dlllhost.exe.32 com surr [Archive] - Safer-Networking Forums

chrisnoley256

2014-09-21, 21:58

HI,

I have been trying to fix my girlfriends uncle's computer and I realize now I am over my head. what I have done so far. I ran a rescue disk by avast. ran a scan with malware bytes, added spyware blaster, and used cc cleaner just to get rid of temp files. I tried to run the aswmbr scan but it kept freezing on me I saved a log file of what was scanned. I wont try to do anything else until I get a response. thanks for the help in advance.

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-21 13:34:25
-----------------------------
13:34:25.914 OS Version: Windows x64 6.1.7601 Service Pack 1
13:34:25.914 Number of processors: 2 586 0x200
13:34:25.929 ComputerName: CHUCKJOHNSON-PC UserName: chuck johnson
13:34:27.255 Initialize success
13:34:27.302 VM: driver load error: 2
13:34:29.564 AVAST engine defs: 14092100
13:34:36.709 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:34:36.709 Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 11
13:34:36.802 Disk 0 MBR read successfully
13:34:36.818 Disk 0 MBR scan
13:34:37.177 Disk 0 Windows 7 default MBR code
13:34:37.208 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
13:34:37.270 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
13:34:37.286 Disk 0 default boot code
13:34:37.317 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848
13:34:37.520 Disk 0 scanning C:\Windows\system32\drivers
13:34:47.598 Service scanning
13:35:08.689 Modules scanning
13:35:08.704 Disk 0 trace - called modules:
13:35:08.751 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:35:08.767 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004eee060]
13:35:08.798 3 CLASSPNP.SYS[fffff880018db43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800497f1f0]
13:35:09.796 AVAST engine scan C:\Windows
13:35:12.402 AVAST engine scan C:\Windows\system32
13:38:15.047 AVAST engine scan C:\Windows\system32\drivers
13:38:27.121 AVAST engine scan C:\Users\chuck johnson
14:05:38.697 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
14:05:38.744 The log file has been saved successfully to "E:\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by chuck johnson (administrator) on CHUCKJOHNSON-PC on 21-09-2014 13:28:47
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-21] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3738467188-906625896-3235375403-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3738467188-906625896-3235375403-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => "c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll" File Not Found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => "c:\progra~3\wincert\win32c~1.dll" File Not Found
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U146H&ocid=U146HDHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?pc=U146G&ocid=U146GDHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=394&systemid=406&v=a11465-114&apn_uid=6524321401504548&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0LoDud9kfsPY6zvd5xMTSgfnHC2t1aOjeEWvOuJvp-hNn0yoj8LlSBINn77LvyisRaA-LZrwXfSkiIuKcxeR37noxymDXkqGEOfOH6r9CfjKOxP5jkGutyVdFQztEebQ,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: saveitkeep. -> {A250293A-8904-1519-DE26-5BAEA3A63A67} -> C:\ProgramData\saveitkeep\s7Muhdi.x64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: RoyalShuoppeErApp -> {B324F063-F0CC-6C57-C60B-B1187F7D6DD4} -> C:\ProgramData\RoyalShuoppeErApp\vROBRgft.x64.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP", "hxxp://mail.live.com/"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchProvider: Default -> Bing
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=U146HD&PC=U146H&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U146HD&PC=U146H
CHR Profile: C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-22]
CHR Extension: (Google Drive) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-22]
CHR Extension: (YouTube) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-22]
CHR Extension: (Search) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (Gmail) - C:\Users\chuck johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-22]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\chuck johnson\AppData\Local\Torch\Plugins\TorchPlugin.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-20] (AVAST Software)
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S2 LMIRescueUA_2029536; C:\Users\chuck johnson\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe [2445144 2014-04-03] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-29] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-20] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-20] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-20] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-20] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-20] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-20] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-20] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-29] (AVG Technologies)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-25] ()
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 13:28 - 2014-09-21 13:28 - 00000000 ____D () C:\FRST
2014-09-21 04:33 - 2014-09-21 04:33 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-21 04:32 - 2014-09-21 04:33 - 04901352 _____ (Piriform Ltd) C:\Users\chuck johnson\Downloads\ccsetup417.exe
2014-09-21 04:29 - 2014-09-21 04:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-21 04:28 - 2014-09-21 04:31 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-21 04:28 - 2014-09-21 04:28 - 04095448 _____ (BrightFort LLC ) C:\Users\chuck johnson\Downloads\spywareblastersetup50.exe
2014-09-21 04:28 - 2014-09-21 04:28 - 00001088 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-21 04:28 - 2014-09-21 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-21 04:28 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-09-21 04:06 - 2014-09-21 04:06 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Google
2014-09-21 04:03 - 2014-09-21 04:03 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\AVAST Software
2014-09-20 22:33 - 2014-09-20 22:33 - 00000000 ____D () C:\Users\chuck johnson\Documents\ProcAlyzer Dumps
2014-09-20 16:09 - 2014-09-20 22:30 - 50063360 _____ () C:\Program Files (x86)\GUT2932.tmp
2014-09-20 16:09 - 2014-09-20 16:11 - 00000000 ____D () C:\ProgramData\Google
2014-09-20 16:09 - 2014-09-20 16:09 - 00000000 ____D () C:\Program Files (x86)\GUM2912.tmp
2014-09-20 16:08 - 2014-09-21 04:59 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-20 16:08 - 2014-09-20 16:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-20 16:08 - 2014-09-20 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-20 16:05 - 2014-09-20 16:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\chuck johnson\Downloads\avast_free_antivirus_setup_online.exe
