TechSpot

Virus from "USPS" email (updateflashplayer)

By anita.hooley
Jun 10, 2014
  1. I clicked on the link in a fake USPS email and I keep getting messages from my Antivirus software that my computer is infected. I think this might be similar to the viruses that some other people posted about here. Any help would be appreciated. Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/10/2014
    Scan Time: 7:46:59 PM
    Logfile: scan log1.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.06.10.08
    Rootkit Database: v2014.06.02.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: AnitaHY

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 270931
    Time Elapsed: 6 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 13
    Trojan.Agent.ED, C:\Users\AnitaHY\AppData\Local\Temp\UpdateFlashPlayer_6e93935a.exe, Quarantined, [4888690d9be04ee84ad77ec3b9471ce4],
    Trojan.Agent.ED, C:\Users\AnitaHY\AppData\Local\Temp\UpdateFlashPlayer_96c3cad2.exe, Quarantined, [5878b8be3f3c84b247dab78a8e727d83],
    Trojan.Agent.ED, C:\Users\AnitaHY\AppData\Local\Temp\UpdateFlashPlayer_ebfcfd9c.exe, Quarantined, [c50badc993e868ce3de4e45d57a9c739],
    Spyware.Zbot.ED, C:\Users\AnitaHY\AppData\Local\iqhorrco.exe, Quarantined, [09c7482eaad1b383d1c79deac140d927],
    Spyware.Zbot.ED, C:\Users\AnitaHY\AppData\Local\wnspiikk.exe, Quarantined, [7c54492d1e5d36007127dfa848b98a76],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 10457328.job, Quarantined, [ebe5284e43388fa79415c3fb2fd44fb1],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1370771474.job, Quarantined, [a62a89edf08b54e22b7ee7d7da298878],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1527158607.job, Quarantined, [f1dff383a9d2fc3a8722447ac04321df],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2494255425.job, Quarantined, [3799babc6516d0664168308e4ab94db3],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 289883111.job, Quarantined, [ffd1e591daa1350105a41ca2bc47ce32],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3612994783.job, Quarantined, [fad67ef8344787af298039854cb7ac54],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3935405137.job, Quarantined, [c808463007740f274861b20c9d668977],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 966221928.job, Quarantined, [a22e30460d6e7fb7edbc546aa55e2cd4],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    I made it to Step 3 (downloaded DDS), but I'm getting a message that says "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." This occurred even after I disconnected from the Internet and disabled AVG and Microsoft Security Essentials.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    DDS is not compatible with Windows 8.1.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Thanks for all this help! Below is the report from RogueKiller. I'll move on to the next step . . .

    RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : AnitaHY [Admin rights]
    Mode : Remove -- Date : 06/10/2014 21:15:56

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe [x] -> DELETED
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2316213231-900153102-689936460-1001\Software\Microsoft\Windows\CurrentVersion\Run | vhcjqala : "C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe" [x] -> DELETED
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2316213231-900153102-689936460-1001\Software\Microsoft\Windows\CurrentVersion\Run | vhcjqala : "C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe" -> ERROR [2]
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG MZMTD128HAFV-000L1 +++++
    --- User ---
    [MBR] f192deb6f4bb3599b67b55c529f296cb
    [BSP] 92fc6c306d99d6072557a7d673044552 : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_06102014_211056.log - RKreport_SCN_06102014_211525.log
     
  7. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Ok, I ran the Malwarebytes Anti-Rootkit (MBAR) scan and it said that no malware was found. Don't know if that's a good thing or not . . .
     
  8. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Here is the systems log from MBAR. I couldn't find the other one.

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17107

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.497000 GHz
    Memory total: 4169420800, free: 1113423872

    Downloaded database version: v2014.06.10.08
    Downloaded database version: v2014.06.02.01
    Initializing...
    ======================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
     
  9. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Oh, I think I found the mbar log. Here it is. Many thanks!

