Malwarebytes won't finish scan - can't clean what is found

cremter · May 23, 2014

Hello, I first posted this topic in this thread - https://forums.malwarebytes.org/index.php?showtopic=149186 and was told to come here first.

I have an HP P6745Y, AMD Athlon II X4 640, 4GB RAM, 4TB HD, Windows 7 Home 64bit with the latest updates. I run AVG 2014 free and Malwarebytes v2.0.2.1012 which ran its updates today.

Whenever I run a Threat Scan, it moves through the Pre-scan to the Filesystem with no problems. The problem happens during the Heuristic Analysis in that it scans up to 276,603 files and then advances no further no matter how long I wait (6 hours was the longest). It detected 497 objects with them all being PUPs. They consist of Files, Data, Folders, Keys, Modules and Values.

I have run rKill which didn't find anything. I've run a full scan with AVG which found 16 Adware entries and cleaned them. I've uninstalled mbam, downloaded and ran the mbam cleaner, rebooted and reinstalled. I downloaded spybot search and destroy which found 407 items.

Can you please help me?

I tried to copy and paste onto this message, but was told it was too long. I've attached the files. Please let me know if I can get them to you a different way.

Thanks!!!

Addition.txt

FRST.txt

cremter · May 28, 2014

I'm really hoping I can get some insight on this pretty quick. This isn't just me this impacts.

As an Update:

Uninstalled Mbam 2.02, rebooted, ran mbam clean and rebooted.

Regeditted for mbam and malwarebytes and deleted anything that popped up. rebooted.

Loaded mbam 1.75 and did not upgrade. ran full scan. It finished and found some PUPs. Cleaned and rebooted.'

Loaded Updates to 1.75 and ran a full scan. Found a few more PUPs. Cleaned and rebooted.

Unintalled 1.75, rebooted. Ran mbam clean and rebooted. Regeditted mbam and malwarebytes out. Rebooted.

Loaded 2.02 and updated. Ran a full scan.

#$(*&^ thing currently sits at 277,032 objects scanned. 2 Detected Objects (Pups), time elapsed is 3:05:00 in Heuristic Analysis. The progress gif goes and the threat scan spins and it willl sit here until I stop it. The program is not frozen, this is not an inordinately slow machine. The Pups are from a toolbar the customer wants (Incredimail) and I can't get Mbam to finish.

Let me know if I need to purchase a license to get better support. If I do, then that will be the last license I purchase or ever suggest to someone to purchase. I will not suggest packages that run well, but when something goes wrong, no support can be found.

(still at 277032 objects....)

