Help with interpreting HiJackThis results

[prstark]

Here are the logs. I'm having trouble implementing my plan to run ComboFix after the System Restore. I'm back to lots of issues and wonder if I need to start all over again.

 

Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 03

Ran by Paul (administrator) on PAUL-PC on 07-09-2013 15:52:32

Running from C:\Users\Paul\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1

HKCU\...\Run: [AdobeBridge] - 

HKCU\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-07] (Google Inc.)

MountPoints2: {317bde35-22bb-11e0-9b03-0016d3a501ca} - G:\LaunchU3.exe -a

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk

ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.provisionhouse.org/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKLM - {06B66503-5C17-4E3E-871B-4DE0F0C1BF63} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKLM - {7E632184-1EAF-433F-B09F-A7B31511154E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKLM - {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKCU - {06B66503-5C17-4E3E-871B-4DE0F0C1BF63} URL = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

SearchScopes: HKCU - {7E632184-1EAF-433F-B09F-A7B31511154E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

SearchScopes: HKCU - {DD725C3D-DC45-42A2-8C8C-0336892F5DD5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} -  No File

Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} -  No File

Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)

Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

FF Extension: gTranslator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\jyboy.yy@gmail.com

FF Extension: Amplify - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}

FF Extension: FoxLingo - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: translator - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\translator@zoli.bod.xpi

FF Extension: No Name - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zuk9i63m.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Google Update) - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (eReaderIQ Integrator) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\epjfabiijflnfmjjhanhddglfhokheae\0.10.0_0

CHR Extension: (LastPass) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0

CHR Extension: (Tabs to the front!) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

CHR Extension: (Gospel eBooks) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nldijjcdcbmjjkleijhjgeecflkpfppk\1.1_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1

CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

 

==================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-03] (SUPERAntiSpyware.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()

R3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-25] (Hewlett-Packard Company)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe

2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe

2013-09-07 12:21 - 2013-09-07 12:21 - 00001688 _____ C:\Users\Paul\Desktop\AdwCleaner[s0].txt

2013-09-07 12:02 - 2013-09-07 12:02 - 00001668 _____ C:\Users\Paul\Desktop\AdwCleaner[R0].txt

2013-09-07 11:58 - 2013-09-07 12:15 - 00000000 ____D C:\AdwCleaner

2013-09-07 10:47 - 2013-09-07 10:47 - 00017741 _____ C:\Users\Paul\Desktop\ComboFix.txt

2013-09-07 10:45 - 2013-09-07 10:45 - 00017741 _____ C:\ComboFix.txt

2013-09-07 10:29 - 2013-09-07 10:45 - 00000000 ____D C:\Qoobox

2013-09-07 09:58 - 2013-09-07 10:02 - 00000000 ____D C:\Users\Paul\Documents\Hopewell

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809.exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (3).exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (2).exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (1).exe

2013-09-06 20:11 - 2013-09-06 20:12 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (3).crx

2013-09-06 20:11 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (4).crx

2013-09-06 19:58 - 2013-09-06 20:03 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin.crx

2013-09-06 16:51 - 2013-09-06 17:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-06 16:49 - 2013-09-06 17:46 - 00000000 ____D C:\Users\Paul\Desktop\mbar

2013-09-06 16:47 - 2013-09-06 16:47 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1005.exe

2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (8).ics

2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (7).ics

2013-09-06 15:43 - 2013-09-07 14:44 - 00000000 ____D C:\Users\Paul\Desktop\RK_Quarantine

2013-09-06 15:42 - 2013-09-06 15:42 - 03787264 _____ C:\Users\Paul\Desktop\RogueKillerX64.exe

2013-09-06 15:19 - 2013-09-06 15:19 - 03787264 _____ C:\Users\Paul\Downloads\RogueKillerX64.exe

2013-09-06 14:01 - 2013-09-06 14:01 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com

2013-09-06 12:58 - 2013-09-06 12:59 - 00714816 _____ C:\Users\Paul\Downloads\ZipOpenerSetup.exe

