TechSpot

Possible Malware

Solved
By mom26gr8kids
Jun 15, 2014
  1. I have been getting a warning from my Avast several times tonight that it has blocked a potential threat. When I click on the more details link this is what I get:

    URL
    hxxp://38.71.2.31/ad/l/1?s=b008&n=10886%3B10886%3B87146%3B91559%3B93644%3B94047%3B376342%3B377624%3B379152&t=1402806877145374010&f=&cn=slotEnd&et=I&tpos=3&init=1&slid=1
    Infection
    URL:Mal

    It is blocking the threat, but I think I may still have malware, so I ran scans and am attaching them. Have not done anything unusual on my computer the last couple days, except that a couple days ago Avast told me it noticed an add-on with a poor reputation, and asked if I wanted to remove it. It was the Ask toolbar. After I agreed to remove it Avast said I needed to select my new homepage. My homepage is usually Google, but Avast only gives me the option of Yahoo or Microsft Bing. I clicked on Bing, but my homepage is now MSN.

    Last week when trying to organize some pictures for my son's senior recital I was downloading/updating Picasa and I think that's where I got the Ask toolbar. I was not paying very close attention obviously since I am usually more careful about foistware on my laptop. Otherwise I have not done anything unusual on my computer this week that I can recall.
     
  2. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/14/2014
    Scan Time: 8:46:56 PM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.06.15.01
    Rootkit Database: v2014.06.02.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Kendra