kevinf80 · May 28, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin

fixlist.txt

cremter · May 28, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike (administrator) on MIKE-HP on 28-05-2014 15:40:54
Running from C:\Users\Mike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {D07DDCB6-CF66-4FB6-8F7A-CF6F604C404B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D07DDCB6-CF66-4FB6-8F7A-CF6F604C404B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Free Games (4357) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - C:\Program Files (x86)\Free Games (4357)\ScriptHost64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {C2733FB1-F388-335D-C2E7-BF4121C69974} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C2733FB1-F388-335D-C2E7-BF4121C69974} - No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k38y9soi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-31]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-05-30] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-28 15:40 - 2014-05-28 15:40 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-05-28 15:38 - 2014-05-28 15:38 - 00001961 _____ () C:\Users\Mike\Desktop\fixlist.txt
2014-05-28 09:05 - 2014-05-28 09:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 09:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 08:52 - 2014-05-28 08:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 01:46 - 2014-05-28 09:05 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 01:46 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 01:46 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 01:46 - 2014-05-28 01:46 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes
2014-05-28 01:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 20:54 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-27 20:37 - 2014-05-27 20:37 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Lavasoft
2014-05-27 20:32 - 2014-05-27 20:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\LavasoftStatistics
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\BitDefender
2014-05-27 20:20 - 2014-05-28 08:51 - 00002333 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-27 20:20 - 2014-05-27 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-27 20:20 - 2013-08-21 14:32 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-05-27 20:19 - 2014-05-27 20:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-27 20:18 - 2014-05-27 20:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 20:17 - 2014-05-27 20:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 20:12 - 2014-05-27 20:12 - 00000360 _____ () C:\Users\Mike\Desktop\Mahjong.lnk
2014-05-27 20:11 - 2014-05-27 20:11 - 01727624 _____ () C:\Users\Mike\Desktop\Adaware_Installer.exe
2014-05-27 19:56 - 2014-05-27 19:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-27 19:56 - 2013-09-29 00:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe
2014-05-27 14:54 - 2014-05-27 14:54 - 00028655 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_05272014_145423.txt
2014-05-27 14:51 - 2014-05-27 19:57 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-05-27 14:02 - 2014-05-27 14:02 - 00001131 _____ () C:\Users\Mike\Desktop\JRT.txt
2014-05-27 12:56 - 2014-05-27 12:57 - 00005809 _____ () C:\Users\Mike\Documents\AdwCleaner[s1].txt
2014-05-27 12:55 - 2014-05-27 12:55 - 00005634 _____ () C:\Users\Mike\Documents\AdwCleaner[R1].txt
2014-05-27 12:19 - 2014-05-27 12:59 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-05-27 12:19 - 2014-05-27 12:19 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-05-27 12:08 - 2014-05-27 12:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 11:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 07:34 - 2014-05-23 07:34 - 00051493 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-05-23 07:30 - 2014-05-28 15:40 - 02066944 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-05-23 07:30 - 2014-05-28 15:40 - 00015886 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-05-23 07:30 - 2014-05-28 15:40 - 00000000 ____D () C:\FRST
2014-05-23 05:59 - 2014-05-23 05:59 - 00279595 _____ () C:\Users\Mike\Desktop\TeamSpybot-20140523-055933.cab
2014-05-23 05:57 - 2014-05-23 05:57 - 00000000 ____D () C:\Users\Mike\Documents\ProcAlyzer Dumps
2014-05-23 03:22 - 2014-05-23 03:22 - 00004148 _____ () C:\Windows\wininit.ini
2014-05-23 02:51 - 2014-05-23 03:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 02:51 - 2014-05-23 02:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-23 02:51 - 2014-05-23 02:51 - 00001375 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-23 02:51 - 2014-05-23 02:51 - 00001363 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-23 02:51 - 2014-05-23 02:51 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-23 02:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-23 02:49 - 2014-05-23 02:49 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Desktop\spybot-2.3.exe
2014-05-23 00:30 - 2014-05-27 19:58 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-clean-2.0.2.0.exe
2014-05-23 00:19 - 2014-05-23 00:21 - 00002702 _____ () C:\Users\Mike\Desktop\Rkill.txt
2014-05-21 11:12 - 2014-05-21 11:12 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job
2014-05-21 11:12 - 2014-05-21 11:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-05-21 11:05 - 2014-05-21 11:05 - 00000000 ____D () C:\Users\Mike\Desktop\F6D4050v1-WIN7_x64
2014-05-21 08:11 - 2014-05-21 08:11 - 00041592 _____ () C:\Users\Mike\Documents\cc_20140521_081149.reg
2014-05-16 16:46 - 2014-05-16 16:46 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00001132 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-16 16:23 - 2014-05-16 16:23 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2014-05-16 16:14 - 2014-05-16 16:15 - 00129292 _____ () C:\Users\Mike\Documents\cc_20140516_161453.reg
2014-05-16 15:47 - 2014-05-28 15:39 - 00000000 ____D () C:\Chris DO NOT DELETE
2014-05-16 15:26 - 2014-05-16 15:26 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:26 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-15 03:10 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:10 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:10 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:10 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:10 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:10 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieUserList
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieSiteList
2014-05-14 08:35 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:35 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:35 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:35 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:35 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:35 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:35 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:35 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:35 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:35 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:35 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:35 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:35 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:35 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:35 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:35 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:35 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 10:49 - 2014-05-11 11:01 - 00000000 ____D () C:\Users\Mike\Desktop\photos
2014-05-09 03:21 - 2014-05-09 03:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b575ded0c9b.job
2014-05-08 03:01 - 2014-05-15 03:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-08 03:01 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-08 03:01 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-08 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-08 03:01 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-08 03:01 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-08 03:01 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-08 03:01 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-08 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-08 03:01 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-08 03:01 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-08 03:01 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-08 03:01 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-08 03:01 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-08 03:01 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-08 03:01 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-08 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-08 03:01 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-08 03:01 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-08 03:01 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-08 03:01 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-08 03:01 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-08 03:01 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-08 03:01 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-08 03:01 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-08 03:01 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-08 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-08 03:01 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-08 03:01 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-08 03:01 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-08 03:01 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-08 03:01 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-08 03:01 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-08 03:01 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-08 03:01 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-08 03:01 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-08 03:01 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-08 03:01 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-08 03:01 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-08 03:01 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-08 03:01 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-08 03:01 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-08 03:01 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-08 03:01 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-08 03:01 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-28 15:42 - 2014-05-23 07:30 - 00015886 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-05-28 15:40 - 2014-05-28 15:40 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-05-28 15:40 - 2014-05-23 07:30 - 02066944 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-05-28 15:40 - 2014-05-23 07:30 - 00000000 ____D () C:\FRST
