Protection: Enabled
7/3/2014 9:50:27 PM
mbam-log-2014-07-03 (21-50-27).txt
Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417751
Time elapsed: 47 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
----------------------------------------------
ESET SCAN
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\Local\NativeMessaging\CT3311875\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SueB\AppData\LocalLow\SweetTunes\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\SueB\Downloads\CCleaner_Setup [1].exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\dfsetup216.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\dfsetup217.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SueB\Downloads\download-install_flash_player.exe Win32/JoyDownloader.A potentially unwanted application
-------------------------------------------
Suemarie
2014-07-04, 07:28
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by SueB (administrator) on SUEB-PC on 04-07-2014 00:13:23
Running from C:\Users\SueB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-04 00:13 - 2014-07-04 00:13 - 00018189 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-04 00:10 - 2014-07-04 00:10 - 00002633 _____ () C:\Users\SueB\Desktop\ESETScan.txt
2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-03 18:36 - 2014-07-03 18:50 - 00000000 ___RD () C:\Users\SueB\Desktop\ENTERTAINMENT
2014-07-03 18:35 - 2014-07-03 18:50 - 00000000 ___RD () C:\Users\SueB\Desktop\OFFICE SOFTWARE
2014-07-03 18:33 - 2014-07-04 00:12 - 00000000 ___RD () C:\Users\SueB\Desktop\MY SECURITY SOFTWARE
2014-07-03 18:30 - 2014-07-04 00:12 - 00000000 ___RD () C:\Users\SueB\Desktop\SPECIAL SECURITY
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:29 - 2014-07-03 21:47 - 00000634 _____ () C:\Windows\PFRO.log
2014-07-03 08:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 08:26 - 2014-07-03 08:28 - 00000000 ____D () C:\AdwCleaner
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:45 - 2014-07-02 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 19:35 - 2014-07-02 20:39 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 19:29 - 2014-07-02 20:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 08:44 - 2014-07-02 08:45 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:43 - 2014-07-04 00:13 - 00000000 ____D () C:\FRST
2014-07-02 08:43 - 2014-07-02 21:00 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:26 - 2014-07-02 08:24 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:30 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:14 - 2014-07-02 08:30 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:55 - 2014-07-02 07:56 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:54 - 2014-07-02 07:55 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:32 - 2014-07-01 01:33 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 14:07 - 2014-07-03 21:47 - 00001456 _____ () C:\Windows\setupact.log
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 08:34 - 2014-06-30 21:40 - 00000000 __SHD () C:\Jumpshot
2014-06-30 08:31 - 2014-07-01 01:42 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-26 21:10 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 20:58 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Java
2014-06-20 20:57 - 2014-06-20 20:58 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 07:45 - 2014-06-12 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 06:09 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:09 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:09 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:09 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:09 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:09 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:09 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:09 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:09 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\SueB\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 10:21 - 2014-06-05 10:23 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
==================== One Month Modified Files and Folders =======
2014-07-04 00:13 - 2014-07-04 00:13 - 00018189 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-04 00:13 - 2014-07-02 08:43 - 00000000 ____D () C:\FRST
2014-07-04 00:12 - 2014-07-03 18:33 - 00000000 ___RD () C:\Users\SueB\Desktop\MY SECURITY SOFTWARE
2014-07-04 00:12 - 2014-07-03 18:30 - 00000000 ___RD () C:\Users\SueB\Desktop\SPECIAL SECURITY
2014-07-04 00:10 - 2014-07-04 00:10 - 00002633 _____ () C:\Users\SueB\Desktop\ESETScan.txt
2014-07-04 00:10 - 2013-11-24 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 23:52 - 2013-12-02 17:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 23:33 - 2013-09-05 20:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job
2014-07-03 23:27 - 2014-02-27 22:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-03 21:55 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 21:55 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 21:54 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 21:52 - 2014-02-19 09:57 - 01514791 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 21:47 - 2014-07-03 08:29 - 00000634 _____ () C:\Windows\PFRO.log
2014-07-03 21:47 - 2014-06-30 14:07 - 00001456 _____ () C:\Windows\setupact.log