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 287831
    Time Elapsed: 18 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.Installcore, C:\Users\Kendra\AppData\Local\Temp\is357113909\339005085_stp\HomePageDLL.dll, Quarantined, [e8d5d8a0daa13600c6e6202ade26827e],
    PUP.Optional.BundleInstaller.A, C:\Users\Kendra\Downloads\picasa setup.exe, Quarantined, [b904adcb463562d42984112ade23a65a],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  3. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16921 BrowserJavaVersion: 10.55.2
    Run by Kendra at 22:42:09 on 2014-06-14
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5578.3294 [GMT -6:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Elantech\ETDService.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Windows\RfBtnSvc64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\25F636B6751405D223 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\25F636B6751405D223 : DHCPNameServer = 10.0.0.2
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\3456E647572797C496E6B693630323 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\3456E647572797C496E6B693630323 : DHCPNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\35F6C696467427F657E64637 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\35F6C696467427F657E64637 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.3.1
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\441444D20534F577962756C6563737 : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}\441444D20534F577962756C6563737 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{93861460-374F-46E0-90B7-36421D29E88F} : NameServer = 156.154.70.22,156.154.71.22
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
    FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Users\Kendra\AppData\Local\Roblox\Versions\version-f77fe2742c314291\NPRobloxProxy.dll
    FF - plugin: C:\Users\Kendra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-4-15 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-4-15 208416]
    R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2013-4-15 1039096]
    R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-4-15 423240]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-1-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-1-16 748784]
    R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-1-16 37560]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-27 239616]
    R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-16 199008]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-4-15 79184]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-6-11 50344]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-5-12 2266296]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
    R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-27 100752]
    R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227904]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-16 2466448]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-14 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-14 860472]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-1-16 98160]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-27 91648]
    R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-12-27 331152]
    R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-27 118936]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-4-24 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-6-14 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-6-14 64216]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-1-16 26736]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-1-16 343696]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-16 58536]
    S2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-6-11 29208]
    S2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-26 85328]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 2264280]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2012-6-29 1119232]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-12-27 23552]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    .
    =============== Created Last 30 ================
    .
    2014-06-15 02:44:33 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-06-15 02:43:27 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-06-15 02:43:26 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-06-15 02:43:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-12 02:42:09 3246592 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-06-12 02:42:09 235520 ----a-w- C:\Windows\System32\rdpudd.dll
    2014-06-12 02:42:01 619008 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2014-06-12 02:42:00 328024 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
    2014-06-12 02:40:34 2233176 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-06-12 02:40:33 1845760 ----a-w- C:\Windows\System32\msxml3.dll
    2014-06-12 02:40:33 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-06-12 00:56:41 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-06-12 00:56:29 43152 ----a-w- C:\Windows\avastSS.scr
    2014-06-10 23:33:00 283312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin
    2014-06-10 14:49:02 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
    2014-06-10 14:49:01 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
    2014-06-10 14:49:01 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
    2014-05-29 20:01:30 -------- d-----w- C:\Users\Kendra\AppData\Local\gtk-2.0
    2014-05-29 20:01:20 -------- d-----w- C:\Users\Kendra\.thumbnails
    2014-05-28 23:42:46 -------- d-----w- C:\Users\Kendra\AppData\Local\fontconfig
    2014-05-28 23:42:43 -------- d-----w- C:\Users\Kendra\AppData\Local\gegl-0.2
    2014-05-28 23:42:43 -------- d-----w- C:\Users\Kendra\.gimp-2.8
    2014-05-28 23:40:36 -------- d-----w- C:\Program Files\GIMP 2
    2014-05-17 22:24:23 703992 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-05-17 22:24:23 105464 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2014-06-12 00:57:04 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-06-12 00:57:04 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-06-12 00:56:33 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-06-12 00:56:32 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-06-12 00:56:32 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-06-12 00:56:32 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-24 02:47:45 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2014-05-24 02:47:44 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-05-24 01:26:46 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-23 22:37:13 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
    2014-05-12 13:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-04-29 22:32:07 1301504 ----a-w- C:\Windows\System32\gdi32.dll
    2014-04-29 22:22:23 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-04-19 09:39:36 628024 ----a-w- C:\Windows\System32\NotificationUI.exe
    2014-04-19 08:45:39 693760 ----a-w- C:\Windows\System32\WSShared.dll
    2014-04-19 08:45:39 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-19 06:57:49 566784 ----a-w- C:\Windows\SysWow64\WSShared.dll
    2014-04-19 06:57:49 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-04-16 21:13:00 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2014-04-16 21:12:59 748784 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
    2014-04-16 21:12:59 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2014-04-15 08:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2014-04-15 02:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-04-12 09:27:03 172888 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 09:10:31 578048 ----a-w- C:\Windows\System32\winlogon.exe
    2014-04-12 09:09:43 208896 ----a-w- C:\Windows\System32\wdigest.dll
    2014-04-12 09:09:39 1043968 ----a-w- C:\Windows\System32\usercpl.dll
    2014-04-12 09:09:34 94720 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-04-12 09:09:19 588288 ----a-w- C:\Windows\System32\SHCore.dll
    2014-04-12 09:08:37 318464 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-04-12 09:08:17 439808 ----a-w- C:\Windows\System32\lsm.dll
    2014-04-12 09:08:17 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 09:08:10 827904 ----a-w- C:\Windows\System32\kerberos.dll
    2014-04-12 09:07:36 20480 ----a-w- C:\Windows\System32\credssp.dll
    2014-04-12 07:23:59 178688 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-04-12 07:23:52 961536 ----a-w- C:\Windows\SysWow64\usercpl.dll
    2014-04-12 07:23:49 76800 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-04-12 07:23:40 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
    2014-04-12 07:23:14 273920 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-04-12 07:22:58 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-04-12 07:22:33 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-04-12 06:58:06 14848 ----a-w- C:\Windows\System32\workerdd.dll
    2014-04-09 21:36:58 249856 ------w- C:\Windows\Setup1.exe
    2014-04-09 21:36:57 73216 ----a-w- C:\Windows\ST6UNST.EXE
    2014-03-28 19:19:38 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
    2014-03-28 08:23:00 1287168 ----a-w- C:\Windows\System32\schedsvc.dll
    2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
    2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
    2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
    2014-03-25 19:22:29 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
    2014-03-25 19:22:28 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
    2014-03-25 19:22:25 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
    2014-03-25 19:22:23 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
    2014-03-24 23:42:47 305152 ----a-w- C:\Windows\SysWow64\wusa.exe
    2014-03-24 22:56:59 309760 ----a-w- C:\Windows\System32\wusa.exe
    2014-03-23 22:11:52 269592 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
    .
    ============= FINISH: 22:44:07.65 ===============
     
