Jump to content

A problem that i need help with


Recommended Posts

when I started my laptop this morning it came up with a box Btv.stack.exe - I tried to open command prompt but I can't open that and then I tried to run Malwarebytes but that won't open and a box comes up with:

C:\program files (86)\Malwarebytes'Anti-Malware\mbam.exe and then it follows with a box that says: splwow64.exe

 

What can I do to fix it?

 

thanks

beepbeep

Link to post
Share on other sites

Run the following and post the produced logs..

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04
Ran by Mark (administrator) on MARK on 14-09-2013 16:47:42
Running from C:\Users\Mark\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2013 04
Ran by Mark at 2013-09-14 16:48:44
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (HKCU Version: 3.3.1.29812)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Amazon Kindle (HKCU)
Audacity 2.0.4 (x32 Version: 2.0.4)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
BitGuard (x32)
Broadcom Card Reader Driver Installer (Version: 15.4.7.1)
BrowserSafeguard (x32)
CCleaner (Version: 3.26)
CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52)
Delta Chrome Toolbar (x32)
Delta toolbar   (x32 Version: 1.8.24.6)
ETDWare PS/2-X64 11.6.8.001_WHQL (Version: 11.6.8.001)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
Identity Card (x32 Version: 2.00.3004)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Launch Manager (x32 Version: 7.0.5)
Live Updater (x32 Version: 2.00.3004)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00000)
Nero BackItUp (x32 Version: 12.0.0016)
Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.1000)
Nero ControlCenter (x32 Version: 11.0.14500.0.45)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003)
Nero Core Components (x32 Version: 11.0.16900.1.27)
Nero Express (x32 Version: 12.0.16001)
Nero Express Help (CHM) (x32 Version: 12.0.1000)
Nero Launcher (x32 Version: 12.0.3000)
Nero RescueAgent (x32 Version: 12.0.3001)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000)
Nero Update (x32 Version: 11.0.11500.28.0)
Packard Bell Device Fast-lane (Version: 1.00.3007)
Packard Bell Power Management (Version: 7.00.3006)
Packard Bell Recovery Management (Version: 6.00.3011)
Prerequisite installer (x32 Version: 12.0.0002)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
TheBestSpinner3 (x32)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)

==================== Restore Points  =========================

26-08-2013 12:14:21 Windows Update
04-09-2013 07:13:36 Scheduled Checkpoint
11-09-2013 09:46:22 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0044CDAC-B53A-418C-B38B-81603A895421} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {042853CB-8C48-4167-AE8B-5AAB5CF87FFE} - System32\Tasks\EPUpdater => C:\Users\Mark\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] ()
Task: {07C5B879-B332-40BB-9032-F1B3F5CF81FD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {07CF8222-D3D7-4A1D-8795-4FAF04176E77} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {128B9A8F-35B4-42FC-BE46-F337C858D473} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {194F557E-EFA8-4F3C-8671-6DE96E8D11BC} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {1A0F5502-EF45-49AB-ABC0-B582197339B7} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1978372828-636451710-408125832-1003 => C:\Windows\System32\portabledeviceapi.dll [2012-07-26] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1FAD35A1-4EA0-4D0D-9129-8CE3250C4433} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)
Task: {2913EA31-65B3-4774-83EC-DF68C58E7A53} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {2A34D15B-8149-4750-A2C3-43C493600980} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1978372828-636451710-408125832-1003
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {345B911D-2724-4F73-A288-79B211922A7C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5018B6E5-7FA6-4A44-90B6-169F1A920D19} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-08-30] ()
Task: {53EAF883-E70C-4CF0-A678-9D277D49AFAB} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {8684A4E2-B1FA-4693-9004-8054D5F9B622} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {96D7F16C-1280-49B8-90B1-58225BC71307} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01] (Google Inc.)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9C1842DE-362D-4E5A-85BF-832DC1539256} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {A5806938-884F-41D9-9AF1-66D6AAEB1D46} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2013-08-16] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D40A8E01-0DEE-47C9-9B0E-3F42A3C77094} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1978372828-636451710-408125832-1001
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E2DF7A62-D6B8-4A46-84B3-01931E605870} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1978372828-636451710-408125832-500
Task: {E4CA9E01-2C47-492E-BA2B-4D1705D27714} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-09-14] ()
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F4B76B82-C0BC-4CE3-A174-B63336E82A80} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-07-22 11:30 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE
2012-07-26 02:22 - 2012-07-26 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\IME\SHARED\IMEROAMING.DLL
2013-04-30 12:01 - 2013-03-02 03:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-01-07 15:12 - 2013-01-07 15:12 - 00252448 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2013-01-07 15:12 - 2013-01-07 15:12 - 00509984 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2012-07-26 00:57 - 2012-07-26 04:08 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
2012-07-26 00:59 - 2012-07-26 05:55 - 00033504 _____ (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-10-17 05:01 - 2012-06-11 04:28 - 12503184 _____ (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2013-01-07 15:12 - 2013-01-07 15:12 - 00171040 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe
2013-01-07 15:12 - 2013-01-07 15:12 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2013-01-07 15:12 - 2013-01-07 15:12 - 00399392 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe
2013-01-07 15:12 - 2013-01-07 15:12 - 00441888 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe
2012-09-05 11:29 - 2012-08-28 01:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-21 09:58 - 2013-06-21 09:58 - 19875432 ____R (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
2012-07-26 02:13 - 2012-07-26 04:08 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2013-09-14 16:45 - 2013-09-10 15:35 - 02845152 _____ () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
2013-05-18 08:17 - 2013-04-09 05:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-09-14 16:47 - 2013-09-14 16:47 - 01950312 _____ (Farbar) C:\Users\Mark\Downloads\FRST64(1).exe
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.dll
2013-09-12 07:35 - 2013-09-05 21:09 - 14395864 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
2013-01-01 14:29 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-01-01 14:29 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
2013-09-14 16:45 - 2013-09-10 15:34 - 02700768 _____ () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-08-18 12:04 - 2013-08-18 12:04 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 11:13:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 11:12:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 11:05:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 11:05:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:07:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:07:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:07:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:06:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:06:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2013 07:05:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MARK)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/14/2013 03:42:05 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/14/2013 03:42:15 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:05:13 on ‎14/‎09/‎2013 was unexpected.

