Jump to content

Marcos

Honorary Members
  • Posts

    77
  • Joined

  • Last visited

Everything posted by Marcos

  1. Almost done, but I want to delete those 4 entries from the ESET scan, can I delete those? Thanks. Don Marcos
  2. Okay ran delfix no problem. But, when I start computer and click on chrome, I still get Lavasoft Secure search start page and in next tab, msm.com page.
  3. C:\Users\Marcos\Downloads\AA_v3.4.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application C:\Users\Marcos\Downloads\cbsidlm-cbsi176-CamStudio-SEO-10067101.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Users\Marcos\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcos\Downloads\Setup (1).exe Win32/OutBrowse.G potentially unwanted application
  4. Ran OTM, machine automatically rebooted, but after reboot went into folder, but there was no file located there. But, no longer have Lava secure search showing up and yes the computer is running faster. Still feel like something is in the system though.
  5. SystemLook 30.07.11 by jpshortstuff Log created at 03:34 on 09/06/2014 by Marcos Administrator - Elevation successful ========== regfind ========== Searching for "Lavasoft" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection] "Publisher"="Lavasoft" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com] Searching for "*Lavasoft*" No data found. Searching for "Adaware" [HKEY_CURRENT_USER\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}] "AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com] Searching for "*Adaware*" No data found. -= EOF =-
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014 Ran by Marcos at 2014-06-07 20:13:25 Run:1 Running from C:\Users\Marcos\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File C:\Program Files (x86)\Lavasoft BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.) 2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons 2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics 2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection 2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp 2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner 2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe C:\Users\Marcos\AppData\Local\Temp\Extract.exe End ***************** 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. 'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. C:\Program Files (x86)\Lavasoft => Moved successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully. 'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully. 'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. 'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found. 'HKCR\PROTOCOLS\Handler\belarc' => Key deleted successfully. 'HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}'=> Key not found. CouponPrinterService => Service not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Directory not found. C:\Program Files (x86)\Coupons => Moved successfully. C:\Users\Marcos\AppData\Roaming\LavasoftStatistics => Moved successfully. C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully. C:\ProgramData\Search Protection => Moved successfully. C:\Users\Marcos\AppData\Local\adawarebp => Moved successfully. C:\Program Files (x86)\Toolbar Cleaner => Moved successfully. "C:\Program Files (x86)\Lavasoft" => File/Directory not found. C:\ProgramData\Lavasoft => Moved successfully. C:\Users\Marcos\Downloads\Adaware_Installer.exe => Moved successfully. C:\Users\Marcos\AppData\Local\Temp\Extract.exe => Moved successfully. ==== End of Fixlog ==== # AdwCleaner v3.212 - Report created 07/06/2014 at 20:39:31 # Updated 05/06/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Marcos - MAINBRAIN # Running from : C:\Users\Marcos\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Marcos\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\adawaretb File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\prefs.js ] -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1948 octets] - [07/06/2014 20:18:10] AdwCleaner[s0].txt - [1891 octets] - [07/06/2014 20:39:31] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1951 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8 x64 Ran by Marcos on Sat 06/07/2014 at 21:41:03.99 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ammyy" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\bx31vswy.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/07/2014 at 21:58:33.03 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/7/2014 Scan Time: 10:43:40 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.08.01 Rootkit Database: v2014.06.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Marcos Scan Type: Threat Scan Result: Completed Objects Scanned: 264636 Time Elapsed: 14 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Lavasoft search still starts up.