  4. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/15/2013 11:38:53 AM
    System Uptime: 6/13/2014 2:20:43 PM (32 hours ago)
    .
    Motherboard: Gateway | | VG50_CM
    Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics | Socket FT1 | 1900/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 682 GiB total, 499.055 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP70: 5/26/2014 12:36:13 AM - Scheduled Checkpoint
    RP71: 6/3/2014 2:24:07 PM - Scheduled Checkpoint
    RP72: 6/10/2014 4:22:24 PM - Scheduled Checkpoint
    RP73: 6/11/2014 6:53:51 PM - avast! antivirus system restore point
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 13 Plugin
    Adobe Shockwave Player 12.1
    Agatha Christie - Death on the Nile
    Aloha TriPeaks
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Quick Stream
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Backup Manager v4
    Bejeweled 3
    Big Fish: Game Manager
    Bonjour
    Broadcom 802.11 Network Adapter
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    COMODO Internet Security
    Cradle Of Egypt Collector's Edition
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Delicious: Emily's True Love Premium Edition
    Dora's World Adventure
    Doro 1.85
    Dritek Radio Controller
    Elevated Installer
    ETDWare PS/2-X64 11.6.16.003_WHQL
    Fishdom H2O: Hidden Odyssey ™
    Game Channels
    Garmin Express
    Garmin Express Tray
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    GIMP 2.8.10
    Google Chrome
    Google Drive
    Google Update Helper
    Identity Card
    iTunes
    Java 7 Update 55
    Java Auto Updater
    Jewel Match 3
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
    Microsoft Office 365 - en-us
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mystery P.I. - Curious Case of Counterfeit Cove
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Peggle Nights
    Penguins!
    Picasa 3
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Prerequisite installer
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    ROBLOX Player for Kendra
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SpiderMania Solitaire
    Spotify
    SUPERAntiSpyware
    swMSM
    Tales of Lagoona
    TranscriptPro for Umbrella Schools
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\)
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3
    Unity Web Player
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2014 9:09:56 PM, Error: Service Control Manager [7046] - The following service has repeatedly stopped responding to service control requests: Shell Hardware Detection Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
    6/9/2014 9:09:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    6/9/2014 9:08:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    6/9/2014 9:08:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    6/9/2014 9:07:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    6/9/2014 9:07:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    6/9/2014 9:06:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    6/14/2014 10:40:57 PM, Error: Service Control Manager [7000] - The avast! HardwareID service failed to start due to the following error: The specified procedure could not be found.
    6/13/2014 2:20:47 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    6/11/2014 8:55:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
    6/11/2014 8:55:46 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 8:54:43 PM, Error: Service Control Manager [7022] - The COM+ Event System service hung on starting.
    6/11/2014 8:54:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
    6/11/2014 6:56:57 PM, Error: Service Control Manager [7000] - The avast! EmHWID service failed to start due to the following error: The specified procedure could not be found.
    6/11/2014 5:33:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    6/11/2014 5:33:23 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 5:25:17 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 5:24:25 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 5:21:43 PM, Error: Service Control Manager [7000] - The Microsoft Account Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 5:21:17 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 3:35:36 PM, Error: Service Control Manager [7000] - The Problem Reports and Solutions Control Panel Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2014 3:35:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wercplsupport with arguments "Unavailable" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    6/10/2014 3:39:24 PM, Error: Service Control Manager [7000] - The Device Setup Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  6. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    # AdwCleaner v3.212 - Report created 15/06/2014 at 20:16:51
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 8 (64 bits)
    # Username : Kendra - MOMSPC
    # Running from : C:\Users\Kendra\Downloads\adwcleaner_3.212.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\Users\Kendra\AppData\Local\Temp\apn
    File Deleted : C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\searchplugins\ask-search.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\WEDLMNGR

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16921


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\prefs.js ]


    -\\ Google Chrome v35.0.1916.153

    [ File : C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R1].txt - [1168 octets] - [15/06/2014 20:14:12]
    AdwCleaner[S1].txt - [1055 octets] - [15/06/2014 20:16:51]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1115 octets] ##########
     
  7. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8 x64
    Ran by Kendra on Sun 06/15/2014 at 20:30:55.01
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
    Successfully deleted: [Folder] "C:\ProgramData\big fish"
    Successfully deleted: [Folder] "C:\bigfishcache"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 06/15/2014 at 21:59:16.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
    Ran by Kendra at 2014-06-15 22:15:35
    Running from C:\Users\Kendra\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

    ==================== Installed Programs ======================

    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    AMD Accelerated Video Transcoding (Version: 12.5.100.20918 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{1109461B-E8C8-EE08-0219-5711383B03DF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
    AMD VISION Engine Control Center (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
    Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2012.0918.0259.3365 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2012.0918.260.3365 - Advanced Micro Devices, Inc.) Hidden
    COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
    CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
    CyberLink PowerDVD 10 (x32 Version: 10.0.4427.52 - CyberLink Corp.) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Doro 1.85 (HKLM-x32\...\Doro_is1) (Version: - CompSoft)
    Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
    Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
    Fishdom H2O: Hidden Odyssey ™ (HKLM-x32\...\BFG-Fishdom H2O - Hidden Odyssey) (Version: - )
    Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
    Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
    Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
    Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
    Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Gateway Incorporated)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
    Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
    Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
    Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
    Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
    Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.28127 - Realtek Semiconductor Corp.)
    ROBLOX Player for Kendra (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    SpiderMania Solitaire (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
    TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) (HKLM-x32\...\ST6UNST #2) (Version: - )
    TranscriptPro for Umbrella Schools (HKLM-x32\...\ST6UNST #1) (Version: - )
    Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
    Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Restore Points =========================

    26-05-2014 06:36:13 Scheduled Checkpoint
    03-06-2014 20:24:07 Scheduled Checkpoint
    10-06-2014 22:22:24 Scheduled Checkpoint
    12-06-2014 00:53:51 avast! antivirus system restore point