2014-07-03 21:47 - 2013-12-02 17:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 21:47 - 2013-08-30 20:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2014-07-03 21:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 18:50 - 2014-07-03 18:36 - 00000000 ___RD () C:\Users\SueB\Desktop\ENTERTAINMENT
2014-07-03 18:50 - 2014-07-03 18:35 - 00000000 ___RD () C:\Users\SueB\Desktop\OFFICE SOFTWARE
2014-07-03 18:33 - 2013-09-05 20:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job
2014-07-03 16:04 - 2012-11-23 04:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:28 - 2014-07-03 08:26 - 00000000 ____D () C:\AdwCleaner
2014-07-03 08:28 - 2012-11-21 17:54 - 00000000 ____D () C:\Users\SueB
2014-07-02 21:00 - 2014-07-02 08:43 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 20:49 - 2014-07-02 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 20:41 - 2014-07-02 19:29 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 20:39 - 2014-07-02 19:35 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 08:45 - 2014-07-02 08:44 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:30 - 2014-07-02 08:14 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:30 - 2014-07-02 08:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:24 - 2014-07-02 08:26 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:56 - 2014-07-02 07:55 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:55 - 2014-07-02 07:54 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 22:51 - 2012-11-21 19:36 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\SoftGrid Client
2014-07-01 14:25 - 2014-02-27 22:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-06-30 08:31 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-01 01:42 - 2012-04-12 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2014-07-01 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:32 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 23:24 - 2013-01-05 22:08 - 00000000 ____D () C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)
2014-06-30 22:49 - 2012-12-09 14:16 - 00000000 ____D () C:\Users\SueB\Documents\Youcam
2014-06-30 21:40 - 2014-06-30 08:34 - 00000000 __SHD () C:\Jumpshot
2014-06-30 14:14 - 2013-05-21 09:04 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4B6C508-3456-47A0-9DC4-7C361428BA62}
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-04-08 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:35 - 2014-06-20 20:58 - 00000000 ____D () C:\Program Files\Java
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:30 - 2013-10-17 00:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:29 - 2012-11-27 18:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 09:22 - 2012-11-21 18:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 08:34 - 2012-11-21 17:55 - 07864320 ___SH () C:\Users\SueB\.ghost-ntfs-3g-00000000000000000009
2014-06-30 08:34 - 2009-07-13 22:34 - 77332480 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-06-30 08:34 - 2009-07-13 22:34 - 22806528 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-04-30 23:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-22 20:32 - 2012-11-21 17:55 - 00064416 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 03:47 - 2013-12-02 17:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 03:47 - 2013-12-02 17:17 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 21:09 - 2012-12-06 08:04 - 00000000 ____D () C:\ProgramData\Apple
2014-06-20 21:07 - 2013-11-24 14:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:07 - 2013-11-24 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 21:07 - 2013-11-24 14:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 20:58 - 2014-06-20 20:57 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-20 20:45 - 2014-05-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 20:39 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:51 - 2013-12-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 19:26 - 2014-03-15 17:24 - 00000000 ____D () C:\ProgramData\webex
2014-06-16 18:28 - 2013-09-05 20:49 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA
2014-06-16 18:28 - 2013-09-05 20:49 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core
2014-06-13 07:02 - 2012-11-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 10:07 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 08:42 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-06-11 10:03 - 2013-08-15 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:01 - 2012-11-23 13:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 05:13 - 2014-06-26 21:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-26 21:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 17:57 - 00001409 _____ () C:\Users\SueB\Desktop\Internet Explorer.lnk
2014-06-06 02:52 - 2009-07-14 00:45 - 00295288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\SueB\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 16:41 - 2013-08-04 13:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-06-05 10:23 - 2014-06-05 10:21 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
Some content of TEMP:
====================
C:\Users\SueB\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 08:14
==================== End Of Log ============================
Suemarie
2014-07-04, 07:31
The computer seems to be run just fine. I was surprised to see that conduit show up in the list. I just hope that I don't have to resort to taking the whole computer back to factory specs. :sad:
If you are planning a holiday weekend, have a good one.
