TechSpot

Very slow running laptop. no sure why

By stevow
Sep 12, 2014
  1. Haven't been here in a few years or so.....thanks to you guys (y)(y)
    Bare with me as I don't know IF I need to be in the BSOD for my problem.
    I haven't really used this laptop on the net for maybe 2 years except a few times using wifi in hotels. And most of that time was just updating anti virus etc. Ran so slow I resorted to my iphone.

    it's a 2011 HP Pavillion G6 Notebook, it came with windows 7 and I think it's still that, 4G Memory.
    Per Bobbye's tutoring several years ago I've been real good at keeping my PC's clean.
    This laptop right now has up to date Malwarebytes, SuperAntispyware, SpywareBlaster, Comodo double fire wall and Avast.
    Now about a years ago I took it to a hotel and went wifi and was about 1 yr behind in all updates, so I did so and in that hour + updating the above programs I was nailed with infections. I went through all programs and cleaned out all infections....or was it cleaned out???? Another PC once had a rootkit and wow what a sneaky infection.

    Now what I'm getting is a very very slow start up, very slow response no matter what I'm doing, some pages will not open, on Facebook it keeps saying a "Long Running Script" problem, even on here I get "Page Not Responding".
    I've ran Malware, SAS and AVast scans and all alerts are quarantined.
    When I stopped using this laptop on the net 2+ yrs ago it ran just fine. Not a speed demon but ok for me.
    What is my course of action?

    thanks so much!
    steve
     
  2. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Hi Broni,
    Now If you would like to see the quarantined malware scan I did much earlier in the day I can do that.
    Thanks for your help!
    steve

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 9/12/2014
    Scan Time: 7:44:06 PM
    Logfile: mbamscan.txt
    Administrator: Yes
    Version: 2.00.2.1012
    Malware Database: v2014.09.12.09
    Rootkit Database: v2014.09.12.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: steve
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 315978
    Time Elapsed: 29 min, 4 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)
    (end)
    *******************************************
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
    Run by steve at 20:50:13 on 2014-09-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3691.1787 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Users\steve\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\steve\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [PrivDogService] "C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe"
    mRun: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818} : DHCPNameServer = 172.20.100.1
    TCP: Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5} : NameServer = 156.154.70.22,156.154.71.22
    TCP: Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteR64.dll
    x64-BHO: {4F524A2D-5637-4300-76A7-7A786E7484D7} - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
    x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    x64-Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-10-29 79488]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-10-29 40064]
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-29 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-29 224896]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2012-4-18 1041168]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2012-4-18 427360]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-6-30 738472]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-6-30 48360]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-9-7 172344]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-29 204288]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-4 365568]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-16 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-4-18 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-2-16 92008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-11 50344]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-15 2375168]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-11 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-11 860472]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-15 46136]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-29 114704]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-6 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-11 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-11 63704]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-8-15 1492992]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-27 339048]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-27 539240]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-29 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-4-15 2264280]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    .
    =============== Created Last 30 ================
    .
    2014-09-12 19:25:22 -------- d-----w- C:\Users\steve\AppData\Local\AdTrustMedia
    2014-09-12 13:36:23 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-09-12 03:23:36 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2014-09-12 03:23:35 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2014-09-12 03:17:30 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-09-12 03:17:30 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-09-12 03:17:29 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-09-12 03:17:29 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-09-12 03:17:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-09-12 03:17:21 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-09-12 03:16:33 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-09-12 03:16:33 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-09-12 02:39:00 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2014-09-12 02:37:58 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-09-12 02:35:59 -------- d-----w- C:\SUPERDelete
    2014-09-12 02:35:55 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-09-12 02:35:54 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-09-12 02:34:01 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
    2014-09-12 02:34:00 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-09-12 02:33:59 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-09-12 02:33:11 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-09-12 02:33:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-09-12 02:33:05 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2014-09-12 02:33:04 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-09-12 02:33:03 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2014-09-12 02:33:03 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-09-12 02:33:02 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
    2014-09-12 02:33:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-09-12 02:33:02 2048 ----a-w- C:\Windows\System32\msxml6r.dll
    2014-09-12 02:33:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-09-12 02:32:57 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-09-12 02:32:55 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-09-12 02:31:56 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-09-12 02:31:53 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-09-12 02:31:50 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-09-12 02:30:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-12 02:30:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-12 02:29:04 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-09-12 02:29:03 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-09-12 02:29:03 1941504 ----a-w- C:\Windows\System32\authui.dll
    2014-09-12 02:29:02 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2014-09-12 02:29:00 504320 ----a-w- C:\Windows\System32\msihnd.dll
    2014-09-12 02:29:00 112064 ----a-w- C:\Windows\System32\consent.exe
    2014-09-12 02:28:59 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
    2014-09-12 02:28:06 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2014-09-12 02:05:54 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-09-12 02:05:53 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-09-12 02:05:52 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-09-12 02:05:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-09-12 02:05:50 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-09-12 02:00:48 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-09-12 02:00:47 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-09-12 02:00:46 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-09-12 02:00:32 578048 ----a-w- C:\Windows\System32\aepdu.dll
    2014-09-12 02:00:29 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-09-12 01:22:36 43152 ----a-w- C:\Windows\avastSS.scr
    2014-09-12 01:07:51 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-12 01:07:01 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-12 01:07:01 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-09-12 01:07:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-12 01:05:46 2620928 ----a-w- C:\Windows\System32\wucltux.dll
    2014-09-12 01:05:30 97792 ----a-w- C:\Windows\System32\wudriver.dll
    2014-09-12 01:05:30 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-09-12 01:04:05 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2014-09-12 01:04:04 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2014-09-12 01:04:04 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-09-12 01:04:04 198600 ----a-w- C:\Windows\System32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2014-09-12 01:22:47 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-09-12 01:22:46 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-09-12 01:22:46 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-09-12 01:22:44 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-09-12 01:22:44 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-09-12 01:22:44 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-09-12 01:22:41 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-09-12 01:04:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-12 01:04:58 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-07-25 09:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-25 06:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    .
    ============= FINISH: 20:57:29.85 ===============
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX
    Adobe Reader X (10.1.11) MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    AMD APP SDK Runtime
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bonjour
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCScore
    Chuzzle Deluxe
    COMODO Internet Security
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    Epson CreativeZone
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON NX125 NX127 Series Printer Uninstall
    EPSON Scan
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    ESU for Microsoft Windows 7
    Evernote v. 4.2.2
    Farm Frenzy
    FATE - The Traitor Soul
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Auto
    HP Client Services
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    ICP 9.0
    IDT Audio
    iTunes
    Java 7 Update 67
    Java Auto Updater
    Junk Mail filter update
    Kodak EasyShare software
    LG USB Modem driver
    LTCM Client
    Magic Desktop
    Mah Jong Medley
    Malwarebytes Anti-Malware version 2.0.2.1012
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    netbrdg
    OfotoXMI
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    PrivDog
    QuickTime
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    RedMon - Redirection Port Monitor
    RoxioNow Player
    SanDiskSecureAccess_Manager.exe
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    SFR
    SHASTA
    SiteRanker
    skin0001
    SKINXSDK
    Slingo Supreme
    SpywareBlaster 5.0
    staticcr
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    VPRINTOL
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma Deluxe
    .
    ==== End Of File ===========================
     