    ==================== Hosts content: ==========================

    2012-07-25 23:26 - 2013-09-24 21:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0A9BAA47-01C4-4B5C-8E76-FB91971F50CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {0AA63F47-1780-44E0-B1FA-4149D7AB2A97} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-27] (Microsoft Corporation)
    Task: {0D587687-10EB-4A62-B7EF-DDBC208B05C2} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
    Task: {15E39DF1-E535-45AB-988C-32832CC68BAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
    Task: {19A4AC7E-911A-4281-B375-5202069EC9B2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {457EFF35-225C-43C5-8163-A629F5ABBDDC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-11] (AVAST Software)
    Task: {6E1D6524-29B4-4668-AD84-7F4F71E28930} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: {728CE8FD-EF71-4CA8-819B-62A4AE9D96E9} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25] (COMODO)
    Task: {92038175-A6D1-4BBC-9541-A2D4DF5661D6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {9C12ECE2-B1D1-4E59-AD08-E445935BF12C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {A14AC367-617C-4C07-9B2F-912E9D013E72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {C8BED43C-8A1A-49D3-AF1A-EE9CBCB9EB0A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
    Task: {D60B7D9A-2EBC-43A9-B67F-284FCCE5EBFC} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {E29E8702-1B13-479E-839D-A316DCC13592} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {EEC42E08-FE28-4C0F-89EF-091CEFE274A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-10 23:22 - 2013-02-02 20:55 - 00500224 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll
    2014-05-12 16:35 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-05-10 23:38 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2014-05-27 12:44 - 2014-05-27 12:44 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-06-15 17:59 - 2014-06-15 17:59 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061501\algo.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-02 18:38 - 2012-11-02 18:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
    2012-11-02 18:37 - 2012-11-02 18:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
    2012-11-02 18:38 - 2012-11-02 18:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
    2012-11-02 18:37 - 2012-11-02 18:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
    2012-11-02 18:37 - 2012-11-02 18:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
    2012-11-02 18:37 - 2012-11-02 18:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
    2012-11-02 18:37 - 2012-11-02 18:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
    2013-10-21 11:01 - 2013-10-21 11:01 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:2F141B68
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54

    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== MSCONFIG/TASK MANAGER disabled items =========


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (06/15/2014 10:14:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The avast! HardwareID service failed to start due to the following error:
    %%127

    Error: (06/15/2014 10:09:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The avast! HardwareID service failed to start due to the following error:
    %%127


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-06-15 22:11:38.107
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-15 21:29:20.573
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-15 20:30:36.069
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-15 20:11:59.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-15 17:59:25.476
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-15 16:52:36.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 23:10:38.669
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 22:54:52.608
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 22:32:51.045
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-06-14 22:01:16.596
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 25%
    Total physical RAM: 5578.25 MB
    Available physical RAM: 4159.56 MB
    Total Pagefile: 11210.25 MB
    Available Pagefile: 9329.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.77 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:682.19 GB) (Free:499.6 GB) NTFS
    Drive d: (TP-Umbrella-101) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: 7D86E589)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  9. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
    Ran by Kendra (administrator) on MOMSPC on 15-06-2014 22:14:21
    Running from C:\Users\Kendra\Downloads
    Platform: Windows 8 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Farbar) C:\Users\Kendra\Downloads\FRST64 (1).exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\instup.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-01-16] (Dritek System Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-11] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [196608 2013-08-01] (CompSoft)
    HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-11] (SUPERAntiSpyware)
    HKU\S-1-5-21-2205581236-1962149331-2801561248-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
    ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {B277A523-F32E-4415-B0A5-C9795B9F5EFD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 - {B277A523-F32E-4415-B0A5-C9795B9F5EFD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKCU - {B277A523-F32E-4415-B0A5-C9795B9F5EFD} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
    Tcpip\..\Interfaces\{3B38C2B9-E5C1-4A75-9EE1-F1892D0EC33C}: [NameServer]156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{93861460-374F-46E0-90B7-36421D29E88F}: [NameServer]156.154.70.22,156.154.71.22

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default
    FF DefaultSearchEngine: Microsoft (Bing)
    FF SearchEngineOrder.1: Microsoft (Bing)
    FF SelectedSearchEngine: Microsoft (Bing)
    FF Homepage: hxxp://www.msn.com/?pc=AV01
    FF Keyword.URL: hxxp://www.bing.com/search
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
    FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Kendra\AppData\Local\Roblox\Versions\version-f77fe2742c314291\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kendra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\searchplugins\bing-avast.xml
    FF Extension: PrivDog - C:\Users\Kendra\AppData\Roaming\Mozilla\Firefox\Profiles\3el9feo0.default\Extensions\PrivDog@AdTrustMedia.com [2014-04-21]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-15]

    Chrome:
    =======
    CHR HomePage: hxxp://www.msn.com/?pc=AV01
    CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01"
    CHR DefaultSearchKeyword: bing1.com
    CHR DefaultSearchProvider: Microsoft (Bing)
    CHR DefaultSearchURL: http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    CHR DefaultNewTabURL:
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
    CHR Extension: (Google Docs) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
    CHR Extension: (Google Drive) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (WOT) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-07]
    CHR Extension: (YouTube) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-24]
    CHR Extension: (Google Search) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
    CHR Extension: (Google Wallet) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
    CHR Extension: (Gmail) - C:\Users\Kendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-11] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
    R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
    S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-22] (WildTangent)
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [98160 2013-01-16] (Dritek System INC.)