Hi Suemarie,
I was surprised to see that conduit show up in the list. I just hope that I don't have to resort to taking the whole computer back to factory specs.
Those Conduit items are in a quarantine folder and pose no risk to your computer. I don't think resetting back to factory settings will be necessary.
Happy 4th of July to you too.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Delete a File/Folder
Using Windows Explorer (Windows Key + E), locate the following files, and DELETE them (if still present):
C:\Users\SueB\Downloads\CCleaner_Setup [1].exe
C:\Users\SueB\Downloads\ccsetup412.exe
C:\Users\SueB\Downloads\dfsetup216.exe
C:\Users\SueB\Downloads\dfsetup217.exe
C:\Users\SueB\Downloads\download-install_flash_player.exe
Exit Explorer
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
Any remaining issues?
Suemarie
2014-07-04, 20:40
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by SueB at 2014-07-04 13:30:49 Run:2
Running from C:\Users\SueB\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
--------------------------------------
No other issues. I do have a question. If I were to purchase the pro-version of Spybot, would it clash with my Avast Internet Security or Malwarbytes Pro?
The only thing that I don't like about Avast is their new program called Grimefighter. I made the mistake of putting that in and ended up disabling it because it was causing unwanted problems.
Would Spybot Professional take the place of Avast or should I keep it in?
Thank you ever so much for all you have done for me. If there is a special thread for complimenting you personally as a tech, I want to put in a good word there.
Hi Suemarie,
The Fixlist log only contained the header?
If so please run a fresh scan with FRST.
Just for clarification, I do not work for Spybot I am just a volunteer that helps people with malware removal from their personal computers.
Spybot Pro - Compare the different versions of Spybot - http://www.safer-networking.org/private/compare/
Avast Internet Security - http://www.avast.com/en-us/internet-security
Malwarebytes' Pro - https://www.malwarebytes.org/antimalware/premium/
Malwarebytes' Premium is a very good stand alone anti-malware tool to have. It detects and protects against malware in real-time. Don't confuse MBAM with an anti-virus, they are not the same.
Grimefighter - http://www.avast.com/en-us/grimefighter
Although you found not use for this tool that came bundled with Avast you seem to have found a solution to it. In the future when you are installing software (any software) always choose the "custom installation option" this will generally allow you to select what "add-ons" you would like to install. Then you have more control over what's added to your machine.
Would Spybot Professional take the place of Avast or should I keep it in?
Since Spybot Pro contains anti-virus protection so you would not need to have Avast also.
Thank you ever so much for all you have done for me. If there is a special thread for complimenting you personally as a tech, I want to put in a good word there.
Your welcome, and I appreciate your thoughtfulness. Generally, most people just add their comments directly into the thread.
Suemarie
2014-07-04, 23:14
oops. Let me do that again. :)
Suemarie
2014-07-04, 23:16
I didn't get all of it before. My apologies. :)
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by SueB at 2014-07-04 13:30:49 Run:2
Running from C:\Users\SueB\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
==== End of Fixlog ====
Hi Suemarie,
Looks good, any other issues or questions?