    Attached Files:

  4. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Via iPhone.....my laptop this morning cannot bring up the internet.
    Oops, I accidentally attached mbam. I thought I deleted it. Sorry about that. Can't seem to delete it via iPhone. The pasted scan is in the reply though.
    Steve
     
  5. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  6. stevow

    stevow TS Rookie Topic Starter Posts: 55

    OK, I was able to restart the computer and ran the entire scan following your attached directions 'exactly' by looking at my iphone. After clicking REPORT I saw the Notepad with the findings, but RogueKiller's scan report did not save in notepad and it's not on desktop either like it said it should be. I searched documents etc to no avail. After closing the scan the following window was on my desktop:

    **Security Alert
    ! Your current security settings do not allow this file to be downloaded.**

    Should I run it again and immediately copy/paste here? Then do step 2 in your above and put in another reply?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    To get rid of that message...

    a. Open Internet Explorer.
    b. Click Tools and then options.
    c. Click on the security tab.
    d. Select the Internet Zone.
    e. Click on the Custom Level Button and then scroll down to Download.
    f. Make sure to enable File download.
    g. Click Apply and Ok
    h. Restart Internet Explorer and check if that helps.
     
  8. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Security file download was already enabled.
    So I've immediately copied/ pasted the results. I'll now do the 2nd part of your directions.
    *********
    RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : steve [Admin rights]
    Mode : Remove -- Date : 09/13/2014 16:43:26
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 13 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818} | DhcpNameServer : 172.20.100.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818} | DhcpNameServer : 172.20.100.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818} | DhcpNameServer : 172.20.100.1 -> NOT SELECTED
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ HOSTS File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD50 00BPVT-60HXZT3 SATA Disk Device +++++
    --- User ---
    [MBR] aed73740c9008d8a741b1c889874e490
    [BSP] 8e3f116b7e5b59d639444c5caf80aef7 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461578 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945721344 | Size: 15058 MB
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
    User = LL1 ... OK
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] bd0ed8a344127a17f82ffc2d51eb6090
    [BSP] 8e3f116b7e5b59d639444c5caf80aef7 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
    1 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 MB
    2 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 MB
    3 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 172081152 | Size: 20002 MB

    ============================================
    RKreport_DEL_09132014_124647.log - RKreport_SCN_09132014_124504.log - RKreport_SCN_09132014_164029.log
     
  9. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Go on...
     
  10. stevow

    stevow TS Rookie Topic Starter Posts: 55

    I did the system restore and then RootKit scan.
    It said no infection.
    Just a note: During the registry and Directory Data scanning portion a small window popped up (I've seen this more than once the past few days) with the following: C:/users/steve/AppData/Local/AdTrustMedia/PrivDog/PrivDog_ie_setup.exe
    Windows cannot access the specified device, path, or file. You may not have the permission to access the item.

    The folder does not have the "mbar-log-(date) (xx-xx-xx).txt".
    It only has the following scan.
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.17280
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.596000 GHz
    Memory total: 3870195712, free: 1208610816
    =======================================
    Initializing...
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E10CAA52
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 945311744
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 945721344 Numsec = 30838784
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128 Numsec = 210992
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  11. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Well rats!
    Ok, Combofix's scan bar was about 80+% done and the earlier mentioned window that said I may not have permission to access popped up---C\ privDog....etc. I sat there and watched it for about 10 minutes and it appeared scanning stopped so I mouse clicked that window out. I then watched it for about 30 mins and then unplugged the cat5 and left it as is. I did not turn it off. The laptop sits with the Combofix window as I left it.

    Please advise.
     
  13. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Oh and it's been like that since 11:30pm sat night.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Restart computer manually.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Like before where the notepad scan was not saved I'm posting the AdwCleaner now, and I'll post the other scans in the next reply.
    Also, I'm seeing 2 different scans. One in Notepad and one in the C:\ drive.
    I"ll put both and let you sort it out.
    ***********************************************************
    # AdwCleaner v3.310 - Report created 14/09/2014 at 18:24:54
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : steve - STEVE-HP
    # Running from : C:\Users\steve\Downloads\adwcleaner_3.310.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\SiteRanker
    Folder Deleted : C:\Users\steve\AppData\Local\Temp\apn
    Folder Deleted : C:\Users\steve\AppData\LocalLow\Inbox Toolbar
    Folder Deleted : C:\Users\steve\AppData\LocalLow\SiteRanker
    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [siteranker@siteranker.com]
    Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
    Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
    Key Deleted : HKCU\Software\SiteRanker
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17280

    -\\ Google Chrome v37.0.2062.120
    [ File : C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=&apn_ptnrs=&apn_sauid=&apn_dtid=OSJ000&psv=&q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [9819 octets] - [14/09/2014 18:19:20]
    AdwCleaner[S0].txt - [9158 octets] - [14/09/2014 18:24:54]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9218 octets] ##########