    ==================== Drivers (Whitelisted) ====================

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-11] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-11] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-11] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-11] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-11] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-11] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-11] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-11] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-20] (Advanced Micro Devices)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-01-16] (Broadcom Corporation)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [748784 2014-04-16] (COMODO)
    R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [37560 2014-04-16] (COMODO)
    R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127664 2014-04-16] (COMODO)
    U5 ProtectedStorage; C:\Windows\system32\lsass.exe [35840 2014-03-10] (Microsoft Corporation)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-16] (Dritek System Inc.)
    S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1119232 2012-06-29] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-15 22:14 - 2014-06-15 22:14 - 00018043 _____ () C:\Users\Kendra\Downloads\FRST.txt
    2014-06-15 22:11 - 2014-06-15 22:14 - 00000000 ____D () C:\FRST
    2014-06-15 22:11 - 2014-06-15 22:11 - 02081280 _____ (Farbar) C:\Users\Kendra\Downloads\FRST64 (1).exe
    2014-06-15 22:06 - 2014-06-15 22:06 - 02081280 _____ (Farbar) C:\Users\Kendra\Downloads\FRST64.exe
    2014-06-15 21:59 - 2014-06-15 21:59 - 00000927 _____ () C:\Users\Kendra\Desktop\JRT.txt
    2014-06-15 20:24 - 2014-06-15 20:24 - 01016261 _____ (Thisisu) C:\Users\Kendra\Downloads\JRT.exe
    2014-06-15 20:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-06-15 20:12 - 2014-06-15 20:17 - 00000000 ____D () C:\AdwCleaner
    2014-06-15 20:11 - 2014-06-15 20:11 - 01333465 _____ () C:\Users\Kendra\Downloads\adwcleaner_3.212.exe
    2014-06-14 23:03 - 2014-06-14 23:03 - 00001291 _____ () C:\Users\Kendra\mbam1.txt
    2014-06-14 23:03 - 2014-06-14 23:03 - 00001290 _____ () C:\Users\Kendra\mbam.txt
    2014-06-14 22:44 - 2014-06-14 22:44 - 00023425 _____ () C:\Users\Kendra\Desktop\dds.txt
    2014-06-14 22:44 - 2014-06-14 22:44 - 00012109 _____ () C:\Users\Kendra\Desktop\attach.txt
    2014-06-14 22:40 - 2014-06-14 22:40 - 00688992 ____R (Swearware) C:\Users\Kendra\Downloads\dds.com
    2014-06-14 20:44 - 2014-06-14 23:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-14 20:43 - 2014-06-14 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-14 20:43 - 2014-06-14 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-14 20:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-06-14 20:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-06-14 20:40 - 2014-06-14 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kendra\Downloads\mbam-setup-2.0.2.1012.exe
    2014-06-11 20:42 - 2014-05-02 23:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-06-11 20:42 - 2014-05-02 21:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2014-06-11 20:42 - 2014-04-03 05:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2014-06-11 20:42 - 2014-04-02 21:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2014-06-11 20:41 - 2014-05-23 20:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-06-11 20:41 - 2014-05-23 20:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-06-11 20:41 - 2014-05-23 20:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-06-11 20:41 - 2014-05-23 20:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-06-11 20:41 - 2014-05-23 20:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-06-11 20:41 - 2014-05-23 20:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-06-11 20:41 - 2014-05-23 20:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-06-11 20:41 - 2014-05-23 20:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-06-11 20:41 - 2014-05-23 20:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-06-11 20:41 - 2014-05-23 19:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-06-11 20:41 - 2014-05-23 19:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-06-11 20:41 - 2014-05-23 19:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-06-11 20:41 - 2014-05-23 19:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-06-11 20:41 - 2014-05-23 19:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-06-11 20:41 - 2014-05-23 16:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-06-11 20:41 - 2014-04-29 16:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-06-11 20:41 - 2014-04-29 16:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-06-11 20:41 - 2014-03-31 16:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
    2014-06-11 20:41 - 2014-03-24 17:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
    2014-06-11 20:41 - 2014-03-24 16:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
    2014-06-11 20:40 - 2014-04-03 05:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-06-11 20:40 - 2014-03-06 18:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-06-11 20:40 - 2014-03-06 18:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-06-11 18:56 - 2014-06-11 18:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-06-11 18:56 - 2014-06-11 18:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-06-06 01:06 - 2014-06-06 01:06 - 94122009 _____ () C:\Users\Kendra\Documents\ppt8E12.tmp
    2014-06-06 01:06 - 2014-06-06 01:06 - 00000000 _____ () C:\Users\Kendra\Documents\pptD6B7.tmp
    2014-06-04 01:31 - 2014-06-06 01:08 - 94122010 _____ () C:\Users\Kendra\Documents\Paul A.pptx
    2014-06-01 20:04 - 2014-06-01 20:04 - 00018481 _____ () C:\Users\Kendra\AppData\Local\recently-used.xbel
    2014-06-01 18:09 - 2014-06-02 16:14 - 00000129 ____H () C:\Users\Kendra\Downloads\.picasa.ini
    2014-05-30 22:59 - 2014-05-30 22:59 - 00000000 _____ () C:\Users\Kendra\Downloads\download.htm
    2014-05-29 14:01 - 2014-06-01 20:04 - 00000000 ____D () C:\Users\Kendra\AppData\Local\gtk-2.0
    2014-05-29 14:01 - 2014-05-29 14:01 - 00000000 ____D () C:\Users\Kendra\.thumbnails
    2014-05-28 17:42 - 2014-06-01 20:04 - 00000000 ____D () C:\Users\Kendra\.gimp-2.8
    2014-05-28 17:42 - 2014-05-28 17:42 - 00000901 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2014-05-28 17:42 - 2014-05-28 17:42 - 00000000 ____D () C:\Users\Kendra\AppData\Local\gegl-0.2
    2014-05-28 17:40 - 2014-05-28 17:41 - 00000000 ____D () C:\Program Files\GIMP 2
    2014-05-28 17:38 - 2014-05-28 17:38 - 90390368 _____ (The GIMP Team ) C:\Users\Kendra\Downloads\gimp-2.8.10-setup.exe
    2014-05-17 16:24 - 2014-05-30 23:16 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-17 16:24 - 2014-05-30 23:16 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified Files and Folders =======