2014-05-28 15:39 - 2014-05-16 15:47 - 00000000 ____D () C:\Chris DO NOT DELETE
2014-05-28 15:38 - 2014-05-28 15:38 - 00001961 _____ () C:\Users\Mike\Desktop\fixlist.txt
2014-05-28 14:31 - 2011-01-31 03:18 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F731DCE1-28D9-4098-8B0E-3AA336C491C9}
2014-05-28 09:05 - 2014-05-28 09:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 01:46 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 08:56 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 08:56 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 08:55 - 2009-07-14 01:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 08:52 - 2014-05-28 08:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 08:52 - 2010-12-10 15:21 - 02038952 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 08:51 - 2014-05-27 20:20 - 00002333 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-28 08:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 08:48 - 2009-07-14 00:51 - 00077240 _____ () C:\Windows\setupact.log
2014-05-28 08:47 - 2010-12-10 18:37 - 00701022 _____ () C:\Windows\PFRO.log
2014-05-27 22:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 20:37 - 2014-05-27 20:37 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Lavasoft
2014-05-27 20:32 - 2014-05-27 20:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\LavasoftStatistics
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\BitDefender
2014-05-27 20:20 - 2014-05-27 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-27 20:19 - 2014-05-27 20:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-27 20:18 - 2014-05-27 20:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 20:17 - 2014-05-27 20:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 20:15 - 2011-02-01 10:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-27 20:12 - 2014-05-27 20:12 - 00000360 _____ () C:\Users\Mike\Desktop\Mahjong.lnk
2014-05-27 20:11 - 2014-05-27 20:11 - 01727624 _____ () C:\Users\Mike\Desktop\Adaware_Installer.exe
2014-05-27 19:58 - 2014-05-23 00:30 - 00315392 _____ (Malwarebytes Corporation) C:\Users\Mike\Desktop\mbam-clean-2.0.2.0.exe
2014-05-27 19:57 - 2014-05-27 14:51 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-05-27 19:56 - 2014-05-27 19:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-27 19:55 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-27 14:54 - 2014-05-27 14:54 - 00028655 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_05272014_145423.txt
2014-05-27 14:02 - 2014-05-27 14:02 - 00001131 _____ () C:\Users\Mike\Desktop\JRT.txt
2014-05-27 12:59 - 2014-05-27 12:19 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-05-27 12:57 - 2014-05-27 12:56 - 00005809 _____ () C:\Users\Mike\Documents\AdwCleaner[s1].txt
2014-05-27 12:55 - 2014-05-27 12:55 - 00005634 _____ () C:\Users\Mike\Documents\AdwCleaner[R1].txt
2014-05-27 12:19 - 2014-05-27 12:19 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-05-27 12:18 - 2011-02-01 08:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-27 12:17 - 2011-02-01 08:15 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant
2014-05-27 12:17 - 2011-02-01 08:01 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate
2014-05-27 12:08 - 2014-05-27 12:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 12:06 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-27 12:04 - 2014-04-19 15:24 - 00001051 _____ () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-23 07:34 - 2014-05-23 07:34 - 00051493 _____ () C:\Users\Mike\Desktop\Addition.txt
2014-05-23 05:59 - 2014-05-23 05:59 - 00279595 _____ () C:\Users\Mike\Desktop\TeamSpybot-20140523-055933.cab
2014-05-23 05:57 - 2014-05-23 05:57 - 00000000 ____D () C:\Users\Mike\Documents\ProcAlyzer Dumps
2014-05-23 03:30 - 2014-05-23 02:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-23 03:22 - 2014-05-23 03:22 - 00004148 _____ () C:\Windows\wininit.ini
2014-05-23 03:10 - 2011-02-07 14:23 - 00000000 ____D () C:\Users\Mike\AppData\Local\Microsoft Games
2014-05-23 02:53 - 2014-05-23 02:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-23 02:51 - 2014-05-23 02:51 - 00001375 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-23 02:51 - 2014-05-23 02:51 - 00001363 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-23 02:51 - 2014-05-23 02:51 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-23 02:49 - 2014-05-23 02:49 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Desktop\spybot-2.3.exe
2014-05-23 01:34 - 2010-12-10 15:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-23 00:21 - 2014-05-23 00:19 - 00002702 _____ () C:\Users\Mike\Desktop\Rkill.txt
2014-05-21 11:12 - 2014-05-21 11:12 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job
2014-05-21 11:12 - 2014-05-21 11:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-05-21 11:05 - 2014-05-21 11:05 - 00000000 ____D () C:\Users\Mike\Desktop\F6D4050v1-WIN7_x64
2014-05-21 11:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-21 08:11 - 2014-05-21 08:11 - 00041592 _____ () C:\Users\Mike\Documents\cc_20140521_081149.reg
2014-05-17 08:03 - 2008-08-18 14:14 - 00000000 ____D () C:\Users\Mike\Desktop\LINDA
2014-05-17 05:27 - 2008-10-18 08:58 - 00000000 ____D () C:\Users\Mike\Desktop\Mike's
2014-05-16 16:46 - 2014-05-16 16:46 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00001132 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-16 16:45 - 2013-07-12 14:11 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2014-05-16 16:45 - 2013-05-29 14:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 16:45 - 2013-05-29 14:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 16:45 - 2013-05-29 14:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 16:26 - 2011-02-01 10:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-16 16:23 - 2014-05-16 16:23 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2014-05-16 16:15 - 2014-05-16 16:14 - 00129292 _____ () C:\Users\Mike\Documents\cc_20140516_161453.reg
2014-05-16 16:13 - 2012-04-23 08:27 - 00000000 ____D () C:\Users\Mike\Tracing
2014-05-16 16:12 - 2011-02-01 10:25 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-05-16 16:07 - 2013-07-12 14:46 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 16:07 - 2013-07-12 14:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 15:55 - 2012-07-13 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 15:27 - 2011-01-31 07:22 - 00000000 ____D () C:\Users\Mike\AppData\Local\Mozilla
2014-05-16 15:26 - 2014-05-16 15:26 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:26 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-16 15:26 - 2013-02-07 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 15:15 - 2011-09-29 14:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-05-16 15:12 - 2011-01-31 03:16 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:11 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 03:32 - 2011-01-31 03:16 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:28 - 2014-05-08 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:12 - 2011-01-31 05:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:08 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:04 - 2011-02-01 10:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieUserList
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieSiteList
2014-05-12 09:55 - 2008-08-18 15:48 - 05998592 ____R () C:\Users\Public\Documents\ESBK.mb
2014-05-12 07:26 - 2014-05-28 09:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 09:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 01:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 17:43 - 2008-08-18 15:48 - 12337152 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-05-11 13:51 - 2011-02-01 13:13 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FUJIFILM
2014-05-11 11:01 - 2014-05-11 10:49 - 00000000 ____D () C:\Users\Mike\Desktop\photos
2014-05-09 03:21 - 2014-05-09 03:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b575ded0c9b.job
2014-05-09 02:14 - 2014-05-14 08:35 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 08:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 03:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 20:50 - 2013-05-29 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 00:40 - 2014-05-15 03:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-15 03:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-15 03:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-27 21:53