  7. Addition.txtDuring scan it immediately came back with this message. 1 Interrupted ActionAn unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.Error 0x80030003: %1 could not be found. install.rdfType:RDF FileDate modified: 8/22/2012 8:32 PMSize 2.39 KBSo I clicked cancel on the message, and the scan continued. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014Ran by Marcos (administrator) on MAINBRAIN on 05-06-2014 17:11:24Running from C:\Users\Marcos\DesktopPlatform: Windows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(AMD) C:\Windows\System32\atieclxx.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [etMonitor] => C:\windows\etMon.exeHKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-04] (Facebook Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No FileBHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No FileBHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No FileToolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.defaultFF Homepage: hxxp://www.msn.com/?pc=AV01FF Keyword.URL: hxxp://www.bing.com/searchFF SelectedSearchEngine: Microsoft (Bing)FF DefaultSearchEngine: Microsoft (Bing)FF SearchEngineOrder.1: Microsoft (Bing)FF NewTab: about:newtabFF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF SearchPlugin: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\searchplugins\bing-avast.xmlFF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03] Chrome: =======CHR HomePage: hxxp://home.nucomm.net/CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69", "hxxp://www.msn.com/?pc=AV01"CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]CHR Extension: (GameLinkExchange.Com) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-06-03]CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-06-04 19:43 - 2014-06-04 19:44 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity2014-06-03 05:48 - 2014-06-03 05:49 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe2014-05-29 06:53 - 2013-05-16 20:49 - 03847168 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athw8x.sys2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo2014-05-24 22:27 - 2014-05-24 22:33 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia2014-05-24 15:01 - 2014-06-05 11:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-05-24 15:01 - 2014-05-31 05:19 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock2014-05-20 06:35 - 2012-07-26 00:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140520-063532.backup2014-05-19 18:20 - 2014-05-19 18:21 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:14 - 2014-06-05 17:16 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:13 - 2014-06-05 17:15 - 00000000 ____D () C:\FRST2014-05-19 18:11 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-20 06:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-20 06:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe2014-05-17 15:35 - 2014-05-31 14:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-17 15:35 - 2014-05-31 04:28 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-17 15:35 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-17 15:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 08:26 - 2014-05-26 19:54 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics ==================== One Month Modified Files and Folders ======= 2014-06-05 17:16 - 2014-05-19 18:14 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-06-05 17:16 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Temp2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt2014-06-05 17:15 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-06-05 17:09 - 2014-05-19 18:11 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-06-05 17:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-06-05 17:03 - 2013-12-04 15:20 - 01608943 _____ () C:\windows\WindowsUpdate.log2014-06-05 17:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru2014-06-05 12:11 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin2014-06-05 11:53 - 2014-05-24 15:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-06-05 11:51 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype2014-06-05 11:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-06-05 10:48 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job2014-06-05 09:10 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}2014-06-05 03:23 - 2014-03-24 11:52 - 00016384 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-06-05 03:21 - 2013-12-21 10:44 - 01303552 ___SH () C:\Users\Marcos\Downloads\Thumbs.db2014-06-04 20:39 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI2014-06-04 20:33 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-06-04 20:32 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI2014-06-04 19:48 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job2014-06-04 19:44 - 2014-06-04 19:43 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe2014-06-04 19:43 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA2014-06-04 19:43 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core2014-06-04 17:21 - 2014-04-23 14:03 - 00001282 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-06-04 16:16 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid2014-06-04 12:23 - 2014-03-06 12:30 - 00001286 _____ () C:\Users\Marcos\Documents\FV2 friends.txt2014-06-04 10:45 - 2014-02-25 12:34 - 00000631 _____ () C:\Users\Marcos\Documents\Fariha.txt2014-06-03 17:45 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-10012014-06-03 16:53 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity2014-06-03 05:49 - 2014-06-03 05:48 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe2014-06-02 11:54 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos2014-06-02 11:54 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-06-02 11:54 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-06-02 11:54 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt2014-06-01 12:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF2014-05-31 14:00 - 2014-05-17 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe2014-05-31 05:19 - 2014-05-24 15:01 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2014-05-31 05:13 - 2013-12-04 15:48 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-31 05:10 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-31 05:01 