2014-09-19 10:49 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-19 02:50 - 2014-09-01 02:51 - 00000828 _____ () C:\Windows\system32\Drivers\etc\hosts.20140918-235014.backup
2014-09-19 02:25 - 2014-09-19 02:25 - 00000000 ____D () C:\Program Files (x86)\Belkin
2014-09-19 02:16 - 2014-09-19 02:16 - 00000000 ____D () C:\Windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2014-09-19 01:49 - 2014-09-20 16:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 01:27 - 2014-09-21 00:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-19 01:27 - 2014-09-19 01:27 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-19 01:27 - 2014-09-19 01:27 - 00001388 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-19 01:27 - 2014-09-19 01:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-19 01:27 - 2013-09-20 13:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-19 01:26 - 2014-09-19 02:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-18 02:49 - 2014-09-18 02:49 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (33).EXE
2014-09-18 02:38 - 2014-09-18 02:39 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (32).EXE
2014-09-18 02:37 - 2014-09-18 02:38 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (31).EXE
2014-09-17 22:02 - 2014-09-17 22:05 - 00000123 _____ () C:\Users\chuck johnson\Desktop\Tech Support.txt
2014-09-17 21:31 - 2014-09-17 21:31 - 00000093 _____ () C:\Users\chuck johnson\Desktop\email.txt
2014-09-17 21:03 - 2014-09-17 21:04 - 01529152 _____ (LogMeIn, Inc.) C:\Users\chuck johnson\Downloads\Support-LogMeInRescue.exe
2014-09-17 20:47 - 2014-09-17 20:47 - 00000000 ____D () C:\Windows\pss
2014-09-13 23:27 - 2014-09-13 23:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (3).exe
2014-09-13 23:19 - 2014-09-13 23:19 - 03193192 ____N (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (2).exe
2014-09-13 20:28 - 2014-09-13 20:28 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (1).exe
2014-09-13 20:27 - 2014-09-13 20:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup.exe
2014-09-10 12:17 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 12:17 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 12:17 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 12:17 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 12:17 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 12:17 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 12:17 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 12:17 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 12:17 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 12:17 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 12:17 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 12:17 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 12:17 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 12:17 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 12:17 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 12:17 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 12:17 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 12:17 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 12:17 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 12:17 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 12:17 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 12:17 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 12:17 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 12:17 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 12:17 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 12:17 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 12:17 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 12:17 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 12:17 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 12:17 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 12:17 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 12:17 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 12:17 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 12:17 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 12:17 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 12:17 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 12:17 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 12:17 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 12:17 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 12:17 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 12:17 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 12:17 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 12:17 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 12:17 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 12:17 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 12:17 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 12:17 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 12:17 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 12:17 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 12:17 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 12:17 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 12:17 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 12:17 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 12:17 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 12:17 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:17 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-09 18:50 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 18:50 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 18:50 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 18:50 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 18:50 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-27 23:17 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:17 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:17 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 13:28 - 2014-09-21 13:28 - 00000000 ____D () C:\FRST
2014-09-21 12:53 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 07:29 - 2014-02-22 15:21 - 00000000 ____D () C:\temp
2014-09-21 05:13 - 2014-01-22 02:42 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 05:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 05:13 - 2009-07-14 00:51 - 00111760 _____ () C:\Windows\setupact.log
2014-09-21 05:11 - 2012-02-10 03:46 - 01904771 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 05:08 - 2014-01-22 02:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 05:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 05:07 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 05:00 - 2014-03-11 17:57 - 00000294 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-09-21 04:59 - 2014-09-20 16:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-21 04:58 - 2014-06-23 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 04:58 - 2014-03-11 17:57 - 00000288 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-09-21 04:58 - 2014-03-06 21:27 - 00001556 _____ () C:\Windows\Tasks\Video-for-PC-1.2-updater.job
