Jump to content

Marcos

Honorary Members
  • Posts

    77
  • Joined

  • Last visited

Reputation

0 Neutral

About Marcos

  • Birthday November 28

Profile Information

  • Location
    San Antonio, TX
  1. Almost done, but I want to delete those 4 entries from the ESET scan, can I delete those? Thanks. Don Marcos
  2. Okay ran delfix no problem. But, when I start computer and click on chrome, I still get Lavasoft Secure search start page and in next tab, msm.com page.
  3. C:\Users\Marcos\Downloads\AA_v3.4.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application C:\Users\Marcos\Downloads\cbsidlm-cbsi176-CamStudio-SEO-10067101.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Users\Marcos\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcos\Downloads\Setup (1).exe Win32/OutBrowse.G potentially unwanted application
  4. Ran OTM, machine automatically rebooted, but after reboot went into folder, but there was no file located there. But, no longer have Lava secure search showing up and yes the computer is running faster. Still feel like something is in the system though.
  5. SystemLook 30.07.11 by jpshortstuff Log created at 03:34 on 09/06/2014 by Marcos Administrator - Elevation successful ========== regfind ========== Searching for "Lavasoft" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection] "Publisher"="Lavasoft" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] Searching for "*Lavasoft*" No data found. Searching for "Adaware" [HKEY_CURRENT_USER\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] Searching for "*Adaware*" No data found. -= EOF =-
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014 Ran by Marcos at 2014-06-07 20:13:25 Run:1 Running from C:\Users\Marcos\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File C:\Program Files (x86)\Lavasoft BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.) 2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons 2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics 2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection 2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp 2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe C:\Users\Marcos\AppData\Local\Temp\Extract.exe End ***************** 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. 'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. C:\Program Files (x86)\Lavasoft => Moved successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. 'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully. 'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. 'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found. 'HKCR\PROTOCOLS\Handler\belarc' => Key deleted successfully. 'HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}'=> Key not found. CouponPrinterService => Service not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Directory not found. C:\Program Files (x86)\Coupons => Moved successfully. C:\Users\Marcos\AppData\Roaming\LavasoftStatistics => Moved successfully. C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully. C:\ProgramData\Search Protection => Moved successfully. C:\Users\Marcos\AppData\Local\adawarebp => Moved successfully. C:\Program Files (x86)\Toolbar Cleaner => Moved successfully. "C:\Program Files (x86)\Lavasoft" => File/Directory not found. C:\ProgramData\Lavasoft => Moved successfully. C:\Users\Marcos\Downloads\Adaware_Installer.exe => Moved successfully. C:\Users\Marcos\AppData\Local\Temp\Extract.exe => Moved successfully. ==== End of Fixlog ==== # AdwCleaner v3.212 - Report created 07/06/2014 at 20:39:31 # Updated 05/06/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Marcos - MAINBRAIN # Running from : C:\Users\Marcos\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Marcos\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\adawaretb File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\prefs.js ] -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1948 octets] - [07/06/2014 20:18:10] AdwCleaner[s0].txt - [1891 octets] - [07/06/2014 20:39:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1951 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8 x64 Ran by Marcos on Sat 06/07/2014 at 21:41:03.99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ammyy" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\bx31vswy.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/07/2014 at 21:58:33.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/7/2014 Scan Time: 10:43:40 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.08.01 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Marcos Scan Type: Threat Scan Result: Completed Objects Scanned: 264636 Time Elapsed: 14 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Lavasoft search still starts up.
  7. Addition.txtDuring scan it immediately came back with this message. 1 Interrupted ActionAn unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.Error 0x80030003: %1 could not be found. install.rdfType:RDF FileDate modified: 8/22/2012 8:32 PMSize 2.39 KBSo I clicked cancel on the message, and the scan continued. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014Ran by Marcos (administrator) on MAINBRAIN on 05-06-2014 17:11:24Running from C:\Users\Marcos\DesktopPlatform: Windows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(AMD) C:\Windows\System32\atieclxx.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [etMonitor] => C:\windows\etMon.exeHKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-04] (Facebook Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No FileBHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No FileBHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No FileToolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.defaultFF Homepage: hxxp://www.msn.com/?pc=AV01FF Keyword.URL: hxxp://www.bing.com/searchFF SelectedSearchEngine: Microsoft (Bing)FF DefaultSearchEngine: Microsoft (Bing)FF SearchEngineOrder.1: Microsoft (Bing)FF NewTab: about:newtabFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF SearchPlugin: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\searchplugins\bing-avast.xmlFF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03] Chrome: =======CHR HomePage: hxxp://home.nucomm.net/CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69", "hxxp://www.msn.com/?pc=AV01"CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]CHR Extension: (GameLinkExchange.Com) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-06-03]CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-06-04 19:43 - 2014-06-04 19:44 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity2014-06-03 05:48 - 2014-06-03 05:49 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe2014-05-29 06:53 - 2013-05-16 20:49 - 03847168 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athw8x.sys2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo2014-05-24 22:27 - 2014-05-24 22:33 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia2014-05-24 15:01 - 2014-06-05 11:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-05-24 15:01 - 2014-05-31 05:19 