Error: (09/14/2013 11:18:25 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/14/2013 11:17:58 AM) (Source: DCOM) (User: MARK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (09/14/2013 11:17:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/14/2013 11:17:55 AM) (Source: DCOM) (User: MARK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (09/14/2013 11:17:25 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/14/2013 11:16:58 AM) (Source: DCOM) (User: MARK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (09/14/2013 11:16:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/14/2013 11:16:55 AM) (Source: DCOM) (User: MARK)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3909.27 MB
Available physical RAM: 1945.05 MB
Total Pagefile: 4613.27 MB
Available Pagefile: 2691.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:446.19 GB) (Free:390.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FE6878C5)

Partition: GPT Partition Type
==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 04
Ran by Mark (administrator) on MARK on 15-09-2013 09:28:14
Running from C:\Users\Mark\Downloads
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(MC2Method.com) C:\Users\Mark\Downloads\MindFlasherText.exe
(BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Mark\Downloads\FRST64(2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMQA2ADcAMwAxADcAOAA4ADgAMwAtAEQARABUACsAMAAtAEYATAArADkALQBTAFQAOQAwAEYAQQBQAFAAKwAxAA"&"prod=90"&"ver=9.0.902 [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))
HKCU\...\Run: [subliminal Power] - C:\Program Files (x86)\Subliminal Power\Subliminal.exe /s
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [MindFlasher] - C:\Users\Mark\Downloads\MindFlasherText.exe [295424 2013-07-22] (MC2Method.com)
HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe [563200 2013-09-04] (BrowserSafeguard)
HKLM-x32\...\Run: [LManager] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49263;https=127.0.0.1:49263
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=8898164BF5A6F568&affID=121240&tsp=5005
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM - {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM-x32 - DefaultScope {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKLM-x32 - {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
SearchScopes: HKCU - DefaultScope {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8898164BF5A6F568&affID=121240&tsp=5005
SearchScopes: HKCU - {6F699FA9-8BFF-49BA-83C1-0B067BE380B5} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87177234-CF72-47C4-BA8D-7A239ABB17F4}&mid=ebf37969457947d09dc969c1a529aad6-18284b64c028a52bf8145a43c8a63f00f312ec43〈=us&ds=AVG&pr=fr&d=2013-01-01 10:44:25&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default
FF user.js: detected! => C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default\user.js
FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======


CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Skype Click to Call) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-17] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-17] (Dritek System Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-15 09:27 - 2013-09-15 09:27 - 01951102 _____ (Farbar) C:\Users\Mark\Downloads\FRST64(2).exe
2013-09-14 16:55 - 2013-09-14 16:55 - 00000000 ____D C:\Users\Mark\AppData\Local\avgchrome
2013-09-14 16:48 - 2013-09-14 16:49 - 00024139 _____ C:\Users\Mark\Downloads\Addition.txt
2013-09-14 16:47 - 2013-09-14 16:47 - 01950312 _____ (Farbar) C:\Users\Mark\Downloads\FRST64(1).exe
2013-09-14 16:47 - 2013-09-14 16:47 - 00000000 ____D C:\FRST
2013-09-14 16:45 - 2013-09-14 16:45 - 00003848 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-09-14 16:45 - 2013-09-14 16:45 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-09-14 16:44 - 2013-09-14 16:44 - 00001868 _____ C:\Users\Mark\Desktop\Search.lnk
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Babylon
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\ProgramData\Babylon
2013-09-14 16:43 - 2013-09-14 16:43 - 01950312 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-09-14 16:43 - 2013-09-14 16:43 - 01290904 _____ (ExpressInstaller) C:\Users\Mark\Downloads\Setup.exe
2013-09-14 16:42 - 2013-09-14 16:42 - 00761160 _____ (Reimage®) C:\Users\Mark\Downloads\ReimageRepair(1).exe
2013-09-14 16:41 - 2013-09-14 16:41 - 00761160 _____ (Reimage®) C:\Users\Mark\Downloads\ReimageRepair.exe
2013-09-14 15:47 - 2013-09-14 15:47 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 10:20 - 2013-09-14 10:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mark\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-13 20:12 - 2013-09-13 20:13 - 00050472 _____ C:\Users\Mark\Desktop\RealDose - Home.htm
2013-09-13 08:02 - 2013-09-13 08:03 - 00317520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 07:35 - 2013-09-05 21:09 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 07:35 - 2013-09-05 21:09 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 17:57 - 2013-09-11 17:57 - 00000000 ____D C:\Users\Mark\Desktop\Belinda_data
2013-09-11 16:19 - 2013-08-07 06:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-11 11:54 - 2013-09-11 18:00 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Audacity
2013-09-11 11:54 - 2013-09-11 11:54 - 00000979 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-09-11 11:54 - 2013-09-11 11:54 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-09-11 11:53 - 2013-09-11 11:53 - 22308174 _____ (Audacity Team                                               ) C:\Users\Mark\Downloads\audacity-win-2.0.4.exe
2013-09-11 11:40 - 2013-09-11 12:05 - 00000000 ____D C:\Users\Mark\Documents\WEBINAR
2013-09-11 10:21 - 2013-08-16 06:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 10:21 - 2013-08-16 06:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 10:21 - 2013-08-16 06:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 10:21 - 2013-08-16 06:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 10:21 - 2013-08-16 06:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 10:21 - 2013-08-16 06:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 10:21 - 2013-08-16 06:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 10:21 - 2013-08-16 06:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 10:21 - 2013-08-16 06:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 10:21 - 2013-08-15 23:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 10:20 - 2013-08-21 05:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 10:20 - 2013-08-21 05:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 10:20 - 2013-08-21 03:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 10:20 - 2013-08-16 06:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 10:20 - 2013-08-16 06:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 10:20 - 2013-08-16 06:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 10:20 - 2013-08-16 06:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 10:20 - 2013-08-16 06:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 10:20 - 2013-08-15 23:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 10:20 - 2013-08-15 23:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 10:20 - 2013-08-15 23:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 10:20 - 2013-08-15 23:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 10:19 - 2013-08-21 05:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 10:19 - 2013-08-21 05:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 10:19 - 2013-08-21 05:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 10:19 - 2013-08-21 05:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 10:19 - 2013-08-21 03:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 10:19 - 2013-08-21 03:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 10:19 - 2013-08-21 03:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 10:19 - 2013-08-21 03:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 10:19 - 2013-08-21 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 10:19 - 2013-08-21 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 10:19 - 2013-08-21 00:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 10:19 - 2013-08-03 05:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:19 - 2013-07-09 09:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 10:19 - 2013-07-09 07:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 10:19 - 2013-07-09 05:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 10:19 - 2013-07-09 04:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 10:19 - 2013-07-08 23:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 10:19 - 2013-07-08 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 10:19 - 2013-07-08 23:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 10:19 - 2013-07-08 23:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 10:19 - 2013-07-06 01:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 10:19 - 2013-07-03 01:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 10:19 - 2013-07-03 01:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 10:19 - 2013-07-03 01:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 10:19 - 2013-07-03 01:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 10:19 - 2013-07-03 01:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 10:19 - 2013-07-03 01:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 