ssjeni2

I ran it again because I couldn't find the log from the last time. ComboFix 14-05-19.01 - Momma 05/22/2014 9:44.4.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3983.2507 [GMT -5:00] Running from: c:\users\Momma\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-04-22 to 2014-05-22 ))))))))))))))))))))))))))))))) . . 2014-05-22 14:48 . 2014-05-22 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-22 14:38 . 2014-05-22 14:38 -------- d-----w- c:\users\Momma\AppData\Roaming\AVAST Software 2014-05-22 14:37 . 2014-05-22 14:38 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-05-22 14:37 . 2014-05-22 14:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-22 14:37 . 2014-05-22 14:38 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-05-22 14:37 . 2014-05-22 14:38 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-05-22 14:37 . 2014-05-22 14:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-22 14:37 . 2014-05-22 14:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-22 14:37 . 2014-05-22 14:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-05-22 14:37 . 2014-05-22 14:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-22 14:37 . 2014-05-22 14:37 334648 ----a-w- c:\windows\system32\aswBoot.exe 2014-05-22 14:37 . 2014-05-22 14:37 43152 ----a-w- c:\windows\avastSS.scr 2014-05-22 14:37 . 2014-05-22 14:37 -------- d-----w- c:\program files\AVAST Software 2014-05-22 14:36 . 2014-05-22 14:36 -------- d-----w- c:\programdata\AVAST Software 2014-05-19 16:06 . 2014-05-19 16:07 -------- d-----w- c:\windows\system32\MRT 2014-05-17 15:48 . 2014-05-17 15:48 -------- d-----w- C:\zoek_backup 2014-05-15 08:02 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll 2014-05-15 08:02 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-05-15 08:02 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-05-15 08:02 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-05-07 08:18 . 2014-05-15 08:19 -------- d-s---w- c:\windows\system32\CompatTel 2014-05-05 18:55 . 2014-05-05 18:55 -------- d-----w- c:\users\Momma\AppData\Local\WinZip 2014-04-28 16:25 . 2014-04-28 16:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-28 16:25 . 2014-04-28 16:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-28 16:22 . 2014-04-28 16:22 -------- d-----w- c:\programdata\Licenses 2014-04-28 16:22 . 2014-05-16 03:19 -------- d-----w- c:\program files (x86)\SpywareBlaster 2014-04-28 16:16 . 2014-04-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2014-04-28 16:13 . 2014-04-28 16:13 313256 ----a-w- c:\windows\system32\javaws.exe 2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\javaw.exe 2014-04-28 16:13 . 2014-04-28 16:13 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\java.exe 2014-04-28 16:13 . 2014-04-28 16:13 -------- d-----w- c:\program files\Java 2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\users\Momma\AppData\Roaming\Oracle 2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\windows\Sun 2014-04-24 21:58 . 2014-04-24 21:58 -------- d-----w- c:\windows\ERUNT 2014-04-24 21:55 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-04-24 13:31 . 2014-04-28 16:01 -------- d-----w- c:\windows\system32\appmgmt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-22 14:35 . 2014-04-01 02:27 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-03 15:47 . 2014-04-01 02:27 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-03 15:47 . 2014-04-01 02:27 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-03 15:47 . 2014-04-01 02:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-04 09:44 . 2014-04-09 12:01 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-03-04 09:44 . 2014-04-09 12:01 243712 ----a-w- c:\windows\system32\wow64.dll 2014-03-04 09:44 . 2014-04-09 12:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-03-04 09:44 . 2014-04-09 12:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-03-04 09:44 . 2014-04-09 12:01 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-03-04 09:17 . 2014-04-09 12:01 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-03-04 09:17 . 2014-04-09 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2014-03-04 09:16 . 2014-04-09 12:01 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-03-04 09:16 . 2014-04-09 12:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-03-04 08:09 . 2014-04-09 12:01 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-03-04 08:09 . 2014-04-09 12:01 2048 ----a-w- c:\windows\SysWow64\user.exe 2014-02-25 09:14 . 2014-02-25 09:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-02-25 09:14 . 2014-02-25 09:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-02-25 09:14 . 