2013-09-06 12:58 - 2013-09-06 12:59 - 00007909 _____ C:\Users\Paul\Downloads\hijackthis.log

2013-09-06 12:52 - 2013-09-06 12:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (2).exe

2013-09-06 12:50 - 2013-09-06 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (1).exe

2013-09-06 12:46 - 2013-09-06 12:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis.exe

2013-09-06 11:28 - 2013-09-06 11:28 - 00000937 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (6).ics

2013-09-06 11:25 - 2013-09-06 11:25 - 00001017 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (5).ics

2013-09-05 21:55 - 2013-09-07 15:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-05 18:24 - 2013-09-05 18:24 - 00001018 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (4).ics

2013-09-05 18:18 - 2013-09-05 18:18 - 00001015 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (3).ics

2013-09-05 10:13 - 2013-09-05 10:14 - 117478104 _____ C:\Users\Paul\Downloads\avast_free_antivirus_setup (2).exe

2013-09-04 23:32 - 2013-09-04 23:32 - 04454952 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup405.exe

2013-09-04 23:02 - 2013-09-04 23:02 - 00001022 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (1).ics

2013-09-04 23:02 - 2013-09-04 23:02 - 00000999 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (2).ics

2013-09-04 22:50 - 2013-09-04 22:50 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-09-04 22:44 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-04 22:44 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-04 22:44 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-04 22:44 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-04 22:44 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-04 22:44 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-04 22:44 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-04 22:44 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-04 22:44 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-04 22:44 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-04 22:44 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-30 15:18 - 2013-08-30 15:18 - 00000996 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15.ics

2013-08-23 15:08 - 2013-08-23 15:08 - 00033005 _____ C:\Users\Paul\Desktop\Easy Prompter.html

2013-08-23 15:00 - 2013-08-23 15:00 - 11423543 _____ C:\Users\Paul\Downloads\PromptPClite.zip

2013-08-23 14:52 - 2013-08-23 14:52 - 00580269 _____ C:\Users\Paul\Downloads\setup.zip

2013-08-23 11:04 - 2013-09-04 16:36 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proverb Teleprompter

2013-08-22 16:10 - 2013-08-22 16:10 - 00000769 _____ C:\Users\Paul\Downloads\PrinterDiagnostic.diagcab

2013-08-16 13:10 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-16 13:10 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-16 13:10 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-16 13:10 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-16 13:10 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-16 13:10 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-16 13:10 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-16 13:10 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-16 13:10 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-16 13:10 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-16 13:10 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-16 13:10 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-16 13:10 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-16 13:10 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-16 13:08 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-16 13:07 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-16 13:06 - 2013-07-24 09:40 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 09065472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-16 13:06 - 2013-07-24 09:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 06036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-08-16 13:06 - 2013-07-24 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-16 13:06 - 2013-07-24 07:43 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-16 13:06 - 2013-07-24 07:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-16 12:37 - 2013-09-07 15:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-16 12:37 - 2013-09-07 15:41 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-16 12:37 - 2013-08-16 12:37 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-16 12:37 - 2013-08-16 12:37 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-16 12:36 - 2013-08-16 12:36 - 00784856 _____ (Google Inc.) C:\Users\Paul\Downloads\GoogleEarthPluginSetup.exe

2013-08-14 12:19 - 2013-09-07 15:53 - 00512624 _____ C:\Windows\setupact.log

2013-08-14 12:19 - 2013-08-16 12:28 - 00000000 _____ C:\Windows\setuperr.log

2013-08-10 16:38 - 2013-09-07 15:52 - 00370576 _____ C:\Windows\WindowsUpdate.log

 

==================== One Month Modified Files and Folders =======

 

2013-09-07 15:53 - 2013-08-14 12:19 - 00512624 _____ C:\Windows\setupact.log

2013-09-07 15:52 - 2013-09-07 15:52 - 00000000 ____D C:\FRST

2013-09-07 15:52 - 2013-08-10 16:38 - 00370576 _____ C:\Windows\WindowsUpdate.log