    2014-06-15 22:14 - 2014-06-15 22:14 - 00018043 _____ () C:\Users\Kendra\Downloads\FRST.txt
    2014-06-15 22:14 - 2014-06-15 22:11 - 00000000 ____D () C:\FRST
    2014-06-15 22:14 - 2013-04-15 11:38 - 00000000 ____D () C:\Users\Kendra\AppData\Local\Temp
    2014-06-15 22:11 - 2014-06-15 22:11 - 02081280 _____ (Farbar) C:\Users\Kendra\Downloads\FRST64 (1).exe
    2014-06-15 22:06 - 2014-06-15 22:06 - 02081280 _____ (Farbar) C:\Users\Kendra\Downloads\FRST64.exe
    2014-06-15 22:02 - 2013-05-13 22:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-06-15 22:02 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-06-15 21:59 - 2014-06-15 21:59 - 00000927 _____ () C:\Users\Kendra\Desktop\JRT.txt
    2014-06-15 21:33 - 2013-04-15 11:46 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-15 20:33 - 2013-04-15 11:38 - 01619179 _____ () C:\Windows\WindowsUpdate.log
    2014-06-15 20:24 - 2014-06-15 20:24 - 01016261 _____ (Thisisu) C:\Users\Kendra\Downloads\JRT.exe
    2014-06-15 20:21 - 2013-04-15 11:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-15 20:20 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-06-15 20:19 - 2012-12-27 03:02 - 00915154 _____ () C:\Windows\PFRO.log
    2014-06-15 20:19 - 2012-07-25 23:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
    2014-06-15 20:17 - 2014-06-15 20:12 - 00000000 ____D () C:\AdwCleaner
    2014-06-15 20:11 - 2014-06-15 20:11 - 01333465 _____ () C:\Users\Kendra\Downloads\adwcleaner_3.212.exe
    2014-06-15 17:58 - 2013-04-15 12:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-06-14 23:14 - 2013-04-15 11:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2205581236-1962149331-2801561248-1001
    2014-06-14 23:05 - 2013-04-15 11:38 - 00000000 ____D () C:\Users\Kendra
    2014-06-14 23:03 - 2014-06-14 23:03 - 00001291 _____ () C:\Users\Kendra\mbam1.txt
    2014-06-14 23:03 - 2014-06-14 23:03 - 00001290 _____ () C:\Users\Kendra\mbam.txt
    2014-06-14 23:02 - 2014-06-14 20:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-14 22:52 - 2013-12-16 01:10 - 00004608 ___SH () C:\Users\Kendra\Desktop\Thumbs.db
    2014-06-14 22:44 - 2014-06-14 22:44 - 00023425 _____ () C:\Users\Kendra\Desktop\dds.txt
    2014-06-14 22:44 - 2014-06-14 22:44 - 00012109 _____ () C:\Users\Kendra\Desktop\attach.txt
    2014-06-14 22:40 - 2014-06-14 22:40 - 00688992 ____R (Swearware) C:\Users\Kendra\Downloads\dds.com
    2014-06-14 22:33 - 2013-04-15 11:55 - 00001146 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-06-14 22:33 - 2013-04-15 11:55 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-06-14 22:33 - 2013-04-15 11:52 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-06-14 20:43 - 2014-06-14 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-14 20:43 - 2014-06-14 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-14 20:43 - 2013-04-24 00:38 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-14 20:43 - 2013-04-24 00:38 - 00000000 ____D () C:\Users\Kendra\AppData\Roaming\Malwarebytes
    2014-06-14 20:43 - 2013-04-24 00:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-14 20:40 - 2014-06-14 20:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kendra\Downloads\mbam-setup-2.0.2.1012.exe
    2014-06-14 12:02 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-06-13 17:13 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache
    2014-06-13 14:19 - 2013-04-19 11:17 - 520664936 _____ () C:\Windows\MEMORY.DMP
    2014-06-12 13:48 - 2012-07-26 01:59 - 00000000 ____D () C:\Windows\CbsTemp
    2014-06-12 13:46 - 2013-05-14 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-12 13:45 - 2013-07-14 23:42 - 00000000 ____D () C:\Windows\system32\MRT
    2014-06-12 13:42 - 2013-04-16 18:06 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-06-11 19:48 - 2013-04-17 21:14 - 00784896 ___SH () C:\Users\Kendra\Downloads\Thumbs.db