2014-02-25 09:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-02-25 09:14 . 2014-02-25 09:14 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-02-25 09:14 . 2014-02-25 09:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-02-25 09:14 . 2014-02-25 09:14 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-02-25 09:14 . 2014-02-25 09:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-02-25 09:14 . 2014-02-25 09:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-02-25 09:14 . 2014-02-25 09:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-02-25 09:14 . 2014-02-25 09:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-02-25 09:14 . 2014-02-25 09:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-02-25 09:14 . 2014-02-25 09:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-02-25 09:14 . 2014-02-25 09:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-02-25 09:14 . 2014-02-25 09:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-02-25 09:14 . 2014-02-25 09:14 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-02-25 09:14 . 2014-02-25 09:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-02-25 09:14 . 2014-02-25 09:14 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-02-25 09:14 . 2014-02-25 09:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-02-25 09:14 . 2014-02-25 09:14 247808 ----a-w- c:\windows\system32\msls31.dll 2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-02-25 09:14 . 2014-02-25 09:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-02-25 09:14 . 2014-02-25 09:14 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-02-25 09:14 . 2014-02-25 09:14 81408 ----a-w- c:\windows\system32\icardie.dll 2014-02-25 09:14 . 2014-02-25 09:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-02-25 09:14 . 2014-02-25 09:14 413696 ----a-w- c:\windows\system32\html.iec 2014-02-25 09:14 . 2014-02-25 09:14 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-02-25 09:14 . 2014-02-25 09:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-02-25 09:14 . 2014-02-25 09:14 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-02-25 09:14 . 2014-02-25 09:14 235520 ----a-w- c:\windows\system32\url.dll 2014-02-25 09:14 . 2014-02-25 09:14 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-02-25 09:14 . 2014-02-25 09:14 143872 ----a-w- c:\windows\system32\wextract.exe 2014-02-25 09:14 . 2014-02-25 09:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-02-25 09:14 . 2014-02-25 09:14 101376 ----a-w- c:\windows\system32\inseng.dll 2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-02-25 09:14 . 2014-02-25 09:14 147968 ----a-w- c:\windows\system32\occache.dll 2014-02-25 09:14 . 2014-02-25 09:14 13824 ----a-w- c:\windows\system32\mshta.exe 2014-02-25 09:14 . 2014-02-25 09:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-02-25 09:14 . 2014-02-25 09:14 774144 ----a-w- c:\windows\system32\jscript.dll 2014-02-25 09:14 . 2014-02-25 09:14 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-02-25 09:14 . 2014-02-25 09:14 135680 ----a-w- c:\windows\system32\iepeers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google+ Auto Backup"="c:\users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-10-16 684064] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-22 3873704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 RalinkCountryRegion;RalinkCountryRegion;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe [x] S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWHWID *NewlyCreated* - ASWMONFLT *NewlyCreated* - ASWRDR *NewlyCreated* - ASWSNX *NewlyCreated* - ASWSTM *NewlyCreated* - ASWVMM *NewlyCreated* - GSLHPYVO *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMWebAccessControl . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-21 20:28 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10] . 2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10] . 2014-05-20 c:\windows\Tasks\HPCeeScheduleForMomma.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-05-22 14:37 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-05-22 09:49:27 ComboFix-quarantined-files.txt 2014-05-22 14:49 ComboFix2.txt 2014-05-19 00:31 ComboFix3.txt 2014-05-05 18:23 ComboFix4.txt 2014-04-24 14:08 . Pre-Run: 920,716,259,328 bytes free Post-Run: 920,671,006,720 bytes free . - - End Of File - - 657076D2809CA68B3A66D9DA745553FC A36C5E4F47E84449FF07ED3517B43A31

I did run combo fix. Chrome is up to date Google is my default search engine. There are no suspicious ones. no unfamiliar pages, or any pages for that matter, under start up did the home button thing. What is wrong with this stupid computer? I'm about to let the junkyard magnet take it!!!!