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-31 04:28 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-30 22:22 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-29 06:54 - 2013-08-07 12:48 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros2014-05-29 06:53 - 2013-08-07 12:48 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros2014-05-29 06:51 - 2013-04-10 14:20 - 00000000 ____D () C:\SWSETUP2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY2014-05-28 01:11 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent2014-05-26 19:54 - 2014-05-15 08:26 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo2014-05-24 23:34 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-24 22:33 - 2014-05-24 22:27 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia2014-05-24 08:54 - 2013-04-03 19:10 - 00741544 _____ () C:\windows\PFRO.log2014-05-24 08:29 - 2014-01-04 21:07 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-05-23 18:44 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip2014-05-22 13:26 - 2014-04-13 07:25 - 00000295 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt2014-05-22 03:20 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock2014-05-20 06:50 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-20 06:25 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 18:21 - 2014-05-19 18:20 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-19 06:36 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-05-12 07:26 - 2014-05-17 15:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-05-17 15:35 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-05-17 15:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll Some content of TEMP:====================C:\Users\Marcos\AppData\Local\Temp\Extract.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-30 12:20 ==================== End Of Log ============================
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014Ran by Marcos (administrator) on MAINBRAIN on 19-05-2014 18:14:05Running from C:\Users\Marcos\DesktopPlatform: Windows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [etMonitor] => C:\windows\etMon.exeHKLM\...\Run: [] => [X]HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-19] (Facebook Inc.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKLM-x32 - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJSSearchScopes: HKCU - {075DE3E0-9690-4BAB-9E2D-68ED939E5F39} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.defaultFF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)FF Extension: Ad-Aware Security Add-on - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-05-19]FF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03] Chrome: =======CHR HomePage: hxxp://home.nucomm.net/CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69"CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]CHR Extension: (Exchange Rewards Item Links Faster) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-05-18]CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.)R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:14 - 2014-05-19 18:19 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:13 - 2014-05-19 18:14 - 00000000 ____D () C:\FRST2014-05-19 18:11 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:40 - 2014-05-19 18:02 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus2014-05-19 12:39 - 2014-05-19 18:05 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:51 - 2014-05-19 08:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 06:51 - 2014-05-19 06:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe2014-05-17 15:35 - 2014-05-19 18:02 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-05-17 15:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-05-17 15:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 08:26 - 2014-05-18 08:31 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-04 13:16 - 2014-05-04 13:17 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt2014-05-02 14:20 - 2014-05-02 14:46 - 00000035 _____ () C:\Users\Marcos\Documents\fv2 inventory.txt2014-05-01 10:18 - 2014-05-12 22:23 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-04-29 17:03 - 2014-05-07 18:09 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-04-28 17:37 - 2014-05-13 08:52 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-04-28 12:33 - 2014-05-11 09:41 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-04-24 14:22 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-04-24 14:22 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-04-24 14:22 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-24 14:22 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-04-24 14:22 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-23 14:03 - 2014-05-04 15:55 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-04-22 00:50 - 2014-05-16 14:59 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys ==================== One Month Modified Files and Folders ======= 2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt2014-05-19 18:19 - 2014-05-19 18:14 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt2014-05-19 18:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-19 18:14 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST2014-05-19 18:13 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job2014-05-19 18:09 - 2014-05-19 18:11 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe2014-05-19 18:08 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI2014-05-19 18:05 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection2014-05-19 18:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-19 18:02 - 2014-05-19 12:40 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2014-05-19 18:02 - 2014-05-17 15:35 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-05-19 18:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru2014-05-19 18:01 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-05-19 18:01 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-19 17:45 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job2014-05-19 17:44 - 2013-04-03 19:10 - 00736506 _____ () C:\windows\PFRO.log2014-05-19 17:43 - 2013-12-04 15:20 - 02013597 _____ () C:\windows\WindowsUpdate.log2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-05-19 17:31 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft2014-05-19 