2014-09-21 04:58 - 2014-03-06 21:27 - 00001410 _____ () C:\Windows\Tasks\Video-for-PC-1.2-enabler.job
2014-09-21 04:58 - 2014-03-06 21:26 - 00001512 _____ () C:\Windows\Tasks\Video-for-PC-1.2-codedownloader.job
2014-09-21 04:58 - 2014-03-06 21:25 - 00002612 _____ () C:\Windows\Tasks\Video-for-PC-1.2-firefoxinstaller.job
2014-09-21 04:58 - 2014-03-06 21:24 - 00003128 _____ () C:\Windows\Tasks\Video-for-PC-1.2-chromeinstaller.job
2014-09-21 04:57 - 2010-11-20 23:47 - 01665082 _____ () C:\Windows\PFRO.log
2014-09-21 04:47 - 2013-06-01 05:25 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\CrashDumps
2014-09-21 04:47 - 2012-08-12 04:38 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 04:33 - 2014-09-21 04:33 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-21 04:33 - 2014-09-21 04:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-21 04:33 - 2014-09-21 04:32 - 04901352 _____ (Piriform Ltd) C:\Users\chuck johnson\Downloads\ccsetup417.exe
2014-09-21 04:31 - 2014-09-21 04:28 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-21 04:31 - 2014-02-26 05:03 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-21 04:29 - 2014-09-21 04:29 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-21 04:28 - 2014-09-21 04:28 - 04095448 _____ (BrightFort LLC ) C:\Users\chuck johnson\Downloads\spywareblastersetup50.exe
2014-09-21 04:28 - 2014-09-21 04:28 - 00001088 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-21 04:28 - 2014-09-21 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-21 04:25 - 2014-01-22 02:42 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 04:24 - 2012-04-17 00:56 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Adobe
2014-09-21 04:06 - 2014-09-21 04:06 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\Google
2014-09-21 04:06 - 2013-03-31 21:30 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\Google
2014-09-21 04:06 - 2013-03-31 20:23 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\Torch
2014-09-21 04:04 - 2013-04-28 00:49 - 00002374 _____ () C:\Windows\wininit.ini
2014-09-21 04:03 - 2014-09-21 04:03 - 00000000 ____D () C:\Users\chuck johnson\AppData\Roaming\AVAST Software
2014-09-21 00:45 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-20 22:33 - 2014-09-20 22:33 - 00000000 ____D () C:\Users\chuck johnson\Documents\ProcAlyzer Dumps
2014-09-20 22:30 - 2014-09-20 16:09 - 50063360 _____ () C:\Program Files (x86)\GUT2932.tmp
2014-09-20 16:11 - 2014-09-20 16:09 - 00000000 ____D () C:\ProgramData\Google
2014-09-20 16:10 - 2014-01-22 02:43 - 00000000 ____D () C:\Program Files\Google
2014-09-20 16:10 - 2014-01-22 02:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-20 16:09 - 2014-09-20 16:09 - 00000000 ____D () C:\Program Files (x86)\GUM2912.tmp
2014-09-20 16:08 - 2014-09-20 16:08 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-20 16:08 - 2014-09-20 16:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-20 16:08 - 2014-09-20 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-20 16:08 - 2014-09-20 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-20 16:05 - 2014-09-20 16:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-20 16:05 - 2014-09-19 01:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-20 16:01 - 2014-09-20 16:01 - 04862664 _____ (AVAST Software) C:\Users\chuck johnson\Downloads\avast_free_antivirus_setup_online.exe
2014-09-20 15:50 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-19 13:00 - 2012-04-17 00:56 - 00000000 ____D () C:\Users\chuck johnson
2014-09-19 10:49 - 2014-09-19 10:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-19 02:42 - 2014-09-19 01:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-19 02:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 02:25 - 2014-09-19 02:25 - 00000000 ____D () C:\Program Files (x86)\Belkin
2014-09-19 02:25 - 2011-08-10 07:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 02:16 - 2014-09-19 02:16 - 00000000 ____D () C:\Windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2014-09-19 01:27 - 2014-09-19 01:27 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-19 01:27 - 2014-09-19 01:27 - 00001388 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-19 01:27 - 2014-09-19 01:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-19 01:27 - 2014-09-19 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-19 01:22 - 2011-08-10 07:53 - 00000000 ____D () C:\Windows\fr
2014-09-18 02:49 - 2014-09-18 02:49 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (33).EXE
2014-09-18 02:39 - 2014-09-18 02:38 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (32).EXE
2014-09-18 02:38 - 2014-09-18 02:37 - 02194056 _____ (Microsoft Corporation) C:\Users\chuck johnson\Downloads\DefaultPack (31).EXE
2014-09-17 22:30 - 2014-04-03 15:11 - 00000000 ____D () C:\Users\chuck johnson\AppData\Local\LogMeIn Rescue Applet
2014-09-17 22:05 - 2014-09-17 22:02 - 00000123 _____ () C:\Users\chuck johnson\Desktop\Tech Support.txt
2014-09-17 21:31 - 2014-09-17 21:31 - 00000093 _____ () C:\Users\chuck johnson\Desktop\email.txt
2014-09-17 21:04 - 2014-09-17 21:03 - 01529152 _____ (LogMeIn, Inc.) C:\Users\chuck johnson\Downloads\Support-LogMeInRescue.exe
2014-09-17 20:47 - 2014-09-17 20:47 - 00000000 ____D () C:\Windows\pss
2014-09-13 23:27 - 2014-09-13 23:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (3).exe
2014-09-13 23:19 - 2014-09-13 23:19 - 03193192 ____N (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (2).exe
2014-09-13 20:28 - 2014-09-13 20:28 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup (1).exe
2014-09-13 20:27 - 2014-09-13 20:27 - 03193192 _____ (Xacti, LLC ) C:\Users\chuck johnson\Downloads\EmailNotifierSetup.exe
2014-09-11 19:34 - 2009-07-14 01:08 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 12:15 - 2014-02-27 17:27 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-09 23:05 - 2014-01-22 02:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 23:05 - 2013-10-29 19:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 23:05 - 2011-08-10 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 02:51 - 2014-09-19 02:50 - 00000828 _____ () C:\Windows\system32\Drivers\etc\hosts.20140918-235014.backup
2014-08-25 09:53 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 22:07 - 2014-08-27 23:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 23:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 23:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\chuck johnson\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-19 13:42