lightspark and player-chrome exe still popping up in new tabs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/19/2014 Scan Time: 11:19:50 AM Logfile: Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.19.08 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Momma Scan Type: Threat Scan Result: Completed Objects Scanned: 261183 Time Elapsed: 6 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.OptimumInstaller.A, C:\Users\Momma\Downloads\Player-Chrome (1).exe, , [76cee172d4a7d363b1ce8ebf53ae768a], PUP.Optional.OptimumInstaller.A, C:\Users\Momma\Downloads\Player-Chrome (2).exe, , [083ce66df7840630f58ac6877c852fd1], Physical Sectors: 0 (No malicious items detected) (end)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Momma at 2014-05-17 11:18:42 Running from C:\Users\Momma\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{BE52A08B-D385-4E65-BDCB-3FCD9BB1DF63}) (Version: 20.14.2217.13144 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.14.2217.13144 - Alcor Micro Corp.) Hidden Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.12 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.) Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. ) Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 03-05-2014 08:00:39 Windows Update 05-05-2014 17:55:23 ComboFix created restore point 07-05-2014 08:00:52 Windows Update 14-05-2014 13:30:47 Scheduled Checkpoint 15-05-2014 08:00:42 Windows Update 17-05-2014 15:49:15 zoek.exe restore point ==================== Hosts content: ========================== 2009-07-13 21:34 - 2014-05-05 12:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {05C0DFB8-55EE-4589-B1D3-D4674C23836F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.) Task: {092977C2-C9A3-426A-B033-E0AA528D2826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {0A40C6E2-1481-4961-8176-17DBA822CFAD} - System32\Tasks\HPCeeScheduleForMomma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {33070F93-3619-4DA9-95F7-B2E62C9526B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.) Task: {8C3229E6-0C9E-4F0C-9CF2-66EB2B32EA15} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink) Task: {A07FEC64-4175-4B79-A1A4-E4D52CF0AC1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {F2044FD2-4DA3-4BF3-978A-6DBE6F139FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForMomma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-04 21:46 - 2012-04-04 21:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-12-13 22:32 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe 2014-02-21 16:59 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-01-06 11:52 - 2014-01-06 11:52 - 03244032 _____ () C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll 2014-05-07 12:34 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basic Wireless USB Adapter Description: Basic Wireless USB Adapter Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5086 System errors: ============= Error: (05/15/2014 10:34:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/15/2014 07:12:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/15/2014 03:21:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/11/2014 10:36:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/09/2014 07:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/08/2014 08:15:27 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (05/08/2014 06:55:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 00:01:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 00:01:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 03:19:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Microsoft Office Sessions: ========================= Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5086 CodeIntegrity Errors: =================================== Date: 2014-05-05 12:59:06.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:06.051 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:06.022 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:05.993 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-24 09:05:33.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-24 09:05:33.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 63% Total physical RAM: 3983.34 MB Available physical RAM: 1438.91 MB Total Pagefile: 7964.86 MB Available Pagefile: 4554.84 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.62 GB) (Free:858.49 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 96059575) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=100 MB) - (Type=27) ==================== End Of Log ============================ Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014 Ran by Momma at 2014-05-18 19:15:03 Run:4 Running from C:\Users\Momma\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Extension: Random Agent Spoofer - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-02-24] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ***************** HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found. "FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found. HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found. FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found. C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi => Moved successfully. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. ==== End of Fixlog ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Momma on Mon 05/19/2014 at 11:07:12.94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Momma\AppData\Roaming\mozilla\firefox\profiles\gfqhdg5g.