09:13 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook2014-05-19 09:08 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA2014-05-19 09:08 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core2014-05-19 08:20 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-05-19 07:49 - 2014-03-06 12:30 - 00001204 _____ () C:\Users\Marcos\Documents\FV2 friends.txt2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe2014-05-19 06:53 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT2014-05-19 06:35 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos2014-05-19 06:35 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-05-19 04:06 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin2014-05-18 21:51 - 2014-03-24 11:52 - 00012800 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-05-18 21:50 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid2014-05-18 20:34 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}2014-05-18 08:31 - 2014-05-15 08:26 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe2014-05-17 14:06 - 2014-04-01 11:07 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys2014-05-16 23:20 - 2013-12-04 15:48 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update2014-05-16 14:00 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt2014-05-15 11:38 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-05-14 18:38 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt2014-05-13 20:21 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp42014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt2014-05-10 10:52 - 2013-12-21 10:44 - 01011200 ___SH () C:\Users\Marcos\Downloads\Thumbs.db2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt2014-05-08 11:59 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-05-05 22:48 - 2014-05-18 17:13 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-05 22:48 - 2014-05-18 17:13 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-05-05 22:37 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-05 22:26 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-05 13:10 - 2014-02-25 12:34 - 00000431 _____ () C:\Users\Marcos\Documents\Fariha.txt2014-05-04 15:55 - 2014-04-23 14:03 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt2014-05-04 14:53 - 2012-07-26 02:21 - 00031184 _____ () C:\windows\setupact.log2014-05-04 13:17 - 2014-05-04 13:16 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt2014-05-02 14:46 - 2014-05-02 14:20 - 00000035 _____ () C:\Users\Marcos\Documents\fv2 inventory.txt2014-05-01 15:37 - 2014-05-19 17:46 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-01 15:37 - 2012-07-26 03:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-04-30 11:00 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-10012014-04-29 20:03 - 2014-04-13 07:25 - 00000279 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt2014-04-25 11:19 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore2014-04-23 06:25 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe2014-04-22 00:50 - 2014-02-03 13:08 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys2014-04-22 00:50 - 2014-02-03 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-04-19 17:12 - 2014-02-09 12:43 - 00000114 _____ () C:\Users\Marcos\Documents\Neighbor visits.txt2014-04-19 04:39 - 2014-04-24 14:22 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-04-19 03:45 - 2014-04-24 14:22 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-04-19 03:45 - 2014-04-24 14:22 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-04-19 01:57 - 2014-04-24 14:22 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-04-19 01:57 - 2014-04-24 14:22 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Some content of TEMP:====================C:\Users\Marcos\AppData\Local\Temp\005e84b9-9e7f-40de-9478-28faaf14d4e7.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B C:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-17 03:00 ==================== End Of Log ============================FRST.txtFarbar.txt
  9. I have tried those threads and didn't work for me, as I stated already, the program does not show up as an installed program, anymore but it is still there. Marcos
  10. My Avira does not even show up in the Programs and Features listing, so scratch that idea. Marcos
  11. I am trying to remove Avira anti-virus from a friends laptop using Windows 7 and it just won't unistall, any help would be greatly appreciated. Thank you Marcos
  12. I'm thankful for my friends and family, and critical thinking politicians like Ron Paul, who is the only GOP candidate that seems to have a brain.
  13. Oh, Combofix did uninstall, msse was just sending me a message thats all.
  14. Thanks for all the help, looks to run a little smoother now. Just 1 exception when uninstalling Combofix, had MSSE running and ComboFix asked for it to be stopped, at the same time MSSE said it found a file and would like for me to send it in for analysis. File was C:\32788R22JFW\iexplore.exe Thanks again. Marcos
  15. Also, Can I renable defogger yet? Thanks.
  16. Here is my Eset log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=294b29ab7b675e49b2aa69411400b8eb # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-30 01:50:55 # local_time=2011-09-30 08:50:55 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=4352 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 87 0 13361465 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=170921 # found=2 # cleaned=2 # scan_time=6149 C:\Program Files\iEvony\AutoUpdate.exe probably a variant of Win32/TrojanDownloader.Agent.FDXKZAL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP15\A0006409.exe probably a variant of Win32/TrojanDownloader.Agent.FDXKZAL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C And Security Check Results of screen317's Security Check version 0.99.19 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner (remove only) Java DB 10.5.3.0 Java 6 Update 27 Java SE Development Kit 6 Update 22 Adobe Flash Player 10.3.183.10 Mozilla Firefox (Player..) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Microsoft Security Essentials msseces.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log````````````