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.06.10.08

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17107
    AnitaHY :: AHY-ULTBK [administrator]

    6/10/2014 9:29:41 PM
    mbar-log-2014-06-10 (21-29-41).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 271943
    Time elapsed: 5 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  11. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    AdwCleaner Log

    # AdwCleaner v3.212 - Report created 10/06/2014 at 22:01:01
    # Updated 05/06/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : AnitaHY - AHY-ULTBK
    # Running from : C:\Users\AnitaHY\Desktop\adwcleaner_3.212.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17037


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Users\AnitaHY\AppData\Roaming\Mozilla\Firefox\Profiles\5xg9r6le.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [761 octets] - [10/06/2014 21:58:51]
    AdwCleaner[S0].txt - [683 octets] - [10/06/2014 22:01:01]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [742 octets] ##########
     
  12. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    JRT Log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by AnitaHY on Tue 06/10/2014 at 22:08:19.76
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\AnitaHY\AppData\Roaming\mozilla\firefox\profiles\5xg9r6le.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/10/2014 at 22:14:16.09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    FRST Log

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
    Ran by AnitaHY (administrator) on AHY-ULTBK on 10-06-2014 22:17:15
    Running from C:\Users\AnitaHY\Desktop
    Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    (Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ismagent.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\windows\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-08-02] (Intel Corporation)
    HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)
    HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2013-11-05] (Lenovo)
    HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2013-11-05] ()
    HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-11-05] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-11-05] (Lenovo(beijing) Limited)
    HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [909016 2013-10-21] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
    HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [90640 2013-07-09] (Lenovo)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-2316213231-900153102-689936460-1001\...\Run: [EPSON NX430 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    SearchScopes: HKLM - DefaultScope {7FD14275-BA35-4235-9CD9-BFCD1CE3CE59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {7FD14275-BA35-4235-9CD9-BFCD1CE3CE59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKLM-x32 - {7FD14275-BA35-4235-9CD9-BFCD1CE3CE59} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
    SearchScopes: HKCU - {7FD14275-BA35-4235-9CD9-BFCD1CE3CE59} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\AnitaHY\AppData\Roaming\Mozilla\Firefox\Profiles\5xg9r6le.default
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
    FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
    FF Extension: Adblock Plus - C:\Users\AnitaHY\AppData\Roaming\Mozilla\Firefox\Profiles\5xg9r6le.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-14]

    ==================== Services (Whitelisted) =================

    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [56832 2013-08-28] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115632 2013-08-02] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116656 2013-08-02] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148688 2013-08-02] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124880 2013-08-02] (Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
    R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2013-11-05] (Lenovo)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
    R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [162600 2013-08-30] (PointGrab LTD)
    R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [249872 2013-11-05] (Lenovo)
    S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [328720 2013-11-05] (Lenovo)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-05] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [32528 2013-11-05] (Lenovo)