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 05/19/2014 at 11:10:44.29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Momma at 2014-05-17 11:18:42 Running from C:\Users\Momma\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{BE52A08B-D385-4E65-BDCB-3FCD9BB1DF63}) (Version: 20.14.2217.13144 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.14.2217.13144 - Alcor Micro Corp.) Hidden Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.12 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.) Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. ) Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 03-05-2014 08:00:39 Windows Update 05-05-2014 17:55:23 ComboFix created restore point 07-05-2014 08:00:52 Windows Update 14-05-2014 13:30:47 Scheduled Checkpoint 15-05-2014 08:00:42 Windows Update 17-05-2014 15:49:15 zoek.exe restore point ==================== Hosts content: ========================== 2009-07-13 21:34 - 2014-05-05 12:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {05C0DFB8-55EE-4589-B1D3-D4674C23836F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.) Task: {092977C2-C9A3-426A-B033-E0AA528D2826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {0A40C6E2-1481-4961-8176-17DBA822CFAD} - System32\Tasks\HPCeeScheduleForMomma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {33070F93-3619-4DA9-95F7-B2E62C9526B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.) Task: {8C3229E6-0C9E-4F0C-9CF2-66EB2B32EA15} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink) Task: {A07FEC64-4175-4B79-A1A4-E4D52CF0AC1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company) Task: {F2044FD2-4DA3-4BF3-978A-6DBE6F139FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForMomma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-04 21:46 - 2012-04-04 21:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-12-13 22:32 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe 2014-02-21 16:59 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll 2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll 2014-01-06 11:52 - 2014-01-06 11:52 - 03244032 _____ () C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll 2014-05-07 12:34 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll 2014-05-15 08:09 - 2014-05-07 18:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basic Wireless USB Adapter Description: Basic Wireless USB Adapter Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5086 System errors: ============= Error: (05/15/2014 10:34:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/15/2014 07:12:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/15/2014 03:21:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/11/2014 10:36:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/09/2014 07:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (05/08/2014 08:15:27 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (05/08/2014 06:55:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 00:01:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 00:01:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (05/07/2014 03:19:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Microsoft Office Sessions: ========================= Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8097 Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7083 Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6084 Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5086 CodeIntegrity Errors: =================================== Date: 2014-05-05 12:59:06.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:06.051 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:06.022 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-05 12:59:05.993 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-24 09:05:33.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-24 09:05:33.265 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 63% Total physical RAM: 3983.34 MB Available physical RAM: 1438.91 MB Total Pagefile: 7964.86 MB Available Pagefile: 4554.84 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.62 GB) (Free:858.49 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 96059575) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=100 MB) - (Type=27) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Momma (administrator) on PANDAMONIUM on 17-05-2014 11:18:08 Running from C:\Users\Momma\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Google Inc.) C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-15] (PDF Complete Inc) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3598458912-3011877256-316199506-1000\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) HKU\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) HKU\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Check4Change - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\check4change-owner@mozdev.org.xpi [2014-02-24] FF Extension: Random Agent Spoofer - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-02-24] FF Extension: TinyURL Generator - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-02-24] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21] CHR Extension: (Google Drive) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21] CHR Extension: (YouTube) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21] CHR Extension: (Google Search) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21] CHR Extension: (Google Wallet) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21] CHR Extension: (Gmail) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc) R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-17 11:06 - 2014-05-17 11:06 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (2).exe 2014-05-17 10:58 - 2014-05-17 10:58 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (1).exe 2014-05-17 10:49 - 2014-05-17 10:49 - 00000829 _____ () C:\zoek-results.log 2014-05-17 10:48 - 2014-05-17 10:48 - 00000000 ____D () C:\zoek_backup 2014-05-17 10:47 - 2014-05-17 