Melinda59

Advertising Center program did not show up in CCleaner list. I will check on Firefox update and take a look at your other suggestions. With any luck you won't see me again Thank you so much for all your help. Melinda

It is odd that it didn't show on the FRST log and odd that the FF extension showed on the scan but not in the browser and I never did find the Advertising Center program that showed on the scan. Should I be concerned about that? Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 40 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox 23.0.1 Firefox out of Date! Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Top Hits Arcade was an extension (with a note about not being downloaded from Google) Disabled and Removed. Have been to several sites and no underscore or pop ups

Spent about 15 minutes on FF with no popups and no double underscores. So looks like just chrome.

Chrome -- Will check FF

Take that back -- just got a popup - powered by Top Arcade Hits

FF Reset CCleaner done Advertising Center does not show up in CCleaner-Tools-Uninstall Still seeing the double underscores with the ads but not seeing any more popups. Going to have to go do some work. Will check back this evening. Thanks Melinda

Strange -- I see Advertising Center on the Farbar scan -- but it does not show up if I go to Control Panel - Add/Remove Programs. Any ideas? Thanks

I rarely use FF. If i just uninstall it and reinstall it will that take care of it?

No clue what Advertising Center is. Would you like me to uninstall it? Went to add-ons manager in FF and do not see that extension. The only ones listed are Freemake Video Converter, Skype Click to Call, SmartPrintButton and Vid Saver and all are already disabled. Is there another place to look for it or another way to remove it? Thanks

I did not click Fix on Fanbar - should I?