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-03-31] (AVG Technologies CZ, s.r.o.)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [143568 2013-08-02] (Intel Corporation)
    R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [76432 2013-08-02] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [114680 2013-08-02] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [287160 2013-08-02] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494272 2013-08-02] (Intel Corporation)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-02] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [547032 2013-07-03] (Realtek Semiconductor Corporation)
    R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2013-11-15] (Realtek Semiconductor Corporation )
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-10 22:17 - 2014-06-10 22:17 - 00019144 _____ () C:\Users\AnitaHY\Desktop\FRST.txt
    2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\FRST
    2014-06-10 22:16 - 2014-06-10 22:16 - 02081792 _____ (Farbar) C:\Users\AnitaHY\Desktop\FRST64.exe
    2014-06-10 22:14 - 2014-06-10 22:14 - 00000757 _____ () C:\Users\AnitaHY\Desktop\JRT.txt
    2014-06-10 22:09 - 2014-06-10 22:09 - 00000821 _____ () C:\Users\AnitaHY\Desktop\AdwCleaner[S0].txt
    2014-06-10 22:08 - 2014-06-10 22:08 - 00000000 ____D () C:\windows\ERUNT
    2014-06-10 22:05 - 2014-06-10 22:06 - 01016261 _____ (Thisisu) C:\Users\AnitaHY\Desktop\JRT.exe
    2014-06-10 21:58 - 2014-06-10 22:01 - 00000000 ____D () C:\AdwCleaner
    2014-06-10 21:57 - 2014-06-10 21:57 - 01333465 _____ () C:\Users\AnitaHY\Desktop\adwcleaner_3.212.exe
    2014-06-10 21:29 - 2014-06-10 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 21:28 - 2014-06-10 21:46 - 00000000 ____D () C:\Users\AnitaHY\Desktop\mbar
    2014-06-10 21:28 - 2014-06-10 21:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\AnitaHY\Desktop\mbar-1.07.0.1012.exe
    2014-06-10 21:05 - 2014-06-10 21:05 - 04686336 _____ () C:\Users\AnitaHY\Desktop\RogueKiller.exe
    2014-06-10 21:05 - 2014-06-10 21:05 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 19:54 - 2014-06-10 22:01 - 00003964 _____ () C:\windows\PFRO.log
    2014-06-10 19:45 - 2014-06-10 22:04 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-10 19:45 - 2014-06-10 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-06-10 19:45 - 2014-06-10 19:45 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-10 19:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-06-10 19:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-06-10 19:43 - 2014-06-10 19:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\AnitaHY\Desktop\mbam-setup-2.0.2.1012.exe
    2014-06-10 19:29 - 2014-06-10 19:30 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Meyccyas
    2014-06-10 16:09 - 2014-06-10 16:09 - 00147456 _____ () C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe
    2014-06-10 13:52 - 2014-06-10 13:54 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Paekzooq
    2014-06-10 13:37 - 2014-06-10 13:38 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Weigatg
    2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Cimyvo
    2014-06-08 14:35 - 2014-06-08 14:35 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
    2014-06-08 14:35 - 2014-06-08 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-06-08 14:35 - 2014-06-08 14:35 - 00000000 ____D () C:\Program Files\CCleaner
    2014-06-08 14:34 - 2014-06-08 14:34 - 04748896 _____ (Piriform Ltd) C:\Users\AnitaHY\Desktop\ccsetup414.exe
    2014-06-08 11:04 - 2014-06-08 12:44 - 00385024 _____ () C:\Users\AnitaHY\Desktop\The Book index (updated).xls
    2014-06-08 09:56 - 2014-06-08 09:57 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Pyydydc
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\TuneUp Software
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\AVG2014
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-06-08 09:49 - 2014-06-08 09:52 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-06-08 09:49 - 2014-06-08 09:49 - 00000000 ___HD () C:\$AVG
    2014-06-08 09:49 - 2014-06-08 09:49 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-06-08 09:44 - 2014-06-10 17:03 - 00000000 ____D () C:\ProgramData\MFAData
    2014-06-08 09:44 - 2014-06-08 09:54 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\Avg2014