==================== End Of Log ============================

cremter · May 28, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Mike at 2014-05-28 15:43:07 Run:1
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==============================================

...

==== End of Fixlog ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Mike at 2014-05-28 15:43:07 Run:1
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Program Files (x86)\LPT\srpts.exe
C:\Users\Mike\AppData\Local\LPT\srptm.exe
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
C:\PROGRA~2\SearchProtect
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWy2ZSNs4UYdFDdqKfpL_sblQb5cZMmSGaYL9GPQ4dnwqt5Tlc2qU0lsQitqjKEKD_vDyKX69lXhqwhDAvPpr3hEqVxc3ZT6WlcLwoVYiKZ5-9hgci641V9z4V-vCNjjgw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWy2ZSNs4UYdFDdqKfpL_sblQb5cZMmSGaYL9GPQ4dnwqt5Tlc2qU0lsQitqjKEKD_vDyKX69lXhqwhDAvPpr3hEqVxc3ZT6WlcLwoVYiKZ5-9hgci641V9z4V-vCNjjgw,,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWy2ZSNs4UYdFDdqKfpL_sblQb5cZMmSGaYL9GPQ4dnwqt5Tlc2qU0lsQitqjKEKD_vJEU0NqpKuK6vrVo9Kre1H2sgxt6TMN2e19j1j92pczR0RgBgckgHcOagc0NMmeA,,
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWy2ZSNs4UYdFDdqKfpL_sblQb5cZMmSGaYL9GPQ4dnwqt5Tlc2qU0lsQitqjKEKD_vDyKX69lXhqwhDAvPpr3hEqVxc3ZT6WlcLwoVYiKZ5-9hgci641V9z4V-vCNjjgw,,&q=
AlternateDataStreams: C:\Users\Mike\Documents\Mackinac Island Air TX.eml:OECustomProperty
End
*****************

"C:\Program Files (x86)\LPT\srpts.exe" => File/Directory not found.
"C:\Users\Mike\AppData\Local\LPT\srptm.exe" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
Firefox newtab deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Mike\Documents\Mackinac Island Air TX.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====

cremter · May 28, 2014

# AdwCleaner v3.211 - Report created 28/05/2014 at 15:46:52
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-HP
# Running from : C:\Chris DO NOT DELETE\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k38y9soi.default\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R2].txt - [897 octets] - [28/05/2014 15:46:11]
AdwCleaner[s2].txt - [764 octets] - [28/05/2014 15:46:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [823 octets] ##########

cremter · May 28, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mike on Wed 05/28/2014 at 15:52:49.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\k38y9soi.default\prefs.js

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?
user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/28/2014 at 15:59:11.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cremter · May 28, 2014

And for the final post - Two pictures, 10 minutes apart with the original problem. Mbam 2.02 starts a scan, gets to a certain point and will not finish the scan. The software doesn't lock and there are no errors. I can freely move the screen. There are no errors in Task Manager. There is nothing in the Event Viewer under any item that screams Malwarebytes is in error condition.

This scan will not complete and I will be forced to cancel the scan without cleaning what it found.

kevinf80 · May 28, 2014

The image that you post states "Malwarebytes is continuing to scan your computer" how long did you wait for the scan to finish before you decided to close out...

There is a strong possibility that remnant active drivers from a previous install of Ad-aware maybe causing issues with current systems, when did you UNinstall Lavasoft Ad-aware?

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)

cremter · May 28, 2014

This condition has happened before I loaded AdAware. It's happened with AVG 2014 and also with no AV software.

I've just loaded AdAware yesterday after all the failed attempts.

As for waiting, I've waited as long as 6 hours. Generally, when I see it on the same object count for 3 hours, I believe there's a problem.

kevinf80 · May 28, 2014

Go here: http://www.safer-networking.org/faq/how-to-uninstall-2/ follow the instructions to uninstall Spybot S&D

Next,

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

As you have Malwarebytes installed lets see if we can get it to run through its protected folder, do the following

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:

A new window will open with Chameleon Tabs

Select tabs in turn until you get a successful run by double click on the tab,

Vista and Windows 7/8 user will have to accept UAC prompt. If successful you will see the following:

As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:

Do nothing, let MB continue, it will try to update:

You may see the following:

Then.....

MB will prompt if successful, do nothing; let it continue.

MB will try to kill known malicious processes, do nothing; let it continue.

MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.

When complete MB will produce a log, save that and copy to next reply.

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.

Let me see the log from Malwarebytes in your reply,

fixlist.txt

cremter · May 29, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike (administrator) on MIKE-HP on 28-05-2014 20:23:41
Running from C:\Users\Mike\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {D07DDCB6-CF66-4FB6-8F7A-CF6F604C404B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Free Games (4357) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - C:\Program Files (x86)\Free Games (4357)\ScriptHost64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {C2733FB1-F388-335D-C2E7-BF4121C69974} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C2733FB1-F388-335D-C2E7-BF4121C69974} - No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k38y9soi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-31]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-31]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-05-30] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-28] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-28 20:23 - 2014-05-28 20:23 - 00014495 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-05-28 20:23 - 2014-05-28 20:23 - 00002544 _____ () C:\Users\Mike\Desktop\fixlist.txt
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-28 15:53 - 2014-05-28 16:04 - 00000000 ____D () C:\Users\Mike\Desktop\Report
2014-05-28 15:46 - 2014-05-28 15:47 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:40 - 2014-05-28 15:40 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-05-28 09:05 - 2014-05-28 16:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 09:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 08:52 - 2014-05-28 08:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 01:46 - 2014-05-28 09:05 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 01:46 - 2014-05-28 09:05 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes
2014-05-28 01:46 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 01:46 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 01:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 20:54 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-27 20:37 - 2014-05-27 20:37 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Lavasoft
2014-05-27 20:32 - 2014-05-27 20:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\LavasoftStatistics
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\BitDefender
2014-05-27 20:20 - 2014-05-28 20:21 - 00002333 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-27 20:20 - 2014-05-27 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-27 20:20 - 2013-08-21 14:32 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-05-27 20:19 - 2014-05-27 20:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-27 20:18 - 2014-05-27 20:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 20:17 - 2014-05-27 20:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 20:12 - 2014-05-27 20:12 - 00000360 _____ () C:\Users\Mike\Desktop\Mahjong.lnk
2014-05-27 19:56 - 2014-05-27 19:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-27 14:51 - 2014-05-27 19:57 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-05-27 12:56 - 2014-05-27 12:57 - 00005809 _____ () C:\Users\Mike\Documents\AdwCleaner[s1].txt
2014-05-27 12:55 - 2014-05-27 12:55 - 00005634 _____ () C:\Users\Mike\Documents\AdwCleaner[R1].txt
2014-05-27 12:19 - 2014-05-27 12:59 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-05-27 12:19 - 2014-05-27 12:19 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-05-27 12:08 - 2014-05-27 12:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 11:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 07:30 - 2014-05-28 20:23 - 00000000 ____D () C:\FRST
2014-05-23 07:30 - 2014-05-28 15:40 - 02066944 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-05-23 05:57 - 2014-05-23 05:57 - 00000000 ____D () C:\Users\Mike\Documents\ProcAlyzer Dumps
2014-05-23 03:22 - 2014-05-28 20:17 - 00004198 _____ () C:\Windows\wininit.ini
2014-05-23 02:51 - 2014-05-28 20:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-23 02:51 - 2014-05-23 02:51 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-23 02:49 - 2014-05-23 02:49 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Desktop\spybot-2.3.exe
2014-05-21 11:12 - 2014-05-21 11:12 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job
2014-05-21 11:12 - 2014-05-21 11:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-05-21 11:05 - 2014-05-21 11:05 - 00000000 ____D () C:\Users\Mike\Desktop\F6D4050v1-WIN7_x64
2014-05-21 08:11 - 2014-05-21 08:11 - 00041592 _____ () C:\Users\Mike\Documents\cc_20140521_081149.reg
2014-05-16 16:46 - 2014-05-16 16:46 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00001132 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-16 16:23 - 2014-05-16 16:23 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2014-05-16 16:14 - 2014-05-16 16:15 - 00129292 _____ () C:\Users\Mike\Documents\cc_20140516_161453.reg
2014-05-16 15:47 - 2014-05-28 16:24 - 00000000 ____D () C:\Chris DO NOT DELETE
2014-05-16 15:26 - 2014-05-16 15:26 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:26 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-15 03:10 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:10 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:10 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:10 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:10 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:10 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieUserList
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieSiteList
2014-05-14 08:35 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:35 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:35 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:35 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:35 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:35 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:35 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:35 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:35 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:35 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:35 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:35 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:35 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:35 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:35 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:35 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:35 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:35 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:35 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:35 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:35 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 10:49 - 2014-05-11 11:01 - 00000000 ____D () C:\Users\Mike\Desktop\photos
2014-05-09 03:21 - 2014-05-09 03:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b575ded0c9b.job
2014-05-08 03:01 - 2014-05-15 03:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-08 03:01 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-08 03:01 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-08 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-08 03:01 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-08 03:01 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-08 03:01 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-08 03:01 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-08 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-08 03:01 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-08 03:01 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-08 03:01 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-08 03:01 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-08 03:01 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-08 03:01 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-08 03:01 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-08 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-08 03:01 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-08 03:01 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-08 03:01 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-08 03:01 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-08 03:01 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-08 03:01 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-08 03:01 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-08 03:01 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-08 03:01 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-08 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-08 03:01 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-08 03:01 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-08 03:01 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-08 03:01 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-08 03:01 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-08 03:01 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-08 03:01 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-08 03:01 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-08 03:01 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-08 03:01 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-08 03:01 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-08 03:01 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-08 03:01 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-08 03:01 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-08 03:01 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-08 03:01 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-08 03:01 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-08 03:01 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-28 20:25 - 2014-05-28 20:23 - 00014495 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-05-28 20:23 - 2014-05-28 20:23 - 00002544 _____ () C:\Users\Mike\Desktop\fixlist.txt