    2nd \from C: &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Check website ranking.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Check website ranking.lnk.vir
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Help & Tips.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Help & Tips.lnk.vir
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Run SiteRanker.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Run SiteRanker.lnk.vir
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Uninstall SiteRanker.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker\Uninstall SiteRanker.lnk.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\6866.url->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\6866.url.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\6881.url->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\6881.url.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\6884.url->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\6884.url.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\control.txt->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\control.txt.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\games.ico->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\games.ico.vir
    C:\Program Files (x86)\Free Offers from Freeze.com\musicoasis.ico->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Free Offers from Freeze.com\musicoasis.ico.vir
    C:\Program Files (x86)\SiteRanker\SiteR64.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\SiteR64.dll.vir
    C:\Program Files (x86)\SiteRanker\SiteRank.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\SiteRank.dll.vir
    C:\Program Files (x86)\SiteRanker\SiteRankTray.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\SiteRankTray.exe.vir
    C:\Program Files (x86)\SiteRanker\unins000.dat->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\unins000.dat.vir
    C:\Program Files (x86)\SiteRanker\unins000.exe->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\unins000.exe.vir
    C:\Program Files (x86)\SiteRanker\firefox\chrome.manifest->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\firefox\chrome.manifest.vir
    C:\Program Files (x86)\SiteRanker\firefox\install.rdf->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\firefox\install.rdf.vir
    C:\Program Files (x86)\SiteRanker\firefox\plugins\npsiterank.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\firefox\plugins\npsiterank.dll.vir
    C:\Program Files (x86)\SiteRanker\firefox\chrome\content\siterank.js->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\firefox\chrome\content\siterank.js.vir
    C:\Program Files (x86)\SiteRanker\firefox\chrome\content\siterank.xul->C:\AdwCleaner\Quarantine\C\Program Files (x86)\SiteRanker\firefox\chrome\content\siterank.xul.vir
    C:\Users\steve\AppData\Local\Temp\apn\ReportingData.dat->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\Local\Temp\apn\ReportingData.dat.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\buttons.xml->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\buttons.xml.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\config.ini->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\config.ini.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\mail_plugin_big_dyn.xml->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\mail_plugin_big_dyn.xml.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\mail_plugin_dyn.xml->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\mail_plugin_dyn.xml.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\skin.xml->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\skin.xml.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\skins.xml->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\skins.xml.vir
    C:\Users\steve\AppData\LocalLow\Inbox Toolbar\translate.ini->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\Inbox Toolbar\translate.ini.vir
    C:\Users\steve\AppData\LocalLow\SiteRanker\translate.ini->C:\AdwCleaner\Quarantine\C\Users\steve\AppData\LocalLow\SiteRanker\translate.ini.vir
     
  16. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Hi broni, JRT very quickly went through the following;
    Creating a reg backup
    Checking
    Startup, modules, processes, services, files, folders, and registry.
    And for the last 2 hours that's it. Just a blinking dash. I know it said to be patient, but is something wrong?

    I don't want to retry without instruction.
    Thanks, Steve
     
  17. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Alright, I came back to the scan 7 hrs later.....It finished. I unplugged the cat 5 during the JRT scan. I assume that was ok since the program was already on the PC.
    PC is working faster too! All security will be turned back on asap.
    thanks, steve

    JRT*******
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by steve on Sun 09/14/2014 at 19:04:45.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\siteranker
    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0969384B-4ECB-47AF-AA66-759AD1D43DF4}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27D6B2E8-5416-4692-8837-472B3501CF3B}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0969384B-4ECB-47AF-AA66-759AD1D43DF4}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
    Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{01E0D6A5-F8E0-4BA6-8DCF-84ED1FD053CD}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{073C92A2-6528-4712-86F4-C11656CD1610}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{0B695B61-7075-47E2-8ED3-5B7B03A93481}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{140CD748-4941-46D4-B53E-8AA174EB77A6}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{14740702-7314-4A2A-8A98-AF2B874C3C9D}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{197B03CC-EA4B-43B6-8779-E2850814F46D}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{1F76CD66-C964-45B4-895E-191A286A17D6}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{207852EB-F24F-4A14-9071-3133D2C01F3B}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{211876A2-85B4-4489-A244-7EBF7663D55B}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{22C190AC-AB63-4D5E-92F3-74D86DEED577}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{25EB4DFF-1195-4DC1-A946-950AD27C593A}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{286FA4B8-95DD-4F42-9B01-BE1D818437A7}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{3062C36B-3B09-4178-AE08-6BDEDEF86F16}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{314A7BBB-1BAF-4461-A439-BB41503727F2}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{322EC0B4-14D5-429B-9289-B881133E4D45}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{3519AF66-EB20-41C2-B86B-470650A290C7}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{3667027D-3B90-472E-80EE-B382D5197F12}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{36C48FF3-82CD-43B0-8BA4-6CCEB05085AE}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{36CB2784-2174-4E0E-A550-1ABB4FACB9B3}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{45EF167D-2BF8-485F-9283-ACEBAB458483}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{496B5912-D2BE-4D01-9EA2-A33232B9C5AA}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{4D5C9FF5-A4C5-4D24-A786-6DE7D1D7B29E}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{4D67DE28-084D-471B-9842-80D646FEB05B}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{5118C940-59AA-417A-96A3-EC2A31C1FC47}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{53F00635-68A5-47C8-ACCE-9D42CB7BE81C}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{5C9F2AC9-847B-48B4-8F53-4AC7EB5810C1}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{5E80E3E4-55C4-4E64-A504-BF5F5D155E28}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{6658A4C3-0500-49DD-9667-82A7606AE2D6}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{681DEBA4-8A10-4A17-B68F-1EC6775B22BA}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{68F3573E-969D-41E0-9033-748A82E43EA8}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{7D37D314-7A55-44FF-A8B8-5E3D5122021A}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{7EBE7AAD-F6E0-4989-99B3-AEF2029478B3}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{7F050EDA-4236-4226-A299-5E4BDFC50809}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{7F6318FA-7940-4210-A675-D9129A0308DE}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{8116A15D-D6B8-4E53-83FF-37C80DCC9688}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{84A4163A-32E1-4EA7-B5CD-A61646CE6515}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{8517D3BB-4932-4A75-95B0-F36FA53512EA}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{90AE43E0-3750-40D6-AB57-8DD5AA84CDDB}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{92665A21-B11E-40B3-984E-BB8434F9D82D}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{928C33D9-3C5C-4E50-BC73-CF99CE59BCE1}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{9C2D7B98-8077-4CA8-A53F-B7E134B3C1BC}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{9E08ED30-1AD5-4C46-8378-E0070B70D48A}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{9E9E90CB-5FD4-48F4-9452-0F75E630510A}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{9ECBCCC0-6647-4B7B-8E27-2A48FD5183E5}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{9ECE9761-837D-4C86-B415-633A0AD3682F}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{A23013AE-BDE1-4E2F-A8F2-076CAFF727A0}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{A493D7D6-394B-463E-AAA3-8952EE65AFD0}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{B443D691-03F2-4579-A14A-B84AB6365896}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{BBA95343-E429-4A03-9EE3-F3B14D915D3D}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{BFC61BA4-34E0-41EA-A59B-243468941CFA}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{C730FCA4-01C6-44CF-B10C-CD8744797C79}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{CB354FE0-80A4-44E8-B230-190F9B9CC4C8}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{CE2D27AD-8A22-4261-AEFE-72523882E535}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{D1395A7E-7FF6-4744-A2BC-E9F807AFB923}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{D3C616E0-4FDE-45AE-A080-48E992957739}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{D4052173-5FF6-4864-B940-0E4FAB19A175}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{D85DDA2D-AF38-4BF4-A569-62940092DF44}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{DFF4AEF6-6800-489F-B693-274CC57D644C}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{E00633E2-6573-4E69-B01B-191A10425938}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{E19CEF21-C39C-452F-B991-A5FAA1FBCD1C}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{E22F248D-CFE1-46A5-883B-77ECF2E142ED}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{E9B615E0-DBC4-49E5-9ECB-0E4B42284DE1}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{EC149E3F-BCE9-422D-A92F-B3F5544A2A42}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{EC6504DB-41E9-4CE3-A351-85D476254CE9}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{FBE33634-0AFE-4641-BC07-4E6A524E497D}
    Successfully deleted: [Empty Folder] C:\Users\steve\appdata\local\{FDF2A8E3-6DFD-421C-831B-EF8D049C10A5}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/14/2014 at 23:07:17.42
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ******