Suemarie
2014-07-04, 23:31
Here is the fresh FRST scan done about about 4:30pm est
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by SueB (administrator) on SUEB-PC on 04-07-2014 16:27:42
Running from C:\Users\SueB\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\System32\GManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-04 16:27 - 2014-07-04 16:27 - 00017997 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-04 13:50 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\SueB\AppData\Local\Software
2014-07-04 09:00 - 2014-07-04 09:00 - 00000000 ____D () C:\Users\SueB\AppData\Local\Apps\2.0
2014-07-04 08:28 - 2014-07-04 08:28 - 00000056 _____ () C:\Windows\setupact.log
2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 02:09 - 2014-07-04 13:58 - 00000000 ___RD () C:\Users\SueB\Desktop\BUSINESS
2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-03 18:36 - 2014-07-04 10:41 - 00000000 ___RD () C:\Users\SueB\Desktop\ENTERTAINMENT
2014-07-03 18:35 - 2014-07-04 10:38 - 00000000 ___RD () C:\Users\SueB\Desktop\OFFICE SOFTWARE
2014-07-03 18:33 - 2014-07-04 16:22 - 00000000 ___RD () C:\Users\SueB\Desktop\MY SECURITY SOFTWARE
2014-07-03 18:30 - 2014-07-04 16:27 - 00000000 ___RD () C:\Users\SueB\Desktop\SPECIAL SECURITY
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:27 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-03 08:26 - 2014-07-03 08:28 - 00000000 ____D () C:\AdwCleaner
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:45 - 2014-07-02 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 19:35 - 2014-07-02 20:39 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 19:29 - 2014-07-02 20:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 08:44 - 2014-07-02 08:45 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:43 - 2014-07-04 16:27 - 00000000 ____D () C:\FRST
2014-07-02 08:43 - 2014-07-02 21:00 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:26 - 2014-07-02 08:24 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-04 01:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:55 - 2014-07-02 07:56 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:54 - 2014-07-02 07:55 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:32 - 2014-07-01 01:33 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 08:34 - 2014-06-30 21:40 - 00000000 __SHD () C:\Jumpshot
2014-06-30 08:31 - 2014-07-01 01:42 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-26 21:10 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 20:58 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Java
2014-06-20 20:57 - 2014-06-20 20:58 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 07:45 - 2014-06-12 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 06:09 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:09 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:09 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:09 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:09 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:09 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:09 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:09 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:09 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 10:21 - 2014-06-05 10:23 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
==================== One Month Modified Files and Folders =======
2014-07-04 16:27 - 2014-07-04 16:27 - 00017997 _____ () C:\Users\SueB\Desktop\FRST.txt
2014-07-04 16:27 - 2014-07-03 18:30 - 00000000 ___RD () C:\Users\SueB\Desktop\SPECIAL SECURITY
2014-07-04 16:27 - 2014-07-02 08:43 - 00000000 ____D () C:\FRST
2014-07-04 16:27 - 2014-02-27 22:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2014-07-04 16:22 - 2014-07-03 18:33 - 00000000 ___RD () C:\Users\SueB\Desktop\MY SECURITY SOFTWARE
2014-07-04 16:10 - 2013-11-24 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 16:10 - 2012-11-23 04:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2014-07-04 15:52 - 2013-12-02 17:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 15:33 - 2013-09-05 20:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job
2014-07-04 13:58 - 2014-07-04 02:09 - 00000000 ___RD () C:\Users\SueB\Desktop\BUSINESS
2014-07-04 13:50 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\SueB\AppData\Local\Software
2014-07-04 10:50 - 2014-02-19 09:57 - 01547281 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 10:41 - 2014-07-03 18:36 - 00000000 ___RD () C:\Users\SueB\Desktop\ENTERTAINMENT
2014-07-04 10:38 - 2014-07-03 18:35 - 00000000 ___RD () C:\Users\SueB\Desktop\OFFICE SOFTWARE
2014-07-04 09:00 - 2014-07-04 09:00 - 00000000 ____D () C:\Users\SueB\AppData\Local\Apps\2.0
2014-07-04 08:35 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 08:35 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 08:33 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 08:28 - 2014-07-04 08:28 - 00000056 _____ () C:\Windows\setupact.log
2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-04 08:28 - 2013-12-02 17:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 08:28 - 2013-08-30 20:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2014-07-04 08:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 02:14 - 2012-12-09 14:16 - 00000000 ____D () C:\Users\SueB\Documents\Youcam
2014-07-04 01:38 - 2014-07-02 08:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-03 18:33 - 2013-09-05 20:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job