2014-05-28 20:23 - 2014-05-23 07:30 - 00000000 ____D () C:\FRST
2014-05-28 20:21 - 2014-05-27 20:20 - 00002333 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-28 20:18 - 2014-05-23 02:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-28 20:18 - 2010-12-10 18:37 - 00704728 _____ () C:\Windows\PFRO.log
2014-05-28 20:18 - 2010-12-10 15:21 - 02056761 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 20:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 20:18 - 2009-07-14 00:51 - 00077352 _____ () C:\Windows\setupact.log
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-28 20:17 - 2014-05-23 03:22 - 00004198 _____ () C:\Windows\wininit.ini
2014-05-28 16:24 - 2014-05-16 15:47 - 00000000 ____D () C:\Chris DO NOT DELETE
2014-05-28 16:04 - 2014-05-28 15:53 - 00000000 ____D () C:\Users\Mike\Desktop\Report
2014-05-28 16:01 - 2014-05-28 09:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 15:56 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 15:47 - 2014-05-28 15:46 - 00000000 ____D () C:\AdwCleaner
2014-05-28 15:43 - 2013-11-06 14:51 - 00014632 _____ () C:\Users\Mike\Documents\Mackinac Island Air TX.eml
2014-05-28 15:40 - 2014-05-28 15:40 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-05-28 15:40 - 2014-05-23 07:30 - 02066944 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-05-28 14:31 - 2011-01-31 03:18 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F731DCE1-28D9-4098-8B0E-3AA336C491C9}
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-28 09:05 - 2014-05-28 01:46 - 00001084 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 09:05 - 2014-05-28 01:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-28 08:55 - 2009-07-14 01:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 08:52 - 2014-05-28 08:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-27 22:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 20:37 - 2014-05-27 20:37 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Lavasoft
2014-05-27 20:32 - 2014-05-27 20:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\LavasoftStatistics
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\BitDefender
2014-05-27 20:20 - 2014-05-27 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-27 20:19 - 2014-05-27 20:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-27 20:18 - 2014-05-27 20:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 20:17 - 2014-05-27 20:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 20:15 - 2011-02-01 10:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-27 20:12 - 2014-05-27 20:12 - 00000360 _____ () C:\Users\Mike\Desktop\Mahjong.lnk
2014-05-27 19:57 - 2014-05-27 14:51 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-05-27 19:56 - 2014-05-27 19:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-27 19:55 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-27 12:59 - 2014-05-27 12:19 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-05-27 12:57 - 2014-05-27 12:56 - 00005809 _____ () C:\Users\Mike\Documents\AdwCleaner[s1].txt
2014-05-27 12:55 - 2014-05-27 12:55 - 00005634 _____ () C:\Users\Mike\Documents\AdwCleaner[R1].txt
2014-05-27 12:19 - 2014-05-27 12:19 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-05-27 12:18 - 2011-02-01 08:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-27 12:17 - 2011-02-01 08:15 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant
2014-05-27 12:17 - 2011-02-01 08:01 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate
2014-05-27 12:08 - 2014-05-27 12:08 - 00000000 ____D () C:\Windows\ERUNT
2014-05-27 12:06 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-27 12:04 - 2014-04-19 15:24 - 00001051 _____ () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-23 05:57 - 2014-05-23 05:57 - 00000000 ____D () C:\Users\Mike\Documents\ProcAlyzer Dumps
2014-05-23 03:10 - 2011-02-07 14:23 - 00000000 ____D () C:\Users\Mike\AppData\Local\Microsoft Games
2014-05-23 02:51 - 2014-05-23 02:51 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-05-23 02:51 - 2014-05-23 02:51 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-05-23 02:49 - 2014-05-23 02:49 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Mike\Desktop\spybot-2.3.exe
2014-05-23 01:34 - 2010-12-10 15:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-21 11:12 - 2014-05-21 11:12 - 00000314 _____ () C:\Windows\Tasks\0214dUpdateInfo.job
2014-05-21 11:12 - 2014-05-21 11:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0214d
2014-05-21 11:05 - 2014-05-21 11:05 - 00000000 ____D () C:\Users\Mike\Desktop\F6D4050v1-WIN7_x64
2014-05-21 11:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-21 08:11 - 2014-05-21 08:11 - 00041592 _____ () C:\Users\Mike\Documents\cc_20140521_081149.reg
2014-05-17 08:03 - 2008-08-18 14:14 - 00000000 ____D () C:\Users\Mike\Desktop\LINDA
2014-05-17 05:27 - 2008-10-18 08:58 - 00000000 ____D () C:\Users\Mike\Desktop\Mike's
2014-05-16 16:46 - 2014-05-16 16:46 - 00001144 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00001132 _____ () C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
2014-05-16 16:46 - 2014-05-16 16:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-05-16 16:45 - 2013-07-12 14:11 - 00000000 ____D () C:\Users\Mike\AppData\Local\Adobe
2014-05-16 16:45 - 2013-05-29 14:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 16:45 - 2013-05-29 14:17 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 16:45 - 2013-05-29 14:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 16:26 - 2011-02-01 10:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-16 16:23 - 2014-05-16 16:23 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2014-05-16 16:17 - 2014-05-16 16:17 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2014-05-16 16:15 - 2014-05-16 16:14 - 00129292 _____ () C:\Users\Mike\Documents\cc_20140516_161453.reg
2014-05-16 16:13 - 2012-04-23 08:27 - 00000000 ____D () C:\Users\Mike\Tracing
2014-05-16 16:12 - 2011-02-01 10:25 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-05-16 16:07 - 2013-07-12 14:46 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-16 16:07 - 2013-07-12 14:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-16 15:55 - 2012-07-13 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 15:27 - 2011-01-31 07:22 - 00000000 ____D () C:\Users\Mike\AppData\Local\Mozilla
2014-05-16 15:26 - 2014-05-16 15:26 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-16 15:26 - 2014-05-16 15:26 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-16 15:26 - 2013-02-07 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 15:15 - 2011-09-29 14:42 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-05-16 15:12 - 2011-01-31 03:16 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 15:11 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 03:32 - 2011-01-31 03:16 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:28 - 2014-05-08 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:12 - 2011-01-31 05:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:08 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:04 - 2011-02-01 10:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieUserList
2014-05-14 14:22 - 2014-05-14 14:22 - 00000000 __SHD () C:\Users\Mike\AppData\Local\EmieSiteList
2014-05-12 09:55 - 2008-08-18 15:48 - 05998592 ____R () C:\Users\Public\Documents\ESBK.mb
2014-05-12 07:26 - 2014-05-28 09:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 09:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 01:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 17:43 - 2008-08-18 15:48 - 12337152 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-05-11 13:51 - 2011-02-01 13:13 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FUJIFILM
2014-05-11 11:01 - 2014-05-11 10:49 - 00000000 ____D () C:\Users\Mike\Desktop\photos
2014-05-09 03:21 - 2014-05-09 03:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b575ded0c9b.job
2014-05-09 02:14 - 2014-05-14 08:35 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-14 08:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 03:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 20:50 - 2013-05-29 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 00:40 - 2014-05-15 03:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-15 03:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-15 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-15 03:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-15 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-27 21:53