    Farbar Scans*******************

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
    Ran by steve (administrator) on STEVE-HP on 15-09-2014 06:19:12
    Running from C:\Users\steve\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Dmailer S.A.) C:\Users\steve\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    (Thisisu) C:\Users\steve\Downloads\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-27] (IDT, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-11] (AVAST Software)
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-1841257022-2671936595-635105210-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-09-11] (SUPERAntiSpyware)
    HKU\S-1-5-21-1841257022-2671936595-635105210-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\steve\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [31095432 2010-11-10] (Dmailer S.A.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    SearchScopes: HKLM - {0969384B-4ECB-47AF-AA66-759AD1D43DF4} URL = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO: PrivDog Extension -> {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} -> C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-21] (EasyBits Software Corp.)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{2EA972E9-DD08-4A9B-B4F8-C41B0BEB2818}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{80CCB983-B077-4D5E-98E7-E75C225BA2E5}: [NameServer] 156.154.70.22,156.154.71.22
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-18]
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP
    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U146H&ocid=U146HDHP",
    "hxxp://us.yahoo.com?fr=fpc-comodo"
    CHR DefaultSearchKeyword: Default -> ask.com
    CHR DefaultSearchProvider: Default -> ask
    CHR DefaultSearchURL: Default -> http://websearch.ask.com/redirect?c...pn_sauid=&apn_dtid=OSJ000&psv=&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-18]
    CHR Extension: (PrivDog) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-15]
    CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-18]
    CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-15]
    CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-18]
    CHR HKLM-x32\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx []
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-11]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-11] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-11] (AVAST Software)
    R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
    S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
    R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-11] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-11] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-11] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-11] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-11] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-11] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-11] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-11] ()
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-13] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    Continued**********
     