    2014-06-08 09:44 - 2014-06-08 09:44 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\MFAData
    2014-06-08 09:43 - 2014-06-08 09:43 - 04485528 _____ (AVG Technologies) C:\Users\AnitaHY\Desktop\avg_free_stb_all_2014_4577_cnet.exe
    2014-06-07 21:53 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Yfykami
    2014-06-07 17:45 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Aqzibeyt
    2014-06-07 16:47 - 2014-06-07 16:47 - 00068782 _____ () C:\Users\AnitaHY\AppData\Local\lhxokxkb
    2014-06-07 16:44 - 2014-06-08 09:52 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Suaqbul
    2014-05-21 10:26 - 2014-06-10 22:05 - 00004986 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AHY-ULTBK-AnitaHY AHY-ULTBK
    2014-05-14 08:58 - 2014-05-14 08:58 - 00001868 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-05-14 08:58 - 2014-05-14 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-05-14 08:58 - 2014-05-14 08:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-05-14 08:57 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2014-05-14 08:57 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2014-05-14 08:57 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2014-05-14 08:56 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\windows\system32\mrt_map.dll
    2014-05-14 08:56 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\windows\system32\mrt100.dll
    2014-05-14 08:56 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mrt_map.dll
    2014-05-14 08:56 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mrt100.dll
    2014-05-14 08:56 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
    2014-05-14 08:56 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
    2014-05-13 20:27 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-05-13 20:27 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-05-13 20:27 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-05-13 20:27 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-05-13 20:27 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll
    2014-05-13 20:27 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2014-05-13 20:27 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinapi.appcore.dll
    2014-05-13 20:27 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2014-05-13 20:27 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\WSReset.exe
    2014-05-13 20:27 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2014-05-13 20:27 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
    2014-05-13 20:27 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
    2014-05-13 20:27 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
    2014-05-13 20:27 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2014-05-13 20:27 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-05-13 20:27 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2014-05-13 20:27 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-05-13 20:27 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2014-05-13 20:27 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2014-05-13 20:27 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2014-05-13 20:27 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2014-05-13 20:27 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2014-05-13 20:27 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2014-05-13 20:27 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2014-05-13 20:27 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2014-05-13 20:27 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2014-05-13 20:27 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2014-05-13 20:27 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
    2014-05-13 20:27 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2014-05-13 20:27 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
    2014-05-13 20:27 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2014-05-13 20:26 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2014-05-13 20:26 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
    2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
    2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
    2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys

    ==================== One Month Modified Files and Folders =======

    2014-06-10 22:17 - 2014-06-10 22:17 - 00019144 _____ () C:\Users\AnitaHY\Desktop\FRST.txt
    2014-06-10 22:17 - 2014-06-10 22:17 - 00000000 ____D () C:\FRST
    2014-06-10 22:17 - 2014-01-14 09:46 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\Temp
    2014-06-10 22:16 - 2014-06-10 22:16 - 02081792 _____ (Farbar) C:\Users\AnitaHY\Desktop\FRST64.exe
    2014-06-10 22:14 - 2014-06-10 22:14 - 00000757 _____ () C:\Users\AnitaHY\Desktop\JRT.txt
    2014-06-10 22:10 - 2014-01-14 09:46 - 00039213 _____ () C:\Users\AnitaHY\AppData\Local\BTServer.log
    2014-06-10 22:09 - 2014-06-10 22:09 - 00000821 _____ () C:\Users\AnitaHY\Desktop\AdwCleaner[S0].txt
    2014-06-10 22:08 - 2014-06-10 22:08 - 00000000 ____D () C:\windows\ERUNT
    2014-06-10 22:06 - 2014-06-10 22:05 - 01016261 _____ (Thisisu) C:\Users\AnitaHY\Desktop\JRT.exe
    2014-06-10 22:06 - 2013-08-28 04:36 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-06-10 22:05 - 2014-05-21 10:26 - 00004986 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AHY-ULTBK-AnitaHY AHY-ULTBK
    2014-06-10 22:04 - 2014-06-10 19:45 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-10 22:04 - 2014-02-08 09:33 - 00000000 ____D () C:\Users\AnitaHY\Documents\Outlook Files
    2014-06-10 22:04 - 2014-01-16 21:42 - 00000000 __RDO () C:\Users\AnitaHY\SkyDrive
    2014-06-10 22:01 - 2014-06-10 21:58 - 00000000 ____D () C:\AdwCleaner
    2014-06-10 22:01 - 2014-06-10 19:54 - 00003964 _____ () C:\windows\PFRO.log
    2014-06-10 22:01 - 2013-11-05 12:42 - 00008704 _____ () C:\windows\system32\VfService.trf
    2014-06-10 22:01 - 2013-11-05 12:27 - 07049750 _____ () C:\Users\Public\CAFADEBUG.log
    2014-06-10 22:01 - 2013-08-22 10:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-06-10 22:01 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\BBI
    2014-06-10 22:00 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\sru
    2014-06-10 21:59 - 2013-11-05 12:30 - 01062557 _____ () C:\windows\WindowsUpdate.log
    2014-06-10 21:57 - 2014-06-10 21:57 - 01333465 _____ () C:\Users\AnitaHY\Desktop\adwcleaner_3.212.exe
    2014-06-10 21:54 - 2014-02-01 15:42 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-06-10 21:46 - 2014-06-10 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-06-10 21:46 - 2014-06-10 21:28 - 00000000 ____D () C:\Users\AnitaHY\Desktop\mbar
    2014-06-10 21:28 - 2014-06-10 21:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\AnitaHY\Desktop\mbar-1.07.0.1012.exe
    2014-06-10 21:28 - 2014-06-10 19:45 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-06-10 21:05 - 2014-06-10 21:05 - 04686336 _____ () C:\Users\AnitaHY\Desktop\RogueKiller.exe
    2014-06-10 21:05 - 2014-06-10 21:05 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-06-10 20:27 - 2014-01-14 09:51 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316213231-900153102-689936460-1001
    2014-06-10 19:55 - 2013-11-05 12:29 - 00000000 ____D () C:\ProgramData\Realtek
    2014-06-10 19:45 - 2014-06-10 19:45 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-10 19:45 - 2014-06-10 19:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-10 19:43 - 2014-06-10 19:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\AnitaHY\Desktop\mbam-setup-2.0.2.1012.exe
    2014-06-10 19:30 - 2014-06-10 19:29 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Meyccyas
    2014-06-10 17:23 - 2014-01-14 09:46 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\Packages
    2014-06-10 17:03 - 2014-06-08 09:44 - 00000000 ____D () C:\ProgramData\MFAData
    2014-06-10 16:09 - 2014-06-10 16:09 - 00147456 _____ () C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe
    2014-06-10 14:47 - 2014-02-05 09:26 - 00000000 ____D () C:\Users\AnitaHY\Desktop\Shine
    2014-06-10 13:54 - 2014-06-10 13:52 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Paekzooq
    2014-06-10 13:38 - 2014-06-10 13:37 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Weigatg
    2014-06-10 08:21 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\AppReadiness
    2014-06-09 22:18 - 2014-02-05 09:26 - 00401920 _____ () C:\Users\AnitaHY\Desktop\The Book index.xls
    2014-06-09 17:09 - 2014-02-05 09:26 - 00603136 ___SH () C:\Users\AnitaHY\Desktop\Thumbs.db
    2014-06-09 13:12 - 2014-02-05 09:26 - 00013899 _____ () C:\Users\AnitaHY\Desktop\Finances.xlsx
    2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Cimyvo
    2014-06-08 14:38 - 2014-02-25 09:02 - 00000000 ____D () C:\windows\Minidump
    2014-06-08 14:38 - 2013-08-28 05:31 - 00000000 ____D () C:\windows\Panther
    2014-06-08 14:35 - 2014-06-08 14:35 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