Done I have not seen a pop-up in a while , but there do seem to be double underscored words in the text that give me ads that say "Powered by Top Hits Arcade". Not sure if they were there before and I just didn't notice or if they are supposed to be there. Addition.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by Melinda (administrator) on KERRAMEL2-PC on 09-10-2013 13:17:50Running from C:\Users\Melinda\Desktop\FanbarWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11444840 2010-09-21] (Realtek Semiconductor)HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1655544 2010-10-25] (Suyin)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()HKU\Mommy Music\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activexStartup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Melinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cabDPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cabDPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cabHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.defaultFF NewTab: about:blankFF SearchEngineOrder.3: Bing FF Homepage: google.comFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Melinda\AppData\Local\Roblox\Versions\version-759151294bb84441\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Melinda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No FileFF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Melinda\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileFF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Melinda\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileFF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Melinda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Extension: No Name - C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\crossriderapp3491@crossrider.comFF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtensionFF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension Chrome: =======Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTIONCHR Extension: (MouseHunt HornTracker for Chrome) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoakbimfnggbhoplpfcpeifgbigmpepl\2.4.8_0CHR Extension: (YouTube) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Battlefield Heroes) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0CHR Extension: (Freemake Video Converter) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0CHR Extension: (MouseHunt Horn Timer) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkoojecgfgialnfnllpgmdgdoaofpen\1.9.1_0CHR Extension: (Fantapper) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\2.0.7_0CHR Extension: (Gmail) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1CHR Extension: (MouseHuntizer for Chrome) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\poopecipggnjoikoamlhhaehakehihjn\0.9.7_0CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crxCHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crxCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82944 2012-02-17] (Freemake)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-25] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) ==================== Drivers (Whitelisted) ==================== R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST2013-10-09 13:15 - 2013-10-09 13:16 - 00000000 ____D C:\Users\Melinda\Desktop\Fanbar2013-10-09 12:45 - 2013-10-09 12:45 - 00027630 _____ C:\ComboFix.txt2013-10-09 12:14 - 2013-10-09 12:45 - 00000000 ____D C:\Qoobox2013-10-09 12:14 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe2013-10-09 12:14 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe2013-10-09 12:14 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-10-09 12:14 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-10-09 12:14 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-10-09 12:14 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe2013-10-09 12:14 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe2013-10-09 12:14 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe2013-10-09 12:13 - 2013-10-09 12:43 - 00000000 ____D C:\Windows\erdnt2013-10-09 12:07 - 2013-10-09 12:07 - 05131844 ____R (Swearware) C:\Users\Melinda\Desktop\ComboFix.exe2013-10-09 10:12 - 2013-10-09 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-09 10:11 - 2013-10-09 11:06 - 00000000 ____D C:\Users\Melinda\Desktop\mbar2013-10-09 10:10 - 2013-10-09 10:10 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melinda\Downloads\mbar-1.07.0.1005.exe2013-10-09 08:53 - 2013-10-09 08:58 - 00000000 ____D C:\AdwCleaner2013-10-09 08:42 - 2013-10-09 08:43 - 01048960 _____ C:\Users\Melinda\Desktop\AdwCleaner.exe2013-10-08 23:14 - 2013-10-08 23:14 - 00001734 _____ C:\Users\Melinda\Desktop\RKreport[0]_S_10082013_231416.txt2013-10-08 23:01 - 2013-10-08 23:09 - 00000000 ____D C:\Users\Melinda\Desktop\RK_Quarantine2013-10-08 22:59 - 2013-10-08 22:59 - 03980800 _____ C:\Users\Melinda\Downloads\RogueKillerX64.exe2013-10-08 21:47 - 2013-10-08 21:53 - 00027757 _____ C:\Users\Melinda\Desktop\dds.txt2013-10-08 21:47 - 2013-10-08 21:47 - 00014518 _____ C:\Users\Melinda\Desktop\attach.txt2013-10-08 21:40 - 2013-10-08 21:41 - 00688992 ____R (Swearware) C:\Users\Melinda\Downloads\dds.scr2013-10-08 10:25 - 2013-10-08 10:25 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (3).gdoc2013-10-05 18:59 - 2013-10-05 18:59 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (2).gdoc2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS.gdoc2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (1).gdoc2013-10-04 15:55 - 2013-10-04 15:56 - 00000000 ____D C:\Users\Melinda\Documents\memory stick2013-10-04 13:00 - 2013-10-04 13:00 - 35289352 _____ (Dropbox, Inc.) C:\Users\Melinda\Downloads\Dropbox 2.4.1.exe2013-10-04 12:14 - 2013-10-04 12:14 - 00000000 __SHD C:\Windows\ftpcache2013-09-21 14:53 - 2013-09-21 15:12 - 00000000 ____D C:\Program Files (x86)\Free PDF Solutions2013-09-19 08:51 - 2013-01-01 22:05 - 00787968 _____ C:\Users\Melinda\Desktop\COD5 Game Save Editor PS3.exe2013-09-19 08:46 - 2013-09-19 08:47 - 00004888 _____ C:\Users\Melinda\Downloads\Blue Ice CFG.rar2013-09-19 08:45 - 2013-09-19 08:45 - 00012638 _____ C:\Users\Melinda\Downloads\ZombieMods.cfg2013-09-19 08:40 - 2013-09-19 08:40 - 00000000 ____D C:\Users\Melinda\Documents\SAVEGAME2013-09-19 08:33 - 2013-09-19 08:54 - 01469992 _____ C:\Users\Melinda\Downloads\COD5 Game Save Editor PS3.rar2013-09-18 22:04 - 2013-09-18 22:04 - 00223566 _____ C:\Users\Melinda\Downloads\testdown.svg2013-09-18 21:56 - 2013-09-18 21:56 - 00223566 _____ C:\Users\Melinda\Desktop\Cloud 2.svg2013-09-17 23:57 - 2013-09-17 23:57 - 00000000 ____D C:\Users\Melinda\AppData\Local\{D1312C7C-7B58-4859-818A-732CE0E571F6}2013-09-17 23:11 - 2013-09-17 23:11 - 00000000 ____D C:\ProgramData\Oracle2013-09-17 23:10 - 2013-09-17 23:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-09-17 23:10 - 2013-09-17 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-09-17 23:10 - 2013-09-17 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-09-17 23:10 - 2013-09-17 23:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-09-17 23:08 - 2013-09-17 23:08 - 00913832 _____ (Oracle Corporation) C:\Users\Melinda\Downloads\chromeinstall-7u40.exe2013-09-17 22:36 - 2013-09-17 22:36 - 00001076 _____ C:\Users\Melinda\Desktop\Wordaizer.lnk2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Users\Public\Documents\APP2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Program Files (x86)\APP2013-09-17 22:34 - 2013-09-17 22:34 - 08596303 _____ C:\Users\Melinda\Downloads\WordaizerSetUp.zip2013-09-15 16:37 - 2013-09-15 16:37 - 00275232 _____ C:\Windows\Minidump\091513-19094-01.dmp2013-09-12 15:16 - 2013-09-12 15:16 - 00001934 _____ C:\Users\Melinda\Desktop\Skype.lnk2013-09-11 21:24 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-09-11 21:24 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-09-11 21:24 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-09-11 21:24 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-09-11 21:24 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-09-11 21:24 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-09-11 21:24 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-09-11 21:24 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-09-11 21:24 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-09-11 21:24 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-09-11 21:24 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-09-11 21:24 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-09-11 21:24 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-09-11 21:24 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-09-11 21:24 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-11 21:24 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-11 21:24 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-11 21:24 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-11 21:24 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-11 21:24 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-11 21:24 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-11 21:24 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-09-11 21:24 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-11 21:24 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-09-11 21:24 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-09-11 15:30 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys2013-09-11 15:30 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2013-09-11 15:30 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll2013-09-11 15:30 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-09-11 15:30 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-09-11 15:29 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-09-11 15:29 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-09-11 15:29 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-09-11 15:29 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2013-09-11 15:29 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-09-11 15:29 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2013-09-11 15:29 