  18. stevow

    stevow TS Rookie Topic Starter Posts: 55

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-09-15 06:19 - 2014-09-15 06:20 - 00022565 _____ () C:\Users\steve\Downloads\FRST.txt
    2014-09-15 06:18 - 2014-09-15 06:19 - 00000000 ____D () C:\FRST
    2014-09-15 06:18 - 2014-09-15 06:18 - 02105856 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
    2014-09-14 23:07 - 2014-09-14 23:07 - 00008767 _____ () C:\Users\steve\Desktop\JRT.txt
    2014-09-14 19:04 - 2014-09-14 19:04 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-14 18:57 - 2014-09-14 18:57 - 00001095 _____ () C:\Users\steve\Desktop\JRT - Shortcut.lnk
    2014-09-14 18:55 - 2014-09-14 18:55 - 01016261 _____ (Thisisu) C:\Users\steve\Downloads\JRT.exe
    2014-09-14 18:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-09-14 18:18 - 2014-09-14 18:25 - 00000000 ____D () C:\AdwCleaner
    2014-09-14 18:17 - 2014-09-14 18:17 - 00001218 _____ () C:\Users\steve\Desktop\adwcleaner_3.310 - Shortcut.lnk
    2014-09-14 18:15 - 2014-09-14 18:15 - 01373475 _____ () C:\Users\steve\Downloads\adwcleaner_3.310.exe
    2014-09-13 23:30 - 2014-09-13 23:32 - 00000000 ___SD () C:\32788R22FWJFW
    2014-09-13 23:23 - 2014-09-13 23:23 - 00001146 _____ () C:\Users\steve\Desktop\ComboFix - Shortcut.lnk
    2014-09-13 23:20 - 2014-09-13 23:20 - 05577449 ____R (Swearware) C:\Users\steve\Downloads\ComboFix.exe
    2014-09-13 17:14 - 2014-09-13 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-13 17:10 - 2014-09-13 17:41 - 00000000 ____D () C:\Users\steve\Desktop\mbar
    2014-09-13 17:06 - 2014-09-13 17:06 - 14349744 _____ (Malwarebytes Corp.) C:\Users\steve\Downloads\mbar-1.07.0.1012.exe
    2014-09-13 16:02 - 2014-09-13 16:02 - 00274784 _____ () C:\Windows\Minidump\091314-23353-01.dmp
    2014-09-13 12:19 - 2014-09-13 16:23 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-09-13 12:18 - 2014-09-13 12:19 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-12 20:59 - 2014-09-12 20:58 - 00005241 _____ () C:\Users\steve\Desktop\attach.txt
    2014-09-12 20:59 - 2014-09-12 20:57 - 00023403 _____ () C:\Users\steve\Desktop\dds.txt
    2014-09-12 20:48 - 2014-09-12 20:48 - 00688992 _____ (Swearware) C:\Users\steve\Downloads\dds.com
    2014-09-12 20:43 - 2014-09-12 20:43 - 00001056 _____ () C:\Users\steve\Desktop\mbamscan.txt
    2014-09-12 12:25 - 2014-09-12 12:25 - 00000000 ____D () C:\Users\steve\AppData\Local\AdTrustMedia
    2014-09-12 06:45 - 2014-09-12 06:45 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Oracle
    2014-09-12 06:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-09-12 06:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-09-12 06:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-09-12 06:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-09-12 06:34 - 2014-09-12 06:36 - 00004114 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-09-11 21:23 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-11 21:23 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-09-11 21:23 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-11 21:23 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-11 21:23 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-11 21:23 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-09-11 21:23 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-11 21:23 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-11 21:23 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-11 21:23 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-11 21:23 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-11 21:23 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-11 21:23 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-09-11 21:23 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-11 21:23 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-11 21:23 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-11 21:23 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-11 21:23 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-11 21:23 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-11 21:23 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-09-11 21:23 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-11 21:23 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-11 21:23 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-09-11 21:23 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-11 21:23 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-09-11 21:23 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-09-11 21:23 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-09-11 21:23 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-09-11 21:23 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-11 21:23 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-11 21:23 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-09-11 21:23 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-09-11 21:23 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-11 21:23 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-09-11 21:23 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-09-11 21:23 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-09-11 21:23 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-09-11 21:23 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-11 21:23 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-11 21:23 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-11 21:23 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-11 21:23 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-11 21:23 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-09-11 21:23 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-09-11 21:23 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-09-11 21:23 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-11 21:23 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-11 21:23 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-09-11 21:23 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-09-11 21:23 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-09-11 21:23 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-11 21:23 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-09-11 21:23 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-09-11 21:23 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-11 21:23 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-09-11 21:22 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-09-11 20:23 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-11 20:23 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-09-11 20:17 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-09-11 20:17 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-09-11 20:17 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-09-11 20:17 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-09-11 20:17 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-09-11 20:17 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-09-11 20:16 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-09-11 20:16 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-09-11 19:38 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-11 19:38 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-09-11 19:38 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-09-11 19:38 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-09-11 19:38 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-09-11 19:38 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-09-11 19:38 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-09-11 19:38 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-09-11 19:38 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-09-11 19:38 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-09-11 19:37 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-09-11 19:35 - 2014-09-11 19:35 - 00000000 ____D () C:\SUPERDelete
    2014-09-11 19:35 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-09-11 19:35 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-09-11 19:34 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-09-11 19:33 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-09-11 19:33 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-09-11 19:33 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-09-11 19:33 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-09-11 19:33 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-09-11 19:33 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-09-11 19:33 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-09-11 19:33 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-09-11 19:33 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-09-11 19:33 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-09-11 19:33 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-09-11 19:32 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-09-11 19:32 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-09-11 19:31 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-11 19:31 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-09-11 19:31 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-09-11 19:30 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-11 19:30 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-11 19:29 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-09-11 19:29 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-09-11 19:29 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-09-11 19:29 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-09-11 19:29 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-09-11 19:29 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-09-11 19:28 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-09-11 19:28 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-09-11 19:10 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-09-11 19:10 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-09-11 19:05 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-11 19:05 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-11 19:05 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-09-11 19:05 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-09-11 19:05 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-09-11 19:00 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-11 19:00 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-11 19:00 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-11 19:00 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-09-11 19:00 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-09-11 18:22 - 2014-09-11 18:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-11 18:07 - 2014-09-14 18:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-11 18:07 - 2014-09-13 17:10 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-11 18:07 - 2014-09-11 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-11 18:07 - 2014-09-11 18:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-11 18:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-09-11 18:05 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-09-11 18:05 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-09-11 18:05 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-09-11 18:05 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-09-11 18:05 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-09-11 18:05 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-09-11 18:05 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-09-11 18:05 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-09-11 18:05 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-09-11 18:05 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-09-11 18:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-09-11 18:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-09-11 18:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-09-11 18:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-09-15 06:20 - 2014-09-15 06:19 - 00022565 _____ () C:\Users\steve\Downloads\FRST.txt
    2014-09-15 06:19 - 2014-09-15 06:18 - 00000000 ____D () C:\FRST
    2014-09-15 06:18 - 2014-09-15 06:18 - 02105856 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
    2014-09-15 06:16 - 2011-08-15 11:41 - 01873090 _____ () C:\Windows\WindowsUpdate.log
    2014-09-15 06:09 - 2012-03-31 21:48 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-15 06:08 - 2012-03-31 21:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-09-14 23:07 - 2014-09-14 23:07 - 00008767 _____ () C:\Users\steve\Desktop\JRT.txt