2013-09-07 15:51 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-07 15:51 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe

2013-09-07 15:47 - 2013-09-07 15:47 - 01948628 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe

2013-09-07 15:47 - 2012-04-03 15:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-07 15:42 - 2013-08-16 12:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-07 15:41 - 2013-08-16 12:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-07 15:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-07 15:39 - 2013-09-05 21:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-07 15:39 - 2009-07-14 01:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-09-07 15:05 - 2010-12-04 17:51 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-09-07 14:45 - 2010-12-04 16:41 - 00000000 ____D C:\Users\Paul

2013-09-07 14:44 - 2013-09-06 15:43 - 00000000 ____D C:\Users\Paul\Desktop\RK_Quarantine

2013-09-07 14:44 - 2013-01-24 23:49 - 00000000 ____D C:\Users\Paul\Desktop\PSD

2013-09-07 14:44 - 2011-12-03 18:46 - 00000000 ____D C:\Users\Paul\Documents\StreamTransport

2013-09-07 14:44 - 2011-01-19 11:03 - 00000000 ____D C:\ProgramData\Softland

2013-09-07 14:44 - 2010-12-07 12:41 - 00000000 ____D C:\ProgramData\FLEXnet

2013-09-07 14:44 - 2010-12-05 02:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-07 14:44 - 2010-12-04 19:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-07 14:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-09-07 14:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat

2013-09-07 14:43 - 2010-12-08 12:04 - 00000000 ____D C:\Program Files (x86)\Google

2013-09-07 14:43 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default

2013-09-07 14:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2013-09-07 13:55 - 2013-04-17 11:42 - 00000000 ____D C:\Users\Paul\AppData\Roaming\FileZilla

2013-09-07 12:21 - 2013-09-07 12:21 - 00001688 _____ C:\Users\Paul\Desktop\AdwCleaner[s0].txt

2013-09-07 12:15 - 2013-09-07 11:58 - 00000000 ____D C:\AdwCleaner

2013-09-07 12:02 - 2013-09-07 12:02 - 00001668 _____ C:\Users\Paul\Desktop\AdwCleaner[R0].txt

2013-09-07 10:47 - 2013-09-07 10:47 - 00017741 _____ C:\Users\Paul\Desktop\ComboFix.txt

2013-09-07 10:45 - 2013-09-07 10:45 - 00017741 _____ C:\ComboFix.txt

2013-09-07 10:45 - 2013-09-07 10:29 - 00000000 ____D C:\Qoobox

2013-09-07 10:02 - 2013-09-07 09:58 - 00000000 ____D C:\Users\Paul\Documents\Hopewell

2013-09-07 09:45 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\Illustrations

2013-09-07 09:28 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\Provision House

2013-09-06 21:09 - 2008-03-18 12:49 - 00013550 _____ C:\Users\Paul\Documents\Monthly Expenses.xlsx

2013-09-06 20:38 - 2006-11-09 17:04 - 00000000 ____D C:\SwSetup

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809.exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (3).exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (2).exe

2013-09-06 20:37 - 2013-09-06 20:37 - 03132200 _____ (Hewlett-Packard                                             ) C:\Users\Paul\Downloads\sp37809 (1).exe

2013-09-06 20:34 - 2012-08-07 15:02 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3535999486-3968760299-178579616-1000UA.job

2013-09-06 20:12 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (3).crx

2013-09-06 20:11 - 2013-09-06 20:11 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin (4).crx

2013-09-06 20:03 - 2013-09-06 19:58 - 09117374 _____ C:\Users\Paul\Downloads\lpchrome_bin.crx

2013-09-06 19:53 - 2011-05-02 13:09 - 00000000 ____D C:\Windows\Minidump

2013-09-06 18:45 - 2009-07-14 01:13 - 00799798 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-06 17:46 - 2013-09-06 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-09-06 17:46 - 2013-09-06 16:49 - 00000000 ____D C:\Users\Paul\Desktop\mbar