2014-07-03 08:50 - 2014-07-03 08:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-03 08:28 - 2014-07-03 08:26 - 00000000 ____D () C:\AdwCleaner
2014-07-03 08:28 - 2012-11-21 17:54 - 00000000 ____D () C:\Users\SueB
2014-07-02 21:00 - 2014-07-02 08:43 - 00002950 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 20:49 - 2014-07-02 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-02 20:41 - 2014-07-02 19:29 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-02 20:39 - 2014-07-02 19:35 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012
2014-07-02 20:34 - 2014-07-02 20:34 - 14196266 _____ () C:\Users\SueB\Downloads\mbar-1.07.0.1012.zip
2014-07-02 20:31 - 2014-07-02 20:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\SueB\Downloads\mbar-1.07.0.1012.exe
2014-07-02 19:44 - 2014-07-02 19:44 - 00000000 ____D () C:\Users\SueB\Downloads\mbar-1.07.0.1012 (1)
2014-07-02 08:45 - 2014-07-02 08:44 - 00041611 _____ () C:\Users\SueB\Downloads\Addition.txt
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Desktop\FRST64.exe
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:24 - 2014-07-02 08:26 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:56 - 2014-07-02 07:55 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:55 - 2014-07-02 07:54 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 22:51 - 2012-11-21 19:36 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\SoftGrid Client
2014-07-01 14:25 - 2014-02-27 22:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2014-07-01 01:42 - 2014-06-30 08:31 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-01 01:42 - 2012-04-12 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2014-07-01 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:32 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 23:24 - 2013-01-05 22:08 - 00000000 ____D () C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)
2014-06-30 21:40 - 2014-06-30 08:34 - 00000000 __SHD () C:\Jumpshot
2014-06-30 14:14 - 2013-05-21 09:04 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4B6C508-3456-47A0-9DC4-7C361428BA62}
2014-06-30 12:51 - 2014-04-08 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:35 - 2014-06-20 20:58 - 00000000 ____D () C:\Program Files\Java
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:30 - 2013-10-17 00:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:29 - 2012-11-27 18:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 09:22 - 2012-11-21 18:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 08:34 - 2012-11-21 17:55 - 07864320 ___SH () C:\Users\SueB\.ghost-ntfs-3g-00000000000000000009
2014-06-30 08:34 - 2009-07-13 22:34 - 77332480 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-06-30 08:34 - 2009-07-13 22:34 - 22806528 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-04-30 23:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-22 20:32 - 2012-11-21 17:55 - 00064416 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 03:47 - 2013-12-02 17:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 03:47 - 2013-12-02 17:17 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 21:09 - 2012-12-06 08:04 - 00000000 ____D () C:\ProgramData\Apple
2014-06-20 21:07 - 2013-11-24 14:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:07 - 2013-11-24 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 21:07 - 2013-11-24 14:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 20:58 - 2014-06-20 20:57 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-20 20:45 - 2014-05-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 20:39 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:51 - 2013-12-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 19:26 - 2014-03-15 17:24 - 00000000 ____D () C:\ProgramData\webex
2014-06-16 18:28 - 2013-09-05 20:49 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA
2014-06-16 18:28 - 2013-09-05 20:49 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core
2014-06-13 07:02 - 2012-11-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 10:07 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 08:42 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-06-11 10:03 - 2013-08-15 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:01 - 2012-11-23 13:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 05:13 - 2014-06-26 21:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-26 21:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 17:57 - 00001409 _____ () C:\Users\SueB\Desktop\Internet Explorer.lnk
2014-06-06 02:52 - 2009-07-14 00:45 - 00295288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 16:41 - 2013-08-04 13:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-06-05 10:23 - 2014-06-05 10:21 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt
Some content of TEMP:
====================
C:\Users\SueB\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 08:14
==================== End Of Log ============================
Suemarie
2014-07-04, 23:35
You must have been replying while I took a second scan. Everything seems to be running smoothly now. :)
Thank you ever so much. :2thumb:
Hi Suemarie,
Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools
Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:
Remove disinfection tools
Create registry backup
Purge system restore
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.