10:47 - 01285120 _____ () C:\Users\Momma\Downloads\zoek.exe 2014-05-16 17:09 - 2014-05-16 17:09 - 00220456 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome.exe 2014-05-15 03:02 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-15 03:02 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-15 03:02 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-15 03:02 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-15 03:02 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-15 03:02 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 08:34 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 08:34 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 08:34 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 08:34 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 08:34 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 08:34 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 08:34 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 08:34 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 08:34 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 08:34 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 08:34 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 08:34 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 08:34 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 08:34 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 08:34 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 08:34 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 08:34 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 08:34 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 08:34 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 08:34 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 08:34 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 08:34 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 08:34 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-11 10:44 - 2014-05-11 10:43 - 00405910 _____ () C:\Users\Momma\Downloads\jewel0510.jpeg 2014-05-10 13:11 - 2014-05-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-07 03:18 - 2014-05-15 03:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-06 15:19 - 2014-05-06 10:28 - 00843566 _____ () C:\Users\Momma\Downloads\pepes recap.tiff 2014-05-05 13:55 - 2014-05-05 13:55 - 09005415 _____ () C:\Users\Momma\Downloads\2014-05-01.zip 2014-05-05 13:55 - 2014-05-05 13:55 - 00000000 ____D () C:\Users\Momma\AppData\Local\WinZip 2014-05-05 13:23 - 2014-05-05 13:23 - 00016220 _____ () C:\ComboFix.txt 2014-05-05 12:57 - 2014-05-05 12:58 - 00000000 ____D () C:\Users\Momma\Downloads\Demo and Promo paperwork 2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC.exe 2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC (1).exe 2014-05-01 07:45 - 2014-05-01 07:45 - 00028160 _____ () C:\Users\Momma\Downloads\WARRANTY REQUEST FORM.XLS 2014-04-29 21:38 - 2014-05-17 11:18 - 00013144 _____ () C:\Users\Momma\Downloads\FRST.txt 2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt 2014-04-29 21:34 - 2014-04-29 21:38 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine 2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 11:22 - 2014-05-15 22:19 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe 2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses 2014-04-28 11:17 - 2014-05-15 03:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe 2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-28 11:15 - 2014-04-28 11:16 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java 2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe 2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun 2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle 2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip 2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe 2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe 2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT 2014-04-24 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe 2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe 2014-04-24 10:39 - 2014-04-24 10:40 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe 2014-04-24 09:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-24 09:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-24 09:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-24 09:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-24 09:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-24 09:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-24 09:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-24 09:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-24 08:35 - 2014-05-05 13:23 - 00000000 ____D () C:\Qoobox 2014-04-24 08:35 - 2014-04-24 09:08 - 00000000 ____D () C:\Windows\erdnt 2014-04-24 08:34 - 2014-05-05 12:54 - 05199940 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe 2014-04-24 08:31 - 2014-04-28 11:01 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-23 03:01 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-23 03:01 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-23 03:01 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-23 03:01 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-23 03:01 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-23 03:01 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-23 03:01 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-23 03:01 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-23 03:01 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-23 03:01 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-23 03:01 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-23 03:01 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-23 03:01 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-23 