    2014-09-14 19:04 - 2014-09-14 19:04 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-14 19:01 - 2011-09-23 18:20 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1DE0CF45-F854-4B55-8A8D-9740438915F0}
    2014-09-14 18:57 - 2014-09-14 18:57 - 00001095 _____ () C:\Users\steve\Desktop\JRT - Shortcut.lnk
    2014-09-14 18:55 - 2014-09-14 18:55 - 01016261 _____ (Thisisu) C:\Users\steve\Downloads\JRT.exe
    2014-09-14 18:51 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 18:51 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 18:35 - 2014-09-11 18:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-14 18:30 - 2012-03-31 21:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-14 18:30 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-14 18:28 - 2011-09-26 19:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-09-14 18:27 - 2009-07-13 22:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-09-14 18:26 - 2010-11-20 20:47 - 00909108 _____ () C:\Windows\PFRO.log
    2014-09-14 18:26 - 2009-07-13 21:51 - 00108742 _____ () C:\Windows\setupact.log
    2014-09-14 18:25 - 2014-09-14 18:18 - 00000000 ____D () C:\AdwCleaner
    2014-09-14 18:17 - 2014-09-14 18:17 - 00001218 _____ () C:\Users\steve\Desktop\adwcleaner_3.310 - Shortcut.lnk
    2014-09-14 18:15 - 2014-09-14 18:15 - 01373475 _____ () C:\Users\steve\Downloads\adwcleaner_3.310.exe
    2014-09-14 17:52 - 2013-01-28 15:32 - 00000000 ____D () C:\Users\steve\AppData\Roaming\SanDisk
    2014-09-14 09:12 - 2012-07-12 23:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-09-14 01:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-09-13 23:32 - 2014-09-13 23:30 - 00000000 ___SD () C:\32788R22FWJFW
    2014-09-13 23:23 - 2014-09-13 23:23 - 00001146 _____ () C:\Users\steve\Desktop\ComboFix - Shortcut.lnk
    2014-09-13 23:20 - 2014-09-13 23:20 - 05577449 ____R (Swearware) C:\Users\steve\Downloads\ComboFix.exe
    2014-09-13 17:41 - 2014-09-13 17:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-13 17:41 - 2014-09-13 17:10 - 00000000 ____D () C:\Users\steve\Desktop\mbar
    2014-09-13 17:10 - 2014-09-11 18:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-13 17:06 - 2014-09-13 17:06 - 14349744 _____ (Malwarebytes Corp.) C:\Users\steve\Downloads\mbar-1.07.0.1012.exe
    2014-09-13 16:23 - 2014-09-13 12:19 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-09-13 16:02 - 2014-09-13 16:02 - 00274784 _____ () C:\Windows\Minidump\091314-23353-01.dmp
    2014-09-13 16:02 - 2012-10-13 21:40 - 479661030 _____ () C:\Windows\MEMORY.DMP
    2014-09-13 16:02 - 2012-10-13 21:40 - 00000000 ____D () C:\Windows\Minidump
    2014-09-13 12:19 - 2014-09-13 12:18 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-13 11:30 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-13 00:46 - 2011-10-04 16:00 - 00000000 ____D () C:\Users\steve\AppData\Local\CrashDumps
    2014-09-12 20:58 - 2014-09-12 20:59 - 00005241 _____ () C:\Users\steve\Desktop\attach.txt
    2014-09-12 20:57 - 2014-09-12 20:59 - 00023403 _____ () C:\Users\steve\Desktop\dds.txt
    2014-09-12 20:48 - 2014-09-12 20:48 - 00688992 _____ (Swearware) C:\Users\steve\Downloads\dds.com
    2014-09-12 20:43 - 2014-09-12 20:43 - 00001056 _____ () C:\Users\steve\Desktop\mbamscan.txt
    2014-09-12 12:25 - 2014-09-12 12:25 - 00000000 ____D () C:\Users\steve\AppData\Local\AdTrustMedia
    2014-09-12 06:51 - 2012-06-28 17:25 - 00000000 ____D () C:\Firefox
    2014-09-12 06:45 - 2014-09-12 06:45 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Oracle
    2014-09-12 06:40 - 2014-04-15 03:37 - 00000000 ____D () C:\ProgramData\Oracle
    2014-09-12 06:36 - 2014-09-12 06:34 - 00004114 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
    2014-09-12 06:36 - 2011-04-21 16:35 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-09-12 06:35 - 2012-03-31 21:48 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-09-12 06:35 - 2012-03-31 21:48 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-09-12 06:28 - 2011-10-03 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
    2014-09-12 06:28 - 2011-04-21 16:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-09-12 06:01 - 2009-07-13 21:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-12 05:55 - 2014-05-25 19:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-12 05:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-09-12 05:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-09-12 05:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-09-12 05:53 - 2013-03-31 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-09-12 05:53 - 2013-03-31 20:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-09-11 20:52 - 2011-11-25 20:50 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-09-11 20:41 - 2013-03-31 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-09-11 20:36 - 2014-02-16 18:11 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-11 19:35 - 2014-09-11 19:35 - 00000000 ____D () C:\SUPERDelete
    2014-09-11 18:45 - 2011-08-15 11:56 - 00000000 ____D () C:\ProgramData\Temp
    2014-09-11 18:44 - 2011-09-26 21:42 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
    2014-09-11 18:24 - 2012-04-18 18:34 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-09-11 18:23 - 2012-04-18 18:34 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-11 18:22 - 2014-09-11 18:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-11 18:22 - 2014-05-16 16:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-11 18:22 - 2014-02-16 16:15 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-09-11 18:22 - 2013-03-29 02:25 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-11 18:22 - 2013-03-29 02:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-11 18:22 - 2012-04-18 18:34 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-09-11 18:22 - 2012-04-18 18:34 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-11 18:22 - 2012-04-18 18:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-11 18:22 - 2012-04-18 18:34 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-11 18:07 - 2014-09-11 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-11 18:07 - 2014-09-11 18:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-11 18:07 - 2012-06-06 13:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-11 18:07 - 2011-09-26 21:28 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Malwarebytes
    2014-09-11 18:07 - 2011-09-26 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-11 18:06 - 2012-06-06 13:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-09-11 18:05 - 2012-03-31 21:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-11 18:04 - 2012-03-31 21:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-11 18:04 - 2011-10-08 18:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-11 18:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-04 19:10 - 2014-09-11 19:00 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-04 19:05 - 2014-09-11 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-29 13:01 - 2011-09-23 22:49 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-22 19:07 - 2014-09-11 19:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 18:45 - 2014-09-11 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-22 17:59 - 2014-09-11 19:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-19 11:05 - 2014-09-11 21:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-19 10:39 - 2014-09-11 21:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-18 16:01 - 2014-09-11 21:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-18 15:29 - 2014-09-11 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-18 15:29 - 2014-09-11 21:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-18 15:26 - 2014-09-11 21:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-18 15:20 - 2014-09-11 21:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-18 15:19 - 2014-09-11 21:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-18 15:15 - 2014-09-11 21:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-18 15:15 - 2014-09-11 21:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-18 15:14 - 2014-09-11 21:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-18 15:14 - 2014-09-11 21:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-18 15:08 - 2014-09-11 21:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-18 15:08 - 2014-09-11 21:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-18 15:08 - 2014-09-11 21:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-18 15:05 - 2014-09-11 21:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-18 15:03 - 2014-09-11 21:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-18 15:03 - 2014-09-11 21:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-18 15:03 - 2014-09-11 21:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-18 14:57 - 2014-09-11 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-18 14:56 - 2014-09-11 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 14:51 - 2014-09-11 21:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-18 14:46 - 2014-09-11 21:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-18 14:45 - 2014-09-11 21:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 14:45 - 2014-09-11 21:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-18 14:44 - 2014-09-11 21:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-18 14:44 - 2014-09-11 21:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-18 14:42 - 2014-09-11 21:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-18 14:40 - 2014-09-11 21:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-18 14:39 - 2014-09-11 21:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-18 14:39 - 2014-09-11 21:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-18 14:39 - 2014-09-11 21:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-18 14:38 - 2014-09-11 21:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-18 14:37 - 2014-09-11 21:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-18 14:36 - 2014-09-11 21:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-18 14:35 - 2014-09-11 21:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-18 14:27 - 2014-09-11 21:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-18 14:25 - 2014-09-11 21:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-18 14:25 - 2014-09-11 21:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-18 14:23 - 2014-09-11 21:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-18 14:23 - 2014-09-11 21:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-18 14:22 - 2014-09-11 21:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-18 14:19 - 2014-09-11 21:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-18 14:17 - 2014-09-11 21:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-18 14:17 - 2014-09-11 21:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-18 14:16 - 2014-09-11 21:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-18 14:15 - 2014-09-11 21:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-18 14:15 - 2014-09-11 21:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-18 14:09 - 2014-09-11 21:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-18 14:08 - 2014-09-11 21:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-18 14:07 - 2014-09-11 21:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-18 13:55 - 2014-09-11 21:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-18 13:46 - 2014-09-11 21:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-18 13:38 - 2014-09-11 21:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-18 13:38 - 2014-09-11 21:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-18 13:36 - 2014-09-11 21:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    Some content of TEMP:
    ====================
    C:\Users\steve\AppData\Local\Temp\4n2oulcj.dll
    C:\Users\steve\AppData\Local\Temp\APNSetup.exe
    C:\Users\steve\AppData\Local\Temp\APNStub.exe
    C:\Users\steve\AppData\Local\Temp\contentDATs.exe
    C:\Users\steve\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\mssinstaller.exe
    C:\Users\steve\AppData\Local\Temp\Quarantine.exe
    C:\Users\steve\AppData\Local\Temp\SAS6_Update.exe
    C:\Users\steve\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\steve\AppData\Local\Temp\sp64126.exe
    C:\Users\steve\AppData\Local\Temp\_is1F04.exe
    C:\Users\steve\AppData\Local\Temp\_isDB22.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-09-11 17:19
    ==================== End Of Log ============================
     