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock2014-05-20 06:35 - 2012-07-26 00:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140520-063532.backup2014-05-19 18:20 - 2014-05-19 18:21 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:14 - 2014-06-05 17:16 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:13 - 2014-06-05 17:15 - 00000000 ____D () C:\FRST2014-05-19 18:11 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-20 06:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-20 06:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe2014-05-17 15:35 - 2014-05-31 14:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-17 15:35 - 2014-05-31 04:28 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-17 15:35 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-17 15:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 08:26 - 2014-05-26 19:54 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics ==================== One Month Modified Files and Folders ======= 2014-06-05 17:16 - 2014-05-19 18:14 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-06-05 17:16 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Temp2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt2014-06-05 17:15 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-06-05 17:09 - 2014-05-19 18:11 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-06-05 17:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-05 17:03 - 2013-12-04 15:20 - 01608943 _____ () C:\windows\WindowsUpdate.log2014-06-05 17:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru2014-06-05 12:11 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin2014-06-05 11:53 - 2014-05-24 15:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-06-05 11:51 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype2014-06-05 11:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-05 10:48 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job2014-06-05 09:10 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}2014-06-05 03:23 - 2014-03-24 11:52 - 00016384 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-06-05 03:21 - 2013-12-21 10:44 - 01303552 ___SH () C:\Users\Marcos\Downloads\Thumbs.db2014-06-04 20:39 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI2014-06-04 20:33 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-06-04 20:32 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI2014-06-04 19:48 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job2014-06-04 19:44 - 2014-06-04 19:43 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe2014-06-04 19:43 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA2014-06-04 19:43 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core2014-06-04 17:21 - 2014-04-23 14:03 - 00001282 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-06-04 16:16 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid2014-06-04 12:23 - 2014-03-06 12:30 - 00001286 _____ () C:\Users\Marcos\Documents\FV2 friends.txt2014-06-04 10:45 - 2014-02-25 12:34 - 00000631 _____ () C:\Users\Marcos\Documents\Fariha.txt2014-06-03 17:45 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-10012014-06-03 16:53 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity2014-06-03 05:49 - 2014-06-03 05:48 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe2014-06-02 11:54 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos2014-06-02 11:54 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-06-02 11:54 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-02 11:54 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt2014-06-01 12:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF2014-05-31 14:00 - 2014-05-17 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe2014-05-31 05:19 - 2014-05-24 15:01 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-05-31 05:13 - 2013-12-04 15:48 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-31 05:10 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-31 05:01 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-31 04:28 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-30 22:22 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-29 06:54 - 2013-08-07 12:48 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros2014-05-29 06:53 - 2013-08-07 12:48 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros2014-05-29 06:51 - 2013-04-10 14:20 - 00000000 ____D () C:\SWSETUP2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY2014-05-28 01:11 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent2014-05-26 19:54 - 2014-05-15 08:26 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo2014-05-24 23:34 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-24 22:33 - 2014-05-24 22:27 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia2014-05-24 08:54 - 2013-04-03 19:10 - 00741544 _____ () C:\windows\PFRO.log2014-05-24 08:29 - 2014-01-04 21:07 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-05-23 18:44 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip2014-05-22 13:26 - 2014-04-13 07:25 - 00000295 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt2014-05-22 03:20 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock2014-05-20 06:50 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-20 06:25 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 18:21 - 2014-05-19 18:20 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-19 06:36 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-05-12 07:26 - 2014-05-17 15:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-05-17 15:35 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-05-17 15:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll Some content of TEMP:====================C:\Users\Marcos\AppData\Local\Temp\Extract.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-30 12:20 ==================== End Of Log ============================
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014Ran by Marcos (administrator) on MAINBRAIN on 19-05-2014 18:14:05Running from C:\Users\Marcos\DesktopPlatform: Windows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [etMonitor] => C:\windows\etMon.exeHKLM\...