  17. Here is my dds.txt DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by HP_Administrator at 22:20:50 on 2011-09-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2214 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe C:\WINDOWS\twain_32\S6U12BX\WATCH.exe C:\Program Files\AnalogX\MaxMem\maxmem.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [ps2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [hphmon06] c:\windows\system32\hphmon06.exe mRun: [hphupd06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe mRun: [RECGUARD] c:\windows\sminst\RECGUARD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch.lnk - c:\windows\twain_32\s6u12bx\WATCH.exe mPolicies-explorer: NoResolveTrack = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{45D038BA-C0E7-4384-BB0E-FC6F22111C90} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\cpxqlop7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-25 64288] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 MpKsl44a5c91a;MpKsl44a5c91a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\MpKsl44a5c91a.sys [2011-9-23 28752] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 66632] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2152152] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264] R3 AV88BASE;Cx2388x Base Driver;c:\windows\system32\drivers\av88base.sys [2009-12-7 425472] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 581480] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496] S1 MpKsl02cbcc72;MpKsl02cbcc72;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e536bc77-b3ec-453c-9d13-0264b5949c54}\mpksl02cbcc72.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e536bc77-b3ec-453c-9d13-0264b5949c54}\MpKsl02cbcc72.sys [?] S1 MpKsl53c126a7;MpKsl53c126a7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410b9205-c790-4a63-94ec-cff227e266d9}\mpksl53c126a7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410b9205-c790-4a63-94ec-cff227e266d9}\MpKsl53c126a7.sys [?] S1 MpKsl878c6cc5;MpKsl878c6cc5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410b9205-c790-4a63-94ec-cff227e266d9}\mpksl878c6cc5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410b9205-c790-4a63-94ec-cff227e266d9}\MpKsl878c6cc5.sys [?] S1 MpKsl95b3c7f6;MpKsl95b3c7f6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba34a2f6-d5d4-4334-ba11-db1d7e749a93}\mpksl95b3c7f6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba34a2f6-d5d4-4334-ba11-db1d7e749a93}\MpKsl95b3c7f6.sys [?] S1 MpKsl979ab249;MpKsl979ab249;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\mpksl979ab249.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\MpKsl979ab249.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-17 12672] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\35.tmp --> c:\windows\system32\35.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-12 59552] . =============== Created Last 30 ================ . 2072-07-31 23:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll 2011-09-24 03:16:42 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\MpKsl44a5c91a.sys 2011-09-24 03:16:40 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\offreg.dll 2011-09-23 17:56:37 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d361e02-5a03-49f7-8363-fa264bcb4ba6}\mpengine.dll 2011-09-23 16:18:25 -------- d-----w- c:\program files\MiMedia LLC 2011-09-23 16:18:25 -------- d-----w- c:\documents and settings\all users\application data\MiMedia 2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll 2011-09-01 14:32:45 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-09-01 14:32:34 -------- d-----w- c:\windows\SHELLNEW 2011-08-25 04:22:21 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-08-25 04:22:20 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll . ==================== Find3M ==================== . 2011-09-22 20:50:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-02 22:02:06 2097152 ----a-w- c:\program files\LC.exe 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 20:14:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-26 17:15:55 86615 ----a-w- c:\program files\Uninst.exe . ============= FINISH: 22:24:28.25 =============== and this is my mbam log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7789 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/24/2011 10:52:02 AM mbam-log-2011-09-24 (10-52-02).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 366339 Time elapsed: 1 hour(s), 45 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) attach.zip
  18. I got a pencil and used the eraser on the 512mb sticks, these were 2 more that when I stuck them in the pc, it didn't boot at all, so I pulled these 2 out and rub the eraser on both sides of the contact's till they glowed, did the same on the other stick. Placed them both in the computer, and as soon as I saw maxmem icon with the green line way at the bottom I knew it was recognizing all the memory. Well hoped this might help others too.
  19. I found out the problem, but am so embarrassed I don't want to say what I did to fix it. But now I have the 2 1gb sticks in the first bank and the 2 512mb sticks in the 2nd bank being recognized for a total of 3GB, here is the speccy, http://speccy.piriform.com/results/xWcoAIgNrrL0JRivorZvkhD but I still cant figure out why windows and online scanners didn't see that 1gb stick before.
  20. Hello I tried upgrading my ram from 2.5GB to 3.0GB, Have 2 1GB in first bank and 2 256MB in next set of banks for a total of 2.5GB. But when i removed the 2 256MB and replaced them with 2 512MB, the pc and online scanners only recognized 1 GB in the first bank and saw the 2 512Mb in the other bank for a total of 2GB, swapped out the first 2 1GB sticks with the same result, only recognized only 1 GB stick and the 2 512MB sticks. Replaced the 2 512mb sticks with the 2 256Mb sticks and went back up to 2.5Gb, online scanners and windows both saw the 2.5gb. Any help or advice would be greatly appreciated. Here is speccy showing 2.5 GB http://speccy.piriform.com/results/1rta2JmKiciDIWbcsgw3T3c and here is speccy with 2 1GB and 2 512MB of ram. http://speccy.piriform.com/results/6ZeqN8i5fZQ2qoqXU3acOxk and here is the speccy with 2 1gb sticks and only 1 512mb stick. http://speccy.piriform.com/results/lC5SuHOtq3wPjyieIFINLlO
  21. Its purring, got rid of a lot of unneeded startups too. Thanks for all the help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.