    2014-06-11 18:57 - 2013-12-26 16:28 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-06-11 18:57 - 2013-04-15 12:54 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-06-11 18:57 - 2013-04-15 12:54 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-06-11 18:57 - 2013-04-15 12:54 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-06-11 18:56 - 2014-06-11 18:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-06-11 18:56 - 2014-06-11 18:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-06-11 18:56 - 2013-04-15 12:54 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-06-11 18:56 - 2013-04-15 12:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-06-11 18:56 - 2013-04-15 12:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-06-11 18:56 - 2013-04-15 12:53 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-06-11 18:56 - 2013-04-15 12:53 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-06-11 18:54 - 2013-04-16 19:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-06-11 17:31 - 2013-04-15 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-06-10 12:30 - 2013-04-22 13:37 - 00000000 ____D () C:\Users\Kendra\AppData\Local\CrashDumps
    2014-06-10 08:49 - 2014-04-11 17:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-06-09 21:16 - 2012-07-26 01:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-06-06 01:08 - 2014-06-04 01:31 - 94122010 _____ () C:\Users\Kendra\Documents\Paul A.pptx
    2014-06-06 01:06 - 2014-06-06 01:06 - 94122009 _____ () C:\Users\Kendra\Documents\ppt8E12.tmp
    2014-06-06 01:06 - 2014-06-06 01:06 - 00000000 _____ () C:\Users\Kendra\Documents\pptD6B7.tmp
    2014-06-05 09:02 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
    2014-06-02 16:14 - 2014-06-01 18:09 - 00000129 ____H () C:\Users\Kendra\Downloads\.picasa.ini
    2014-06-01 20:04 - 2014-06-01 20:04 - 00018481 _____ () C:\Users\Kendra\AppData\Local\recently-used.xbel
    2014-06-01 20:04 - 2014-05-29 14:01 - 00000000 ____D () C:\Users\Kendra\AppData\Local\gtk-2.0
    2014-06-01 20:04 - 2014-05-28 17:42 - 00000000 ____D () C:\Users\Kendra\.gimp-2.8
    2014-05-30 23:16 - 2014-05-17 16:24 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-30 23:16 - 2014-05-17 16:24 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-30 22:59 - 2014-05-30 22:59 - 00000000 _____ () C:\Users\Kendra\Downloads\download.htm
    2014-05-30 11:34 - 2014-05-10 23:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-05-29 14:01 - 2014-05-29 14:01 - 00000000 ____D () C:\Users\Kendra\.thumbnails
    2014-05-28 17:42 - 2014-05-28 17:42 - 00000901 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2014-05-28 17:42 - 2014-05-28 17:42 - 00000000 ____D () C:\Users\Kendra\AppData\Local\gegl-0.2
    2014-05-28 17:41 - 2014-05-28 17:40 - 00000000 ____D () C:\Program Files\GIMP 2
    2014-05-28 17:38 - 2014-05-28 17:38 - 90390368 _____ (The GIMP Team ) C:\Users\Kendra\Downloads\gimp-2.8.10-setup.exe
    2014-05-23 20:48 - 2014-06-11 20:41 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-05-23 20:47 - 2014-06-11 20:41 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-05-23 20:47 - 2014-06-11 20:41 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-05-23 20:47 - 2014-06-11 20:41 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-05-23 20:47 - 2014-06-11 20:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-05-23 20:46 - 2014-06-11 20:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-05-23 20:45 - 2014-06-11 20:41 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-05-23 20:45 - 2014-06-11 20:41 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-05-23 20:45 - 2014-06-11 20:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-23 19:26 - 2014-06-11 20:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-05-23 19:25 - 2014-06-11 20:41 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-05-23 19:25 - 2014-06-11 20:41 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-05-23 19:09 - 2014-06-11 20:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-23 19:03 - 2014-06-11 20:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-23 16:37 - 2014-06-11 20:41 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-05-22 11:59 - 2014-01-13 11:35 - 00000000 ____D () C:\Users\Kendra\Desktop\Full Quiver Contracting
    2014-05-20 23:00 - 2012-07-26 02:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-05-20 23:00 - 2012-07-26 02:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-05-20 23:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-05-20 23:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-05-17 20:55 - 2013-04-15 11:41 - 00000000 ___RD () C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-17 20:55 - 2013-04-15 11:41 - 00000000 ___RD () C:\Users\Kendra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-17 16:20 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData
    2014-05-17 16:20 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
    2014-05-17 15:19 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