2013-09-06 16:47 - 2013-09-06 16:47 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Paul\Downloads\mbar-1.07.0.1005.exe

2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (8).ics

2013-09-06 16:42 - 2013-09-06 16:42 - 00001024 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (7).ics

2013-09-06 15:42 - 2013-09-06 15:42 - 03787264 _____ C:\Users\Paul\Desktop\RogueKillerX64.exe

2013-09-06 15:19 - 2013-09-06 15:19 - 03787264 _____ C:\Users\Paul\Downloads\RogueKillerX64.exe

2013-09-06 14:01 - 2013-09-06 14:01 - 00688992 ____R (Swearware) C:\Users\Paul\Desktop\dds.com

2013-09-06 12:59 - 2013-09-06 12:58 - 00714816 _____ C:\Users\Paul\Downloads\ZipOpenerSetup.exe

2013-09-06 12:59 - 2013-09-06 12:58 - 00007909 _____ C:\Users\Paul\Downloads\hijackthis.log

2013-09-06 12:52 - 2013-09-06 12:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (2).exe

2013-09-06 12:50 - 2013-09-06 12:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis (1).exe

2013-09-06 12:46 - 2013-09-06 12:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Paul\Downloads\HijackThis.exe

2013-09-06 11:28 - 2013-09-06 11:28 - 00000937 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (6).ics

2013-09-06 11:25 - 2013-09-06 11:25 - 00001017 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (5).ics

2013-09-05 19:12 - 2010-12-14 17:17 - 00000000 ____D C:\Users\Paul\Documents\Quickbooks backup

2013-09-05 18:24 - 2013-09-05 18:24 - 00001018 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (4).ics

2013-09-05 18:18 - 2013-09-05 18:18 - 00001015 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (3).ics

2013-09-05 10:15 - 2012-08-07 15:02 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3535999486-3968760299-178579616-1000Core.job

2013-09-05 10:14 - 2013-09-05 10:13 - 117478104 _____ C:\Users\Paul\Downloads\avast_free_antivirus_setup (2).exe

2013-09-04 23:34 - 2010-07-20 13:14 - 00000000 ____D C:\Users\Paul\Documents\CCleaner Registry backups

2013-09-04 23:33 - 2010-12-04 19:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-04 23:33 - 2010-12-04 19:10 - 00000000 ____D C:\Program Files\CCleaner

2013-09-04 23:32 - 2013-09-04 23:32 - 04454952 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup405.exe

2013-09-04 23:02 - 2013-09-04 23:02 - 00001022 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (1).ics

2013-09-04 23:02 - 2013-09-04 23:02 - 00000999 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15 (2).ics

2013-09-04 22:50 - 2013-09-04 22:50 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-09-04 22:36 - 2010-12-04 16:58 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Mozilla

2013-09-04 21:54 - 2013-06-13 12:13 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-04 21:54 - 2012-04-03 15:22 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-04 21:54 - 2011-06-01 08:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-04 16:36 - 2013-08-23 11:04 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proverb Teleprompter

2013-09-04 16:36 - 2009-07-14 03:45 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-09-04 16:32 - 2007-07-02 07:46 - 00000000 __RHD C:\MSOCache

2013-08-30 15:18 - 2013-08-30 15:18 - 00000996 _____ C:\Users\Paul\Downloads\b815a0752fb6b38bdf34a84f73c2f01e3ac15a15.ics

2013-08-30 03:48 - 2013-03-23 14:18 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-08-30 03:48 - 2013-03-23 14:18 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-08-30 03:48 - 2012-02-25 15:32 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-08-30 03:47 - 2012-02-25 15:32 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-08-30 03:47 - 2010-12-04 17:50 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-08-23 15:08 - 2013-08-23 15:08 - 00033005 _____ C:\Users\Paul\Desktop\Easy Prompter.html