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2013-09-11 15:29 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2013-09-11 15:29 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2013-09-11 15:29 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-09-11 15:29 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-09-11 15:29 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-09-11 15:29 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-09-11 15:29 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-09-11 15:29 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2013-09-11 15:29 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2013-09-11 15:29 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-09-11 15:29 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-09-11 15:29 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-09-11 15:29 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-09-11 15:29 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-09-11 15:29 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-09-10 17:40 - 2013-09-10 17:40 - 00262144 _____ C:\Windows\Minidump\091013-21949-01.dmp ==================== One Month Modified Files and Folders ======= 2013-10-09 13:19 - 2013-02-09 16:25 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST2013-10-09 13:16 - 2013-10-09 13:15 - 00000000 ____D C:\Users\Melinda\Desktop\Fanbar2013-10-09 12:53 - 2012-07-19 22:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4110347981-1074187552-290032074-1001UA.job2013-10-09 12:46 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-09 12:46 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-09 12:45 - 2013-10-09 12:45 - 00027630 _____ C:\ComboFix.txt2013-10-09 12:45 - 2013-10-09 12:14 - 00000000 ____D C:\Qoobox2013-10-09 12:45 - 2011-08-25 13:35 - 00000000 ____D C:\Users\Kerry2013-10-09 12:45 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default2013-10-09 12:43 - 2013-10-09 12:13 - 00000000 ____D C:\Windows\erdnt2013-10-09 12:42 - 2011-03-10 02:39 - 01358282 _____ C:\Windows\WindowsUpdate.log2013-10-09 12:37 - 2011-04-27 16:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-09 12:37 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini2013-10-09 12:36 - 2011-03-25 18:13 - 01285862 _____ C:\Windows\PFRO.log2013-10-09 12:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-09 12:36 - 2009-07-14 00:51 - 00136783 _____ C:\Windows\setupact.log2013-10-09 12:35 - 2009-07-13 22:34 - 81788928 _____ C:\Windows\system32\config\software.bak2013-10-09 12:35 - 2009-07-13 22:34 - 22544384 _____ C:\Windows\system32\config\system.bak2013-10-09 12:35 - 2009-07-13 22:34 - 01048576 _____ C:\Windows\system32\config\default.bak2013-10-09 12:35 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\security.bak2013-10-09 12:35 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.bak2013-10-09 12:30 - 2011-04-27 16:28 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-09 12:29 - 2011-03-25 17:42 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-10-09 12:07 - 2013-10-09 12:07 - 05131844 ____R (Swearware) C:\Users\Melinda\Desktop\ComboFix.exe2013-10-09 12:05 - 2013-07-10 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2013-10-09 12:05 - 2011-10-29 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-09 11:06 - 2013-10-09 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-09 11:06 - 2013-10-09 10:11 - 00000000 ____D C:\Users\Melinda\Desktop\mbar2013-10-09 10:52 - 2012-07-19 22:25 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4110347981-1074187552-290032074-1001Core.job2013-10-09 10:10 - 2013-10-09 10:10 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melinda\Downloads\mbar-1.07.0.1005.exe2013-10-09 09:02 - 2011-11-10 18:40 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Dropbox2013-10-09 09:01 - 2011-11-11 08:37 - 00000000 ___RD C:\Users\Melinda\Dropbox2013-10-09 08:58 - 2013-10-09 08:53 - 00000000 ____D C:\AdwCleaner2013-10-09 08:43 - 2013-10-09 08:42 - 01048960 _____ C:\Users\Melinda\Desktop\AdwCleaner.exe2013-10-09 08:22 - 2011-03-27 19:55 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Skype2013-10-08 23:14 - 2013-10-08 23:14 - 00001734 _____ C:\Users\Melinda\Desktop\RKreport[0]_S_10082013_231416.txt2013-10-08 23:09 - 2013-10-08 23:01 - 00000000 ____D C:\Users\Melinda\Desktop\RK_Quarantine2013-10-08 22:59 - 2013-10-08 22:59 - 03980800 _____ C:\Users\Melinda\Downloads\RogueKillerX64.exe2013-10-08 21:53 - 2013-10-08 21:47 - 00027757 _____ C:\Users\Melinda\Desktop\dds.txt2013-10-08 21:47 - 2013-10-08 21:47 - 00014518 _____ C:\Users\Melinda\Desktop\attach.txt2013-10-08 21:41 - 2013-10-08 21:40 - 00688992 ____R (Swearware) C:\Users\Melinda\Downloads\dds.scr2013-10-08 18:00 - 2013-03-11 07:51 - 00000470 _____ C:\Windows\Tasks\ParetoLogic Registration.job2013-10-08 10:25 - 2013-10-08 10:25 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (3).gdoc2013-10-07 21:32 - 2011-12-09 07:45 - 00004595 _____ C:\Windows\wininit.ini2013-10-06 20:54 - 2009-07-14 01:13 - 00780196 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-05 18:59 - 2013-10-05 