\Run: [] => [X]HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-19] (Facebook Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.defaultFF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)FF Extension: Ad-Aware Security Add-on - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-05-19]FF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03] Chrome: =======CHR HomePage: hxxp://home.nucomm.net/CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69"CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]CHR Extension: (Exchange Rewards Item Links Faster) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-05-18]CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.)R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:14 - 2014-05-19 18:19 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:13 - 2014-05-19 18:14 - 00000000 ____D () C:\FRST2014-05-19 18:11 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:40 - 2014-05-19 18:02 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus2014-05-19 12:39 - 2014-05-19 18:05 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-19 08:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 06:51 - 2014-05-19 06:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe2014-05-17 15:35 - 2014-05-19 18:02 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-17 15:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-17 15:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 08:26 - 2014-05-18 08:31 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-04 13:16 - 2014-05-04 13:17 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt2014-05-02 14:20 - 2014-05-02 14:46 - 00000035 _____ () C:\Users\Marcos\Documents\fv2 inventory.txt2014-05-01 10:18 - 2014-05-12 22:23 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-04-29 17:03 - 2014-05-07 18:09 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-04-28 17:37 - 2014-05-13 08:52 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-04-28 12:33 - 2014-05-11 09:41 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-04-24 14:22 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-04-24 14:22 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-04-24 14:22 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-24 14:22 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-04-24 14:22 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-23 14:03 - 2014-05-04 15:55 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-04-22 00:50 - 2014-05-16 14:59 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:19 - 2014-05-19 18:14 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-19 18:14 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST2014-05-19 18:13 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job2014-05-19 18:09 - 2014-05-19 18:11 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-05-19 18:08 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI2014-05-19 18:05 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 18:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-19 18:02 - 2014-05-19 12:40 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2014-05-19 18:02 - 2014-05-17 15:35 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-19 18:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru2014-05-19 18:01 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-05-19 18:01 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-19 17:45 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job2014-05-19 17:44 - 2013-04-03 19:10 - 00736506 _____ () C:\windows\PFRO.log2014-05-19 17:43 - 2013-12-04 15:20 - 02013597 _____ () C:\windows\WindowsUpdate.log2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-19 17:31 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 09:13 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-05-19 09:08 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA2014-05-19 09:08 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core2014-05-19 08:20 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 07:49 - 2014-03-06 12:30 - 00001204 _____ () C:\Users\Marcos\Documents\FV2 friends.txt2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:53 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT2014-05-19 06:35 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos2014-05-19 06:35 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-05-19 04:06 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin2014-05-18 21:51 - 2014-03-24 11:52 - 00012800 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-05-18 21:50 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid2014-05-18 20:34 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}2014-05-18 08:31 - 2014-05-15 08:26 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:06 - 2014-04-01 11:07 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys2014-05-16 23:20 - 2013-12-04 15:48 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update2014-05-16 14:00 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 11:38 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-05-14 18:38 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-13 20:21 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-05-10 10:52 - 2013-12-21 10:44 - 01011200 ___SH () C:\Users\Marcos\Downloads\Thumbs.db2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-08 11:59 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-05 22:48 - 2014-05-18 17:13 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-05 22:48 - 2014-05-18 17:13 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-05 22:37 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-05 22:26 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-05 13:10 - 2014-02-25 12:34 - 00000431 _____ () C:\Users\Marcos\Documents\Fariha.txt2014-05-04 15:55 - 2014-04-23 14:03 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-05-04 14:53 - 2012-07-26 02:21 - 00031184 _____ () C:\windows\setupact.log2014-05-04 13:17 - 2014-05-04 13:16 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt2014-05-02 14:46 - 2014-05-02 14:20 - 00000035 _____ () C:\Users\Marcos\Documents\fv2 inventory.txt2014-05-01 15:37 - 2014-05-19 17:46 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-01 15:37 - 2012-07-26 03:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-04-30 11:00 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-10012014-04-29 20:03 - 2014-04-13 07:25 - 00000279 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt2014-04-25 11:19 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore2014-04-23 06:25 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe2014-04-22 00:50 - 2014-02-03 13:08 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-04-19 17:12 - 2014-02-09 12:43 - 00000114 _____ () C:\Users\Marcos\Documents\Neighbor visits.txt2014-04-19 04:39 - 2014-04-24 14:22 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-04-19 03:45 - 2014-04-24 14:22 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-04-19 03:45 - 2014-04-24 14:22 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-19 01:57 - 2014-04-24 14:22 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-04-19 01:57 - 2014-04-24 14:22 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Some content of TEMP:====================C:\Users\Marcos\AppData\Local\Temp\005e84b9-9e7f-40de-9478-28faaf14d4e7.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-17 03:00 ==================== End Of Log ============================FRST.txtFarbar.txt
  9. I have tried those threads and didn't work for me, as I stated already, the program does not show up as an installed program, anymore but it is still there. Marcos
  10. My Avira does not even show up in the Programs and Features listing, so scratch that idea. Marcos
  11. I am trying to remove Avira anti-virus from a friends laptop using Windows 7 and it just won't unistall, any help would be greatly appreciated. Thank you Marcos
  12. I'm thankful for my friends and family, and critical thinking politicians like Ron Paul, who is the only GOP candidate that seems to have a brain.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.