    2014-06-08 14:35 - 2014-06-08 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-06-08 14:35 - 2014-06-08 14:35 - 00000000 ____D () C:\Program Files\CCleaner
    2014-06-08 14:34 - 2014-06-08 14:34 - 04748896 _____ (Piriform Ltd) C:\Users\AnitaHY\Desktop\ccsetup414.exe
    2014-06-08 14:28 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\NDF
    2014-06-08 12:44 - 2014-06-08 11:04 - 00385024 _____ () C:\Users\AnitaHY\Desktop\The Book index (updated).xls
    2014-06-08 11:01 - 2014-06-07 17:45 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Aqzibeyt
    2014-06-08 10:00 - 2014-06-07 21:53 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Yfykami
    2014-06-08 09:58 - 2013-11-05 12:37 - 00000000 ____D () C:\ProgramData\McAfee
    2014-06-08 09:57 - 2014-06-08 09:56 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Pyydydc
    2014-06-08 09:56 - 2013-08-22 11:36 - 00000000 ___HD () C:\windows\ELAMBKUP
    2014-06-08 09:54 - 2014-06-08 09:44 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\Avg2014
    2014-06-08 09:53 - 2013-08-22 09:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
    2014-06-08 09:52 - 2014-06-08 09:49 - 00000000 ____D () C:\ProgramData\AVG2014
    2014-06-08 09:52 - 2014-06-07 16:44 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Suaqbul
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\TuneUp Software
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\AVG2014
    2014-06-08 09:50 - 2014-06-08 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2014-06-08 09:49 - 2014-06-08 09:49 - 00000000 ___HD () C:\$AVG
    2014-06-08 09:49 - 2014-06-08 09:49 - 00000000 ____D () C:\Program Files (x86)\AVG
    2014-06-08 09:44 - 2014-06-08 09:44 - 00000000 ____D () C:\Users\AnitaHY\AppData\Local\MFAData
    2014-06-08 09:43 - 2014-06-08 09:43 - 04485528 _____ (AVG Technologies) C:\Users\AnitaHY\Desktop\avg_free_stb_all_2014_4577_cnet.exe
    2014-06-07 16:47 - 2014-06-07 16:47 - 00068782 _____ () C:\Users\AnitaHY\AppData\Local\lhxokxkb
    2014-05-30 09:50 - 2014-02-05 09:26 - 00051200 _____ () C:\Users\AnitaHY\Desktop\library database.xls
    2014-05-30 08:36 - 2014-02-05 09:26 - 00000000 ____D () C:\Users\AnitaHY\Desktop\Theopoetics
    2014-05-29 10:03 - 2014-02-05 09:26 - 00000000 ____D () C:\Users\AnitaHY\Desktop\WRITING in progress
    2014-05-28 17:23 - 2014-03-19 21:30 - 00000000 ____D () C:\Users\AnitaHY\Desktop\Ignatian retreat
    2014-05-28 11:48 - 2014-02-01 22:01 - 00000000 ____D () C:\Users\AnitaHY\Documents\Notes on Books & Articles
    2014-05-28 10:29 - 2014-02-04 08:56 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Skype
    2014-05-27 20:42 - 2014-02-05 09:26 - 00000000 ____D () C:\Users\AnitaHY\Desktop\TO PRINT
    2014-05-24 11:08 - 2014-02-04 23:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-05-20 13:29 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\rescache
    2014-05-16 15:36 - 2014-01-14 11:12 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-05-15 07:37 - 2014-01-14 09:46 - 00000000 ___RD () C:\Users\AnitaHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-15 07:37 - 2014-01-14 09:46 - 00000000 ___RD () C:\Users\AnitaHY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-14 22:53 - 2014-01-14 10:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ___RD () C:\windows\ToastData
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\WinStore
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-05-14 22:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-05-14 22:51 - 2014-01-13 20:54 - 00000000 ____D () C:\windows\system32\MRT
    2014-05-14 22:51 - 2013-08-22 11:20 - 00000000 ____D () C:\windows\CbsTemp
    2014-05-14 22:49 - 2014-01-13 20:54 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-05-14 08:58 - 2014-05-14 08:58 - 00001868 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-05-14 08:58 - 2014-05-14 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-05-14 08:58 - 2014-05-14 08:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-05-14 08:56 - 2013-08-22 11:36 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
    2014-05-13 20:55 - 2014-02-01 15:42 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
    2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
    2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
    2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
    2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
    2014-05-12 07:26 - 2014-06-10 19:45 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-05-12 07:25 - 2014-06-10 19:45 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2014-05-11 21:58 - 2014-02-05 09:26 - 00000000 ____D () C:\Users\AnitaHY\Desktop\M.Div. Review