==================== End Of Log ============================

kevinf80 · May 29, 2014

You have not followed the instructions I posted in reply #11

cremter · May 29, 2014

I ran a requested.

When the process moved to killing malicious files, it appeared to move no farther after scanning the HKEY you'll see in the picture. It's now been about 30 minutes and nothing has changed.

It will stay like this until I hear from you....or midnight my time.

cremter · May 29, 2014

I have ran as requested.

I have:

"Go here: http://www.safer-net...to-uninstall-2/ follow the instructions to uninstall Spybot S&D" - It instructs to uninstall through Control Panel, reboot, and remove a certain directory under Program Data.

"Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into." FRST sits on my Desktop. I copied the file to my Desktop, ran FRST, it popped up a log and I copied and pasted it

- Entry #12:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike (administrator) on MIKE-HP on 28-05-2014 20:23:41

I started Chameleon and it started on Button #1. You did post old screeb grabs as my version is 3.0.4. As I'm waiting for the processes to run where I "do nothing"....the software isn't doing anything. It hasn't done anything for the last hour. So if you're implying that I didn't copy and paste the log after Mbam runs a "Quick Scan" (which it won't because I'm running 2.02) you're right. I didn't because the software won't finish a scan to give me the opportunity to clean or produce a log....the exact same thing that originated my thread.

Tell me where I screwed up and I'd be more than happy to go back.

While I do appreciate all your help, do not tell me I didn't follow instructions with no correction. That's rude and unprofessional.

cremter · May 29, 2014

I have ran as requested.

I have:
"Go here: http://www.safer-net...to-uninstall-2/ follow the instructions to uninstall Spybot S&D" - It instructs to uninstall through Control Panel, reboot, and remove a certain directory under Program Data.

"Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into." FRST sits on my Desktop. I copied the file to my Desktop, ran FRST, it popped up a log and I copied and pasted it
- Entry #12:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Mike (administrator) on MIKE-HP on 28-05-2014 20:23:41

I started Chameleon and it started on Button #1. You did post old screeb grabs as my version is 3.0.4. As I'm waiting for the processes to run where I "do nothing"....the software isn't doing anything. It hasn't done anything for the last hour. So if you're implying that I didn't copy and paste the log after Mbam runs a "Quick Scan" (which it won't because I'm running 2.02) you're right. I didn't because the software won't finish a scan to give me the opportunity to clean or produce a log....the exact same thing that originated my thread.

Tell me where I screwed up and I'd be more than happy to go back.

While I do appreciate all your help, do not tell me I didn't follow instructions with no correction. That's rude and unprofessional.