    Some content of TEMP:
    ====================
    C:\Users\Kendra\AppData\Local\Temp\APNSetup.exe
    C:\Users\Kendra\AppData\Local\Temp\bfguni.exe
    C:\Users\Kendra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Kendra\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-07 10:05

    ==================== End Of Log ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    I think that some of the scans I ran deleted some very important files on my computer. I really need these. I had not backed them up since I suspected I had a virus and because I thought they were backed up on my flash drive, but when I click on the file on my flash drive they are not there either. I don't know if you can help me find these, but I don't want to proceed with any further steps until I know that I am not permanently deleting the files.

    I am looking for this file
    C:\Users\Kendra\AppData\Local\VirtualStore\Program Files (x86)\TranscriptPro Umbrella

    Since I am not sure how to read the virus scans or extract data is there some way you can help me find these?
     
     
  12. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Nevermind. It turns out that Windows File Explorer was checked to run as administrator. Now that it's selected to run normally I am able to find all of my files. I have to do a few things this morning and then I will run the fix this afternoon. Thanks
     
  13. Broni

    Broni Malware Annihilator Posts: 47,995   +271

  14. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
    Ran by Kendra at 2014-06-18 22:22:55 Run:1
    Running from C:\Users\Kendra\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:2F141B68
    AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    BHO: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    C:\Users\Kendra\AppData\Local\Temp\APNSetup.exe
    C:\Users\Kendra\AppData\Local\Temp\bfguni.exe
    C:\Users\Kendra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\Kendra\AppData\Local\Temp\Quarantine.exe
    *****************

    C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\Temp => ":2F141B68" ADS removed successfully.
    C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}' => Key deleted successfully.
    'HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
    C:\Users\Kendra\AppData\Local\Temp\APNSetup.exe => Moved successfully.
    C:\Users\Kendra\AppData\Local\Temp\bfguni.exe => Moved successfully.
    C:\Users\Kendra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Users\Kendra\AppData\Local\Temp\Quarantine.exe => Moved successfully.

    ==== End of Fixlog ====
     
  15. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Results of screen317's Security Check version 0.99.85
    x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 55
    Java version out of Date!
    Adobe Flash Player 13.0.0.214 Flash Player out of Date!
    Mozilla Firefox 29.0.1 Firefox out of Date!
    Google Chrome 35.0.1916.114
    Google Chrome 35.0.1916.153
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  17. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Farbar Service Scanner Version: 10-06-2014
    Ran by Kendra (administrator) on 22-06-2014 at 16:41:02
    Running from "C:\Users\Kendra\Downloads"
    Microsoft Windows 8 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Eset?
     
  19. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    C:\Users\Kendra\Downloads\cbsidlm-cbsi188-Doro_PDF_Writer-ORG-10578740.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    [​IMG] Update Firefox to the current 30.0 version.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  21. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    My home page is still not back to normal. This is the tab that comes up whenever I open Chrome or Firefox.

    http://www.msn.com/?pc=AV01
     
  22. Broni

    Broni Malware Annihilator Posts: 47,995   +271

  23. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    The issue seems to be resolved.
     
  24. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 389

    Sorry I always forget to reply once everything is solved. Thanks for all your help. Everything is back to normal and running smoothly.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.