03:01 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-23 03:01 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-23 03:01 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-23 03:01 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-23 03:01 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-23 03:01 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-23 03:01 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-23 03:01 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-23 03:01 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-23 03:01 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-23 03:01 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-23 03:01 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-23 03:01 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-23 03:01 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-23 03:01 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-23 03:01 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-23 03:01 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-23 03:01 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-23 03:01 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-23 03:01 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-23 03:01 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-23 03:01 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-23 03:01 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-23 03:01 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-23 03:01 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-23 03:01 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-23 03:01 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-23 03:01 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-23 03:01 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-23 03:01 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-23 03:01 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-17 15:21 - 2014-05-17 11:18 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion ==================== One Month Modified Files and Folders ======= 2014-05-17 11:18 - 2014-04-29 21:38 - 00013144 _____ () C:\Users\Momma\Downloads\FRST.txt 2014-05-17 11:18 - 2014-04-17 15:21 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion 2014-05-17 11:18 - 2014-04-16 07:16 - 00000000 ____D () C:\FRST 2014-05-17 11:18 - 2014-04-16 07:15 - 02067456 _____ (Farbar) C:\Users\Momma\Downloads\FRST64.exe 2014-05-17 11:07 - 2014-02-21 11:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-17 11:06 - 2014-05-17 11:06 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (2).exe 2014-05-17 10:58 - 2014-05-17 10:58 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (1).exe 2014-05-17 10:49 - 2014-05-17 10:49 - 00000829 _____ () C:\zoek-results.log 2014-05-17 10:48 - 2014-05-17 10:48 - 00000000 ____D () C:\zoek_backup 2014-05-17 10:47 - 2014-05-17 10:47 - 01285120 _____ () C:\Users\Momma\Downloads\zoek.exe 2014-05-17 10:26 - 2014-02-21 11:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5921F90-8BCB-4952-A404-05C8490B2F2E} 2014-05-17 10:24 - 2014-02-23 09:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-05-17 10:23 - 2014-02-23 09:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-17 10:23 - 2014-02-21 10:59 - 01503631 _____ () C:\Windows\WindowsUpdate.log 2014-05-17 10:23 - 2013-12-13 22:37 - 00000000 ____D () C:\ProgramData\PDFC 2014-05-16 20:50 - 2014-03-31 21:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 18:28 - 2009-07-13 23:51 - 00035592 _____ () C:\Windows\setupact.log 2014-05-16 17:09 - 2014-05-16 17:09 - 00220456 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome.exe 2014-05-16 16:14 - 2014-02-21 11:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-16 09:11 - 2014-02-21 11:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMomma 2014-05-16 09:11 - 2014-02-21 11:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForMomma.job 2014-05-15 22:41 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 22:41 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 22:34 - 2010-11-20 22:47 - 00943668 _____ () C:\Windows\PFRO.log 2014-05-15 22:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 22:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI 2014-05-15 22:19 - 2014-04-28 11:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-05-15 14:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-05-15 08:10 - 2014-02-21 11:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-05-15 07:12 - 2014-02-21 11:04 - 00000000 ___RD () C:\Users\Momma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 07:12 - 2014-02-21 11:04 - 00000000 ___RD () C:\Users\Momma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 03:20 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-15 03:19 - 2014-05-07 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-12 10:59 - 2014-02-21 16:57 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-05-12 10:59 - 2014-02-21 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-05-12 10:59 - 2014-02-21 16:57 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-05-12 10:59 - 2013-12-13 22:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-05-12 09:10 - 2014-02-21 11:00 - 00000000 ____D () C:\Users\Momma 2014-05-11 10:43 - 2014-05-11 10:44 - 00405910 _____ () C:\Users\Momma\Downloads\jewel0510.jpeg 2014-05-10 13:11 - 2014-05-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 13:02 - 2014-02-21 11:10 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-09 13:02 - 2014-02-21 11:10 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 01:14 - 2014-05-14 08:34 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 01:11 - 2014-05-14 08:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 