= = = = = = = = = = = = = = = = = = = =
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
= = = = = = = = = = = = = = = = = = = =
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free program:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)
= = = = = = = = = = = = = = = = = = = =
COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online
= = = = = = = = = = = = = = = = = = = =
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
= = = = = = = = = = = = = = = = = = = =
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
= = = = = = = = = = = = = = = = = = = =
Make sure you keep your Windows OS current.
Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
Without these you are leaving the back door open.
= = = = = = = = = = = = = = = = = = = =
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
= = = = = = = = = = = = = = = = = = = =
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Suemarie
2014-07-05, 00:31
# DelFix v10.7 - Logfile created 04/07/2014 at 16:53:36
# Updated 27/04/2014 by Xplode
# Username : SueB - SUEB-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\SueB\Downloads\Addition.txt
Deleted : C:\Users\SueB\Downloads\aswMBR.exe
Deleted : C:\Users\SueB\Downloads\FRST.txt
Deleted : C:\Users\SueB\Downloads\SecurityCheck (1).exe
Deleted : C:\Users\SueB\Downloads\SecurityCheck (2).exe
Deleted : C:\Users\SueB\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #345 [Windows Update | 06/27/2014 01:10:12]
Deleted : RP #346 [Removed Java 8 Update 5 (64-bit) | 06/28/2014 21:58:52]
Deleted : RP #347 [Installed Java 7 Update 60 (64-bit) | 06/28/2014 22:04:23]
Deleted : RP #348 [Windows Backup | 06/29/2014 23:00:08]
Deleted : RP #349 [Removed Java 7 Update 60 | 06/30/2014 15:11:11]
Deleted : RP #350 [Removed Java 7 Update 60 (64-bit) | 06/30/2014 15:12:01]
Deleted : RP #351 [Installed Java 7 Update 60 | 06/30/2014 15:29:01]
Deleted : RP #352 [Installed Java 7 Update 60 (64-bit) | 06/30/2014 15:34:55]
Deleted : RP #353 [Removed Microsoft Silverlight | 07/01/2014 05:30:35]
Deleted : RP #354 [Removed Microsoft Silverlight | 07/01/2014 05:31:03]
Deleted : RP #355 [Restore Operation | 07/01/2014 05:37:51]
Deleted : RP #349 [Windows Update | 07/01/2014 06:10:25]
Deleted : RP #350 [Windows Update | 07/04/2014 14:49:53]
New restore point created !
########## - EOF - ##########
Please tell me that this did not remove my Silverlight. I need that for Netflix.
Suemarie
2014-07-05, 00:38
OK. It's ok. Netflix works. :)
I will have to check about the NoScript and the AdBlockPlus. I am not supposed to have pop up blockers when I am working. I work for two companies, LiveOps and ACD direct. Both have special software that allows calls to be routed to my phone and the scripts to my computer.
I will read the articles. They look like they have some great advice.
Thank you once again,
Sue
I will have to check about the NoScript and the AdBlockPlus. I am not supposed to have pop up blockers when I am working. I work for two companies, LiveOps and ACD direct. Both have special software that allows calls to be routed to my phone and the scripts to my computer.
As stated previously:
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
Suemarie
2014-07-05, 08:28
OK. Thank you so much for all of your help. :kboard:
Hi Suemarie,
You're very welcome. Glad I was able to help. :bigthumb: Have a great day.
Since this issue appears to be resolved ... this Topic will be closed.