  19. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
    Ran by steve at 2014-09-15 06:21:30
    Running from C:\Users\steve\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
    AMD Fuel (Version: 2011.0804.255.3304 - AMD) Hidden
    AMD Media Foundation Decoders (Version: 1.0.60804.0047 - ATI Technologies Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
    ATI Catalyst Install Manager (HKLM\...\{96BB7EC1-BE6E-1616-3E92-086D617A9D49}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2011.0804.255.3304 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2011.0804.255.3304 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Czech (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Danish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help English (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help French (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help German (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Greek (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Italian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Korean (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Polish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Russian (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Thai (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2011.0804.0254.3304 - ATI) Hidden
    ccc-utility64 (Version: 2011.0804.255.3304 - ATI) Hidden
    CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.5.64714.1383 - COMODO Security Solutions Inc.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )
    Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
    EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
    HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
    HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
    ICP 9.0 (HKLM\...\ICP install2_is1) (Version: - )
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
    iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
    Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
    Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
    netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
    SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
    SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points =========================
    15-04-2014 10:34:17 Installed Java 7 Update 51
    16-05-2014 22:53:24 Installed Java 7 Update 55
    16-05-2014 23:47:37 avast! antivirus system restore point
    17-05-2014 02:43:13 Windows Update
    26-05-2014 01:44:22 Windows Update
    12-09-2014 01:01:59 Windows Update
    12-09-2014 01:17:51 avast! antivirus system restore point
    12-09-2014 03:14:04 Windows Update
    12-09-2014 13:32:54 Installed Java 7 Update 67
    13-09-2014 23:58:58 techspot help Sept'14
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {0ACC8DAE-0622-4B36-9FFF-E318FAA94A51} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
    Task: {0D16543E-2AE0-4567-AE4D-298C9D0EA758} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
    Task: {2BE7B5F2-5236-4001-A4CE-2FFF0C237D6C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
    Task: {3DE379F6-74C3-4BFB-B026-5D85DBFEC736} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
    Task: {49BF65A9-36E1-4A65-92B9-7F0D84C52BE0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {4ADF4597-FEC2-4BF6-8000-9DD998720E3F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-11] (AVAST Software)
    Task: {740EF7BA-F96F-4A6D-92A2-EF5BC4F3EEF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2013-02-19] (Hewlett-Packard)
    Task: {755394EE-BEA9-47A8-91E2-9AF6DB4B16FF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
    Task: {79557CA0-1ECF-472C-96F5-32C1E2B55DB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {847D671B-8420-4C06-8B02-21E47B4F8D4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)
    Task: {EE339F37-EB4A-4BA3-AD9A-00B42F24512B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
    Task: {F1EC9BB1-873A-4CEA-A0E2-040CAB71739D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
    Task: {FD570258-187D-4C86-8D73-514DFEE245BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2012-08-20 18:25 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
    2011-08-04 03:05 - 2011-08-04 03:05 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-09-11 18:22 - 2014-09-11 18:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-14 18:04 - 2014-09-14 18:04 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
    2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-09-23 08:01 - 2010-11-10 10:15 - 12690568 _____ () C:\Users\steve\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
    2010-09-23 08:01 - 2010-11-10 10:15 - 10674312 _____ () C:\Users\steve\AppData\Roaming\SanDisk\My Vaults\dmEngineAPP.dll
    2011-02-23 17:24 - 2011-10-06 07:48 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
    2011-02-23 17:23 - 2011-10-06 07:48 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
    2011-02-23 17:21 - 2011-10-06 07:48 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
    2011-02-23 17:19 - 2011-10-06 07:48 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    2011-02-23 17:38 - 2011-10-06 07:48 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    2011-02-23 17:15 - 2011-10-06 07:48 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    2011-02-23 17:39 - 2011-10-06 07:48 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    2011-02-23 17:11 - 2011-10-06 07:48 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    2006-03-07 10:05 - 2011-10-06 07:48 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
    2011-02-23 17:37 - 2011-10-06 07:48 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    2011-02-23 17:17 - 2011-10-06 07:48 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    2011-02-23 18:00 - 2011-10-06 07:48 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    2011-02-23 17:24 - 2011-10-06 07:48 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
    2011-02-23 17:15 - 2011-10-06 07:48 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
    2011-02-23 18:55 - 2011-10-06 07:48 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    2009-09-28 21:19 - 2011-10-06 07:48 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    2009-09-28 21:19 - 2011-10-06 07:48 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    2009-09-28 21:20 - 2011-10-06 07:48 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    2009-09-28 21:19 - 2011-10-06 07:48 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    2009-09-28 21:21 - 2011-10-06 07:48 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    2009-09-28 21:20 - 2011-10-06 07:48 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    2009-09-28 21:21 - 2011-10-06 07:48 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    2009-09-28 21:21 - 2011-10-06 07:48 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    2011-02-23 18:04 - 2011-10-06 07:48 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
    2011-02-23 17:38 - 2011-10-06 07:48 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    2011-02-23 17:36 - 2011-10-06 07:48 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    2011-02-23 17:15 - 2011-10-06 07:48 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    2011-02-23 15:25 - 2011-10-06 07:48 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    2011-02-23 19:02 - 2011-10-06 07:48 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    2011-02-23 18:01 - 2011-10-06 07:48 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    2011-02-23 18:05 - 2011-10-06 07:48 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    2011-02-23 17:55 - 2011-10-06 07:48 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    2011-02-23 19:00 - 2011-10-06 07:48 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
    2011-02-23 17:16 - 2011-10-06 07:48 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    2014-09-11 18:22 - 2014-09-11 18:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2748208
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2748208
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    System errors:
    =============
    Error: (09/15/2014 06:07:42 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Microsoft Office Sessions:
    =========================
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2748208
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2748208
    Error: (09/15/2014 06:07:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    ==================== Memory info ===========================
    Processor: AMD E-350 Processor
    Percentage of memory in use: 42%
    Total physical RAM: 3690.91 MB
    Available physical RAM: 2124.59 MB
    Total Pagefile: 7379.99 MB
    Available Pagefile: 5086.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:450.76 GB) (Free:384.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.71 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E10CAA52)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
    ==================== End Of Log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. stevow