2013-08-23 15:00 - 2013-08-23 15:00 - 11423543 _____ C:\Users\Paul\Downloads\PromptPClite.zip

2013-08-23 14:52 - 2013-08-23 14:52 - 00580269 _____ C:\Users\Paul\Downloads\setup.zip

2013-08-23 11:16 - 2010-12-04 17:41 - 00000000 ____D C:\Users\Paul\AppData\Local\Deployment

2013-08-22 16:10 - 2013-08-22 16:10 - 00000769 _____ C:\Users\Paul\Downloads\PrinterDiagnostic.diagcab

2013-08-16 13:24 - 2007-08-26 17:46 - 00000000 ____D C:\Users\Paul\Documents\My Data Sources

2013-08-16 13:16 - 2013-07-21 19:24 - 00000000 ____D C:\Windows\system32\MRT

2013-08-16 13:13 - 2010-12-05 17:08 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-16 12:37 - 2013-08-16 12:37 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-08-16 12:37 - 2013-08-16 12:37 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-08-16 12:36 - 2013-08-16 12:36 - 00784856 _____ (Google Inc.) C:\Users\Paul\Downloads\GoogleEarthPluginSetup.exe

2013-08-16 12:28 - 2013-08-14 12:19 - 00000000 _____ C:\Windows\setuperr.log

2013-08-10 18:27 - 2010-12-04 19:24 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-09-02 12:48

 

==================== End Of Log ===========================

 

Addition.txt

[prstark]

I'm quarantining and deleting this.

[MrCharlie]

Not seeing any malware, you do have these in place:

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1

-----------------------------------

How's the computer in safe mode??

MrC

[prstark]

Not sure what these are: 

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1

 

I can say that the system required me to update the malware programs this afternoon, as if they didn't exist (corrupted or not installed or some such message).

 

I was about to run fixdamage.exe. I haven't done that, but the system is as bad or worse than ever.

 

Regarding safe mode, it's looking like that's the only place I can do anything.

 

Thanks again.

[prstark]

I meant that the laptop is working for everything I'm asking of it in safe mode, except, of course, no internet--which would be nice in safe mode--but then I guess it wouldn't be "safe" mode  .

[MrCharlie]

I just noticed this driver is stopped: (you may want to check that out)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

http://www.systemlookup.com/Drivers/479-61883_sys.html

-----------------------------------------

Lets check for any adware:

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

-------------------------------------

I the would suggest you start uninstalling some of the programs on the system:

SUPERAntiSpyware to start with.

There's some left over from Ad-Aware:
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

There seems to be several tool bars also...not a big fan of them either.

 

You may want to uninstall Avast also.

---------------

Some things to try....MrC

[prstark]

I'm really afraid of AdwCleaner. Things were running well until I ran that. 

 

What am I supposed to use for virus protection if I uninstall Avast? Why should SuperAntiSpyware be removed? AdAware is from eons ago.

 

As for the toolbars, I think those are associated with Firefox and IE. I use Chrome, at least I did until I had to uninstall it again, but this time I have yet to be able to reinstall it.

 

I think if I had reformatted the drive and reinstalled all my apps I'd be done by now.

 

Thanks.

[MrCharlie]

I think if I had reformatted the drive and reinstalled all my apps I'd be done by now.

Good idea...MrC

[prstark]

I worked late on it last night. I did so much the past two days, I can't really remember what's made the difference. That said, it appears to be running well again. Programs are starting from all locations, uninstalled/reinstalled Chrome (again) working well with LastPass, reboots, sleep, hibernate all working. 

 

Perhaps it was the PUP and a missing or stopped HP driver (installed now) that affected two devices that made the difference. Thing is, it could go again at any time. If so, I will reformat and reinstall. It is an old-ish laptop. If it goes, as several other HP's have in the past, a recent "pepped up" model will be nice.

 

Hopefully I won't be posting back here anytime soon. If that's the case, thank you for your intensive and exhaustive assistance. I hope to make a small donation as soon as I can. I'm sure if everyone would make at least a small donation, your critical help would be more appropriately rewarded.