    Some content of TEMP:
    ====================
    C:\Users\AnitaHY\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-09 10:59

    ==================== End Of Log ============================
     
  14. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Addition Log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2014
    Ran by AnitaHY at 2014-06-10 22:17:51
    Running from C:\Users\AnitaHY\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
    Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
    AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
    Dragon Assistant Application en-US version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
    Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
    Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
    Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
    EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
    Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
    Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2103 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
    Intel(R) Experience Center Driver (Version: 1.7.0.179 - Intel Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
    Intel(R) Update Manager (x32 Version: 1.6.2.69 - Intel Corporation) Hidden
    Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
    Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
    Lenovo Motion Control (HKLM-x32\...\InstallShield_{A800D2BF-2F0D-4899-B265-C91C90981E8C}) (Version: 2.0.0.0829 - PointGrab)
    Lenovo Motion Control (x32 Version: 2.0.0.0829 - PointGrab) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
    Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
    Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.0 - Lenovo)
    Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.8301 - Lenovo)
    Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
    Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.3 - Lenovo)
    Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.3 - Lenovo) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.754.754.082813 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0228 - REALTEK Semiconductor Corp.)
    Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.4 - Synaptics Incorporated)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
    UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
    Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
    Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.00.013.0731 - Lenovo)

    ==================== Restore Points =========================

    24-05-2014 16:16:08 Scheduled Checkpoint
    08-06-2014 13:48:26 Installed AVG 2014
    11-06-2014 01:27:20 new restore point

    ==================== Hosts content: ==========================

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {001D74A3-9C7F-4792-BA42-7E62F5B52850} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {1740D2A3-252C-49EC-AA5F-1099A42DBE42} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
    Task: {1E35B13F-FADB-4FEC-BCD0-6C3A1149AC84} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2B7C4E6D-8FD8-4B71-9FD9-AD0337673576} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {3D5A680D-31EA-466E-BA6C-F90D0BFB6F6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {3F0D4242-00C6-4823-96A1-E22D15A06841} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-24] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {52D67C79-46E1-4D78-A996-986E047F663E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
    Task: {55713C56-E491-4B63-8057-CC38E0A4AC9D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {58B21BB7-1231-45B7-9B4F-ADD9FFD4BBC5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {6A9DDC60-272F-4841-8BD5-CA2CB6FF6C7C} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {7167423A-5DFB-487E-A018-644F15DA223D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {8050EF4C-79CF-4937-9CC1-4442EFAD6962} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
    Task: {8628E792-1C7E-40BE-B679-44BB288B0EAE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {AAC9E67D-35D6-40CA-BB63-7403052BE869} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2013-11-05] (Lenovo)
    Task: {AFCDBD6A-A0B1-475A-91BC-916A4CBEDA6E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AHY-ULTBK-AnitaHY AHY-ULTBK => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-24] (Microsoft Corporation)
    Task: {CD10BB73-3E4E-4028-9669-435259C87C1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-24] (Microsoft Corporation)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E24103DA-8FFD-4462-B4C2-2DA85942B0FB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-11-05 12:29 - 2013-08-28 16:35 - 00056832 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
    2014-03-19 08:56 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-02-04 23:17 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2013-11-05 12:40 - 2012-04-24 06:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2013-11-05 12:42 - 2013-11-05 12:42 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
    2013-11-05 12:42 - 2013-11-05 12:42 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
    2013-11-05 12:41 - 2013-11-05 12:40 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
    2013-11-05 12:40 - 2013-11-05 12:40 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
    2013-11-05 12:40 - 2013-11-05 12:40 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
    2014-01-13 21:20 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    2014-05-24 09:41 - 2014-05-24 09:41 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-11-05 12:37 - 2013-07-31 19:32 - 00034288 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.Utils.dll
    2013-11-05 12:40 - 2013-11-05 12:40 - 00161792 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2013-11-05 12:42 - 2013-05-02 15:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2013-11-05 12:42 - 2013-05-02 15:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2013-11-05 12:25 - 2013-08-19 14:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-11-05 12:40 - 2013-11-05 12:40 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
    2013-11-05 12:40 - 2013-11-05 12:40 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
    2013-11-05 12:41 - 2013-11-05 12:41 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
    2014-04-11 22:23 - 2014-04-11 22:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 01013536 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtNetwork4.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 02610464 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtCore4.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00028448 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\osEvents.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00328992 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\log4cplus.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00389408 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\QtXml4.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00407328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\sqlite3.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00202528 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\libgsoap.dll
    2013-07-03 23:40 - 2013-07-03 23:40 - 00069408 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\zlib1.dll
    2013-07-03 23:41 - 2013-07-03 23:41 - 00473376 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\plugin\PServerPlugin.dll
    2014-05-09 17:35 - 2014-05-09 17:36 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Users\AnitaHY\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 41%
    Total physical RAM: 3976.27 MB
    Available physical RAM: 2321.01 MB
    Total Pagefile: 8072.27 MB
    Available Pagefile: 6220.07 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:101.74 GB) (Free:49.46 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119 GB) (Disk ID: A72364C2)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  16. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    FixLog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-06-2014
    Ran by AnitaHY at 2014-06-11 07:06:07 Run:1
    Running from C:\Users\AnitaHY\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    2014-06-10 19:29 - 2014-06-10 19:30 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Meyccyas
    2014-06-10 16:09 - 2014-06-10 16:09 - 00147456 _____ () C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe
    2014-06-10 13:52 - 2014-06-10 13:54 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Paekzooq
    2014-06-10 13:37 - 2014-06-10 13:38 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Weigatg
    2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Cimyvo
    2014-06-08 09:56 - 2014-06-08 09:57 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Pyydydc
    2014-06-07 21:53 - 2014-06-08 10:00 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Yfykami
    2014-06-07 17:45 - 2014-06-08 11:01 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Aqzibeyt
    2014-06-07 16:47 - 2014-06-07 16:47 - 00068782 _____ () C:\Users\AnitaHY\AppData\Local\lhxokxkb
    2014-06-07 16:44 - 2014-06-08 09:52 - 00000000 ____D () C:\Users\AnitaHY\AppData\Roaming\Suaqbul
    C:\Users\AnitaHY\AppData\Local\Temp\Quarantine.exe
    AlternateDataStreams: C:\Users\AnitaHY\SkyDrive:ms-properties