==================== End Of Log ============================

LiquidTension

2014-09-21, 22:21

Hello chrisnoley256, welcome to Safer Networking's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
Please backup important documents before proceeding with my instructions.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

======================================================

Please consider the following warning, and let me know how you wish to proceed.

http://i.imgur.com/goGMWSt.gif BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for further information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10063)

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following information:

When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)
Help: I Got Hacked. Now What Do I Do? (http://technet.microsoft.com/library/cc512587.aspx)
Where to draw the line? When to recommend a format and reinstall? (http://miekiemoes.blogspot.co.uk/2008/06/malware-removal-where-to-draw-line.html)

Please let me know how you wish to proceed, and if you have any questions.

chrisnoley256

2014-09-21, 23:13

As far as I know the infected computer is not used for banking. what steps can I take to get the infected back to working order

chrisnoley256

2014-09-21, 23:36

I talked to the owner and he is OK with reformatting the computer can I have some instruction on how to do so? Thanks again for the help

LiquidTension

2014-09-21, 23:53

OK.

What is the make and model of the machine?

Please include the contents of Addition.txt (from running FRST) in your next post as well.

chrisnoley256

2014-09-22, 07:07

I had a friend come over and re format the computer everything appears to be working fine. Thank you for your help you can close this thread.

LiquidTension

2014-09-22, 10:54

OK, thank you for letting me know.

As it appears this issue is resolved this topic will now be closed. I'm glad we could help. :)
If this is not the case and you need or wish to continue, please send me a Personal Message (PM) stating you would like this topic re-opened.