Sorry, that was Chameleon button #2 that started the DOS screens.

cremter · May 29, 2014

I'm rerunning everything.

Ran FRST, pressed FIX and here's the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Mike at 2014-05-28 23:39:14 Run:2
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
C:\Windows\System32\DRIVERS\Trufos.sys
2014-05-27 20:37 - 2014-05-27 20:37 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Lavasoft
2014-05-27 20:32 - 2014-05-27 20:32 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\LavasoftStatistics
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\BitDefender
2014-05-27 20:20 - 2014-05-28 08:51 - 00002333 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-27 20:20 - 2014-05-27 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-27 20:20 - 2013-08-21 14:32 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2014-05-27 20:20 - 2013-07-17 17:09 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2014-05-27 20:19 - 2014-05-27 20:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-27 20:18 - 2014-05-27 20:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-27 20:17 - 2014-05-27 20:17 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 20:11 - 2014-05-27 20:11 - 01727624 _____ () C:\Users\Mike\Desktop\Adaware_Installer.exe
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Value deleted successfully.
LavasoftAdAwareService11 => Service stopped successfully.
LavasoftAdAwareService11 => Service deleted successfully.
BdfNdisf => Service stopped successfully.
BdfNdisf => Service deleted successfully.
bdfwfpf => Service stopped successfully.
bdfwfpf => Service deleted successfully.
gzflt => Unable to stop service
gzflt => Service deleted successfully.
Trufos => Service stopped successfully.
Trufos => Service deleted successfully.
C:\Windows\System32\DRIVERS\Trufos.sys => Moved successfully.
C:\Users\Mike\AppData\Roaming\Lavasoft => Moved successfully.
C:\Users\Mike\AppData\Roaming\LavasoftStatistics => Moved successfully.
C:\ProgramData\BitDefender => Moved successfully.
C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus => Moved successfully.
C:\Windows\system32\bdnc.dll => Moved successfully.
C:\Windows\system32\bdsmtpp.dll => Moved successfully.
C:\Windows\system32\BdFirewallSDK.dll => Moved successfully.
C:\Windows\system32\httproxy.dll => Moved successfully.
C:\Windows\system32\bdfwcore.dll => Moved successfully.
C:\Windows\system32\bdpop3p.dll => Moved successfully.
C:\Windows\system32\OEMbdpredir.dll => Moved successfully.
C:\Windows\system32\bdpredir.dll => Moved successfully.
C:\Program Files\Lavasoft => Moved successfully.
C:\Program Files\Common Files\Lavasoft => Moved successfully.
C:\ProgramData\Lavasoft => Moved successfully.
"C:\Users\Mike\Desktop\Adaware_Installer.exe" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====

I'm running Chameleon again.

It has activated a driver, enabled a driver, started MBAM, updated MBAM without error.

It started Mbam-killer. It's currently stuck at:

213326: HKLM\SOFTWARE\CLASSES\CLSID\<2977C29A-6723-4436-90BB-F7C5FDEF88A1>

Pressing C didn't cancel. Pressing Ctrl+C didn't work, either.

I closed the box.

kevinf80 · May 29, 2014

While I do appreciate all your help, do not tell me I didn't follow instructions with no correction. That's rude and unprofessional.

Your reply in post #12 was not what i`d asked for in post #11. It was well after 1 am local time for me, I had stayed online well after bedtime to try and help so was disappointed when your reply was not what I wanted, hence my reply.

Thanks for your latest update, the clsid key that causes MB to freeze is listed as malicious. Normally either Malwarebytes, AdwCleaner or JRT would deal with and remove such entries. Have a look at the following link:

http://www.systemlookup.com/CLSID/79964-ScriptHost_dll.html

Can you run the following scanner so I can have another look at your system:

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Kevin....

cremter · May 29, 2014

Thank Kevin for all that you do. I think we missed what each other was saying. I know you're putting in long hours for me and I thank you!

When I run OTL the software locks when the status says "Scanning Firefox". I am not running any other software other than what's on the systray. When I press the X, it says it may come around if I wait. I've waited up to 30 minutes and it's never responded. I've done this 3 times.

cremter · May 29, 2014

Unfortunately I have to give the computer back. I would like to know what your thoughts as to cause of the failure. This is the first time I've not been able to recover MBAM in the last 7 years I've used it.

Otherwise, feel free to close this thread.

Thanks for your help.

kevinf80 · May 29, 2014

Ok thanks for the update, I guess when we are running fixes back and forth online it is very easy to misunderstand what we are trying to do. If OTL also freezes maybe better to revert to FRST. Can you run another scan, also select "additional" under the optional scan box. That will produce both logs.

If you want to close out that is ok by me, regarding what is causing system to freeze. Maybe down to the two following entries:

BHO: Speed Test (4354) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test (4354)\ScriptHost64.dll ()
BHO: Free Games (4357) - {2977C29A-6723-4436-90BB-F7C5FDEF88A1} - C:\Program Files (x86)\Free Games (4357)\ScriptHost64.dll ()

From your previous updates about the problem clsid those two lines are a strong possibility, I wanted to look at system with OTL then make a fix. As OTL also has same problem as I suggest above, maybe running FRST is better option...

AdvancedSetup · June 5, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malwarebytes won't finish scan - can't clean what is found

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information