    stevow TS Rookie Topic Starter Posts: 55

    I assume you're only interested in the FIX RESULT?
    SCAN RESULT not necessary?
    Thanks!
    steve

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
    Ran by steve at 2014-09-15 18:38:25 Run:1
    Running from C:\Users\steve\Downloads
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
    CHR DefaultSearchKeyword: Default -> ask.com
    CHR DefaultSearchProvider: Default -> ask
    CHR DefaultSearchURL: Default -> http://websearch.ask.com/redirect?c...pn_sauid=&apn_dtid=OSJ000&psv=&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\steve\AppData\Local\Temp\4n2oulcj.dll
    C:\Users\steve\AppData\Local\Temp\APNSetup.exe
    C:\Users\steve\AppData\Local\Temp\APNStub.exe
    C:\Users\steve\AppData\Local\Temp\contentDATs.exe
    C:\Users\steve\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\steve\AppData\Local\Temp\mssinstaller.exe
    C:\Users\steve\AppData\Local\Temp\Quarantine.exe
    C:\Users\steve\AppData\Local\Temp\SAS6_Update.exe
    C:\Users\steve\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\steve\AppData\Local\Temp\sp64126.exe
    C:\Users\steve\AppData\Local\Temp\_is1F04.exe
    C:\Users\steve\AppData\Local\Temp\_isDB22.exe
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    *****************
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
    "HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin" => Key deleted successfully.
    C:\Program Files (x86)\PDFlite\npPdfViewer.dll not found.
    Chrome DefaultSearchKeyword deleted successfully.
    CHR DefaultSearchProvider: Default -> ask ==> The Chrome "Settings" can be used to fix the entry.
    Chrome DefaultSearchURL deleted successfully.
    Chrome DefaultSuggestURL deleted successfully.
    C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\gcswf32.dll not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
    C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    C:\Users\steve\AppData\Local\Temp\4n2oulcj.dll => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\APNSetup.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\APNStub.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\contentDATs.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\SAS6_Update.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\sp64126.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\_is1F04.exe => Moved successfully.
    C:\Users\steve\AppData\Local\Temp\_isDB22.exe => Moved successfully.
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
    ==== End of Fixlog ====
     
  22. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Good :)

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  23. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Running faster than my PC's system at Cal State Long Beach.
    OK, I'll get the next scans rolling a bit later.
    Question:
    You mention TFC above. I have ATF Cleaner, should I delete ATF?
     
  24. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    ATF is a good tool as well but I don't think it's being updated anymore.
     
  25. stevow

    stevow TS Rookie Topic Starter Posts: 55

    Ok, good morning.
    I'm leaving this FSS Scan because for some reason the next downloaded highlighted link will not link. I've single clicked, doulble clicked, tried right clicking and opening in new window and no response. I'm not sure if it has something to do with Comodo because when the scanning started with FSS Comodo kept opening and each time I gave it permission, however, that small window from the earlier posts that said "You may not have permission........." appeared again. I don't know if I clicked the wrong response on Comodo because after Comodo popped up the 3rd time I hit "trust this application this time". Something like that and that's when that window popped up.
    I'll post the scan and restart the laptop and see what happens.
    ******************
    Results of screen317's Security Check version 0.99.87
    Windows 7 Service Pack 1 x64
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.0
    Java 7 Update 67
    Adobe Reader 10.1.11 Adobe Reader out of Date!
    Google Chrome 34.0.1847.137
    Google Chrome 37.0.2062.120
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Comodo Firewall cmdagent.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````[/u
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...