18:59 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (2).gdoc2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS.gdoc2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (1).gdoc2013-10-04 17:34 - 2013-08-14 11:10 - 00000000 ___RD C:\Users\Melinda\Google Drive2013-10-04 15:56 - 2013-10-04 15:55 - 00000000 ____D C:\Users\Melinda\Documents\memory stick2013-10-04 13:14 - 2011-11-10 18:41 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2013-10-04 13:00 - 2013-10-04 13:00 - 35289352 _____ (Dropbox, Inc.) C:\Users\Melinda\Downloads\Dropbox 2.4.1.exe2013-10-04 12:14 - 2013-10-04 12:14 - 00000000 __SHD C:\Windows\ftpcache2013-09-29 18:29 - 2011-03-27 19:55 - 00000000 ___RD C:\Program Files (x86)\Skype2013-09-29 18:29 - 2011-03-27 19:55 - 00000000 ____D C:\ProgramData\Skype2013-09-21 15:12 - 2013-09-21 14:53 - 00000000 ____D C:\Program Files (x86)\Free PDF Solutions2013-09-21 15:12 - 2012-07-10 17:15 - 00000000 ____D C:\Users\Melinda\Desktop\C21 A1 Forms2013-09-19 08:54 - 2013-09-19 08:33 - 01469992 _____ C:\Users\Melinda\Downloads\COD5 Game Save Editor PS3.rar2013-09-19 08:51 - 2011-03-28 20:50 - 00000000 ____D C:\Users\Melinda\AppData\Local\CrashDumps2013-09-19 08:47 - 2013-09-19 08:46 - 00004888 _____ C:\Users\Melinda\Downloads\Blue Ice CFG.rar2013-09-19 08:45 - 2013-09-19 08:45 - 00012638 _____ C:\Users\Melinda\Downloads\ZombieMods.cfg2013-09-19 08:40 - 2013-09-19 08:40 - 00000000 ____D C:\Users\Melinda\Documents\SAVEGAME2013-09-18 22:04 - 2013-09-18 22:04 - 00223566 _____ C:\Users\Melinda\Downloads\testdown.svg2013-09-18 21:56 - 2013-09-18 21:56 - 00223566 _____ C:\Users\Melinda\Desktop\Cloud 2.svg2013-09-17 23:57 - 2013-09-17 23:57 - 00000000 ____D C:\Users\Melinda\AppData\Local\{D1312C7C-7B58-4859-818A-732CE0E571F6}2013-09-17 23:11 - 2013-09-17 23:11 - 00000000 ____D C:\ProgramData\Oracle2013-09-17 23:09 - 2013-09-17 23:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-09-17 23:09 - 2013-09-17 23:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-09-17 23:09 - 2013-09-17 23:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-09-17 23:09 - 2013-09-17 23:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-09-17 23:09 - 2012-05-07 08:53 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll2013-09-17 23:09 - 2011-03-27 10:44 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-09-17 23:09 - 2011-03-27 10:44 - 00000000 ____D C:\Program Files (x86)\Java2013-09-17 23:08 - 2013-09-17 23:08 - 00913832 _____ (Oracle Corporation) C:\Users\Melinda\Downloads\chromeinstall-7u40.exe2013-09-17 22:36 - 2013-09-17 22:36 - 00001076 _____ C:\Users\Melinda\Desktop\Wordaizer.lnk2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Users\Public\Documents\APP2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Program Files (x86)\APP2013-09-17 22:34 - 2013-09-17 22:34 - 08596303 _____ C:\Users\Melinda\Downloads\WordaizerSetUp.zip2013-09-17 21:18 - 2013-02-17 19:50 - 00000061 _____ C:\Windows\TaxACT12.ini2013-09-15 16:37 - 2013-09-15 16:37 - 00275232 _____ C:\Windows\Minidump\091513-19094-01.dmp2013-09-15 16:37 - 2011-05-20 06:07 - 586157449 _____ C:\Windows\MEMORY.DMP2013-09-15 16:37 - 2011-05-20 06:07 - 00000000 ____D C:\Windows\Minidump2013-09-15 07:04 - 2012-07-26 17:49 - 00000000 ____D C:\Program Files (x86)\Steam2013-09-14 22:15 - 2011-09-29 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-13 22:44 - 2011-08-27 17:08 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\.minecraft2013-09-12 16:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2013-09-12 15:16 - 2013-09-12 15:16 - 00001934 _____ C:\Users\Melinda\Desktop\Skype.lnk2013-09-12 08:35 - 2011-03-25 17:42 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-09-12 08:34 - 2009-07-14 00:45 - 00396584 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-11 21:23 - 2013-08-14 19:33 - 00000000 ____D C:\Windows\system32\MRT2013-09-11 21:23 - 2011-04-02 14:06 - 00796892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-09-11 21:23 - 2011-04-02 14:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client2013-09-11 21:17 - 2013-05-18 22:49 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-10 18:06 - 2011-03-25 17:40 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-09-10 17:40 - 2013-09-10 17:40 - 00262144 _____ C:\Windows\Minidump\091013-21949-01.dmp Files to move or delete:====================C:\Users\Melinda\jagex_cl_runescape_LIVE.datC:\Users\Melinda\jagex_runescape_preferences.datC:\Users\Melinda\jagex_runescape_preferences2.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 20:55 ==================== End Of Log ============================

Had not checked other browsers --- seems Chrome and Firefox are affected - not IE Ran Combo Fix Log attached Turned back on all my AV stuff. Thanks ComboFix.txt

Uninstalled Java 6 Cleared Java cache Downloaded and Ran MBAR - Nothing found - No mbarlog, but systemlog attached I can access internet (since here I am ) Windows Firewall is on Windows Update is set to automatically install but . . . . unfortunately the pop-ups are still with me. system-log.txt