10:28 - 2014-05-06 15:19 - 00843566 _____ () C:\Users\Momma\Downloads\pepes recap.tiff 2014-05-05 23:40 - 2014-05-15 03:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 23:17 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 22:25 - 2014-05-15 03:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 22:07 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 22:00 - 2014-05-15 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 21:10 - 2014-05-15 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 13:59 - 2014-02-23 10:10 - 00000762 ____H () C:\Users\Momma\Downloads\.picasa.ini 2014-05-05 13:55 - 2014-05-05 13:55 - 09005415 _____ () C:\Users\Momma\Downloads\2014-05-01.zip 2014-05-05 13:55 - 2014-05-05 13:55 - 00000000 ____D () C:\Users\Momma\AppData\Local\WinZip 2014-05-05 13:55 - 2013-12-13 22:37 - 00000000 ____D () C:\ProgramData\WinZip 2014-05-05 13:31 - 2014-04-16 07:16 - 00022635 _____ () C:\Users\Momma\Downloads\Addition.txt 2014-05-05 13:23 - 2014-05-05 13:23 - 00016220 _____ () C:\ComboFix.txt 2014-05-05 13:23 - 2014-04-24 08:35 - 00000000 ____D () C:\Qoobox 2014-05-05 13:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-05-05 12:58 - 2014-05-05 12:57 - 00000000 ____D () C:\Users\Momma\Downloads\Demo and Promo paperwork 2014-05-05 12:54 - 2014-04-24 08:34 - 05199940 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe 2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC.exe 2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC (1).exe 2014-05-01 07:45 - 2014-05-01 07:45 - 00028160 _____ () C:\Users\Momma\Downloads\WARRANTY REQUEST FORM.XLS 2014-04-29 21:38 - 2014-04-29 21:34 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine 2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt 2014-04-28 12:28 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Momma\AppData\Local\Adobe 2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe 2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses 2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe 2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-28 11:16 - 2014-04-28 11:15 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-28 11:14 - 2009-07-14 00:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java 2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe 2014-04-28 11:01 - 2014-04-24 08:31 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun 2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle 2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip 2014-04-27 20:55 - 2011-02-11 15:29 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-25 20:57 - 2014-03-31 21:27 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe 2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe 2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT 2014-04-24 16:55 - 2014-04-16 07:07 - 00000000 ____D () C:\AdwCleaner 2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Cyberlink 2014-04-24 16:54 - 2013-12-13 22:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe 2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe 2014-04-24 10:40 - 2014-04-24 10:39 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe 2014-04-24 09:08 - 2014-04-24 08:35 - 00000000 ____D () C:\Windows\erdnt 2014-04-24 09:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default Some content of TEMP: ==================== C:\Users\Momma\AppData\Local\Temp\avgnt.exe C:\Users\Momma\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-14 08:34] - [2014-03-04 04:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-10 10:25 ==================== End Of Log ============================

And the premiuminstaller website popped up right after that

Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Momma on Sat 05/17/2014 at 10:48:16.25. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Momma\Downloads\zoek.exe [scan all users] [Checkboxes used] ==== System Restore Info ====================== 5/17/2014 10:49:30 AM Zoek.exe System Restore Point Created Succesfully. ==== Reset Google Chrome ====================== C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Sat 05/17/2014 at 10:49:38.59 ====================== this is what I got at the end....

It won't let me run anything from that, avira is blocking it and chrome is as well.

something just popped up. Malwarebytes said it blocked imp.premiuminstaller.com. And something called downloadoney tried to get me to download. It also says its lightspark player pro. In my downloads it says player-chrome.exe is trying to download.

It's still happening though. I'm not getting codec as much now. I'm getting something else, some kind of player. It's making it seem like a microsoft update, but the same kind of format as the codec stuff.

Um, I'm not sure how to explain. In spyware blaster on the first page, it says spyware protection blaster. It shows internet explorer, mozilla, chrome, etc. , and to the right of them you can click the link to enable protection. When I clicked on Chrome, there is a part to customize the block list. There were a bunch of miscellaneous things I didn't recognize, examples are 100 Hot, 101 webstats, 123 count, active counter, adbrite. Etc. Some looked like porn names. To the right of them it said type, and they are all labeled as cookies. I checked all of them to be added to the block list.

It was actually acting okay for about 3-4 days. Now, it's acting foolish again. I noticed that when I looked at spyware, a bunch of boxes were unchecked. It said I could check mark any that I wanted protection against. They all looked dodgy. Does this matter?

Okay I did it, but Im going to give it a couple of days to see how it behaves. I shall return to update!

How do I reset Chrome? Like uninstall and re-install