    *****************

    C:\Users\AnitaHY\AppData\Roaming\Meyccyas => Moved successfully.
    C:\Users\AnitaHY\AppData\Local\tkugjqsr.exe => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Paekzooq => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Weigatg => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Cimyvo => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Pyydydc => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Yfykami => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Aqzibeyt => Moved successfully.
    C:\Users\AnitaHY\AppData\Local\lhxokxkb => Moved successfully.
    C:\Users\AnitaHY\AppData\Roaming\Suaqbul => Moved successfully.
    C:\Users\AnitaHY\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    "C:\Users\AnitaHY\SkyDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog ====
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Thanks! So, it wasn't a problem that nothing happened with SkyDrive on the last log that I posted? I wasn't connected to the Internet when I did that cleaning so just wanted to make sure it wasn't a problem that that didn't get deleted.

    The computer seems fine! No alerts have popped up today at all. Thanks for all your help! Running the last scans now . . .
     
  19. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    When I did Security Check (first thing above) it says "UNSUPPORTED OPERATING SYSTEM! ABORTED!"
     
  20. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner Version: 10-06-2014
    Ran by AnitaHY (administrator) on 11-06-2014 at 19:51:41
    Running from "C:\Users\AnitaHY\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  21. anita.hooley

    anita.hooley TS Rookie Topic Starter Posts: 16

    For the ESET scan, I had to click something that said "enable detection of potentially unwanted programs" (or something like that). It seemed like maybe my AVG antivirus software was not fully off, but I though I turned it off. Anyway, here is the result:

    C:\FRST\Quarantine\C\Users\AnitaHY\AppData\Local\tkugjqsr.exe.xBAD a variant of Win32/Kryptik.BVKP trojan cleaned by deleting - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Update Firefox to the current 30.0 version.

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...