 

By the way, I used to live in Bergen County. Glad to be in NC now, however.

[prstark]

Just noticed, I have lost my audio--happened once before on another HP laptop.

[MrCharlie]

I'm really afraid of AdwCleaner. Things were running well until I ran that.
Don't run it then

What am I supposed to use for virus protection if I uninstall Avast? Why should SuperAntiSpyware be removed? AdAware is from eons ago.

Unless you can suggest something else to try....
They maybe corrupt and causing the problems
SAS is running all the time
You can re-install avast or install MSE instead:
http://windows.microsoft.com/en-us/windows/security-essentials-download
If you get the problem resolved, you can re-install SAS, you have Malwarebytes...I don't see any need for SAS though.

------------------------------------

Go to your device manager > View > Show hidden devices > non plug and play drivers
See if you can find the driver and start it.


S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

MrC
 

[prstark]

Update:

 

I uninstalled SAS and Avast (then reinstalled Avast only) and the laptop is operating well so far. This resulted in no stopped drivers in Device Manager (there were three). 

 

There isn't "S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]" anywhere on my laptop, particularly in C:\Program Files (x86). Not sure why it showed up in the report, but it doesn't appear to be an issue. I have no other Lavasoft software installed and haven't for years.

 

Restart, sleep, hibernate and wake-up all seem to be working OK so far. Programs are opening from all locations and running. Audio is restored.

 

Before all this and after my last post, the system reverted again to operating only in safe mode. 

 

So far, so good. However, please keep this thread open for a couple more days as I test further and just in case.   

 

Many thanks.

[MrCharlie]

OK......MrC

[prstark]

Things seem to be working fine on the laptop following the most recent measure taken. I suppose you can close this thread, if you like.

 

Thank you again for your excellent, first rate service. You saved my laptop and saved me a lot of money.

 

Paul 

[MrCharlie]

OK..But......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[prstark]

Okay. Thanks for the extra cleanup suggestion. Here's the report:

 

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Flash Player 11.8.800.168  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox 18.0.2 Firefox out of Date!  

 Google Chrome 29.0.1547.66  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log``````````````````````

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~

Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

Mozilla Firefox 18.0.2 Firefox out of Date! <----please check for an update if available

~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[prstark]

I can't find ComboFix. I think I may have unwittingly deleted it and have since emptied the Recycle Bin. Oops!

 

What actions should I take now to "delete its related folders and files, hide file extensions, hide the system/hidden files and clear System Restore cache and create new Restore point"?

 

Thanks.

[MrCharlie]

Download and run the uninstaller.

I don't think it will take care of these though:

hide file extensions, hide the system/hidden files and clear System Restore cache and create new Restore point"?

This will show you how to show hidden files, just reverse the procedure:
http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/


Create a new restore point:
http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/

Delete all but the last system restore point:
http://windows.microsoft.com/en-us/windows7/delete-a-restore-point

That should do it.

MrC

[prstark]

Still working on your "cleanup" items. Please wait until I post back before closing this thread.

 

Thx.

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[prstark]

Actually, I would appreciate more time. I've been sick for a few days and have not been able to complete your recommended clean up procedure.

Thx.

[MrCharlie]

OK, please keep me informed....MrC

[AdvancedSetup]

bump to keep current

[prstark]

Things seemed to going well, even after I uninstalled and reinstalled SuperAntiSpyware (which found over 200 adware items that were not detected by Malwarebytes). Then, after running OTC and rebooting, I had some issues again. I went to Control Panel to remove SAS again, but it's not there. The program is in fact on C:/Program Files.

 

This appeared to be at least one source of past issues. Now I guess I need to know how to uninstall it (running /uninstall from the Run box didn't work. It asked me if I wanted to uninstall "everything". I clicked yes but nothing happened. This was done in Normal mode).

 

Thanks again for help with the issue that refuses to die, at least partly due to my insistence to use SAS, apparently.