10:19 - 2013-07-03 01:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 10:19 - 2013-07-01 23:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 10:19 - 2013-06-30 23:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 10:19 - 2013-06-30 23:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 10:19 - 2013-06-29 07:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 10:19 - 2013-06-29 07:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 10:19 - 2013-06-29 06:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 10:19 - 2013-06-29 02:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 10:19 - 2013-06-26 04:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 10:19 - 2013-06-26 03:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-11 10:19 - 2013-06-24 23:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 10:19 - 2013-06-24 23:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 10:19 - 2013-06-24 23:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 10:19 - 2013-06-19 06:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 10:19 - 2013-06-19 06:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 10:19 - 2013-06-18 23:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 10:19 - 2013-06-18 23:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 10:19 - 2013-06-12 00:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 10:19 - 2013-06-12 00:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 10:19 - 2013-06-10 22:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 10:19 - 2013-06-10 20:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 10:19 - 2013-06-10 20:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 10:19 - 2013-06-10 20:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 10:19 - 2013-06-10 20:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 10:19 - 2013-06-10 20:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 10:19 - 2013-06-10 20:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 10:19 - 2013-06-06 09:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-09 12:13 - 2013-09-09 12:13 - 00094926 _____ C:\Users\Mark\Desktop\Jon Loomer Digital  For Advanced Facebook Marketers.htm
2013-09-05 17:16 - 2013-09-14 09:37 - 00000000 ____D C:\Users\Mark\Documents\Belinda
2013-08-30 08:31 - 2013-08-30 08:31 - 00064641 _____ C:\Users\Mark\Desktop\The Truth About Selling.htm
2013-08-26 13:16 - 2013-09-11 10:48 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 12:56 - 2013-07-02 01:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-26 12:56 - 2013-07-01 23:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-26 12:55 - 2013-07-09 07:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-26 12:55 - 2013-05-24 00:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-26 12:55 - 2013-05-23 23:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-26 12:53 - 2013-07-13 07:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-26 12:53 - 2013-07-13 07:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-26 12:53 - 2013-07-13 07:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-26 12:53 - 2013-07-13 07:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-26 12:53 - 2013-07-13 07:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-26 12:53 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-26 12:53 - 2013-07-13 05:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-26 12:53 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-26 12:53 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-20 11:40 - 2013-08-20 16:08 - 00000022 _____ C:\Users\Mark\Downloads\fwf.zip
2013-08-20 08:52 - 2013-08-20 08:52 - 00038093 _____ C:\Users\Mark\Desktop\Super Fast Business Success with James Schramko —.htm
2013-08-18 12:04 - 2013-08-18 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-15 09:27 - 2013-09-15 09:27 - 01951102 _____ (Farbar) C:\Users\Mark\Downloads\FRST64(2).exe
2013-09-15 09:27 - 2013-05-14 12:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-09-15 09:10 - 2012-07-26 08:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 09:08 - 2013-01-01 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 09:03 - 2013-07-22 13:44 - 00000188 _____ C:\Users\Mark\Downloads\MindFlasherText.ini
2013-09-15 09:03 - 2013-02-05 15:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-15 09:02 - 2013-05-01 20:18 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-15 09:02 - 2013-01-30 09:02 - 00000372 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-09-15 09:02 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 21:01 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-09-14 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-14 19:43 - 2013-05-01 20:18 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 16:55 - 2013-09-14 16:55 - 00000000 ____D C:\Users\Mark\AppData\Local\avgchrome
2013-09-14 16:49 - 2013-09-14 16:48 - 00024139 _____ C:\Users\Mark\Downloads\Addition.txt
2013-09-14 16:47 - 2013-09-14 16:47 - 01950312 _____ (Farbar) C:\Users\Mark\Downloads\FRST64(1).exe
2013-09-14 16:47 - 2013-09-14 16:47 - 00000000 ____D C:\FRST
2013-09-14 16:45 - 2013-09-14 16:45 - 00003848 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-09-14 16:45 - 2013-09-14 16:45 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-09-14 16:44 - 2013-09-14 16:44 - 00001868 _____ C:\Users\Mark\Desktop\Search.lnk
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Babylon
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-14 16:44 - 2013-09-14 16:44 - 00000000 ____D C:\ProgramData\Babylon
2013-09-14 16:43 - 2013-09-14 16:43 - 01950312 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-09-14 16:43 - 2013-09-14 16:43 - 01290904 _____ (ExpressInstaller) C:\Users\Mark\Downloads\Setup.exe
2013-09-14 16:42 - 2013-09-14 16:42 - 00761160 _____ (Reimage®) C:\Users\Mark\Downloads\ReimageRepair(1).exe
2013-09-14 16:41 - 2013-09-14 16:41 - 00761160 _____ (Reimage®) C:\Users\Mark\Downloads\ReimageRepair.exe
2013-09-14 15:47 - 2013-09-14 15:47 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 15:47 - 2013-01-01 14:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 10:20 - 2013-09-14 10:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mark\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-14 09:37 - 2013-09-05 17:16 - 00000000 ____D C:\Users\Mark\Documents\Belinda
2013-09-14 07:16 - 2013-02-05 15:04 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-13 20:13 - 2013-09-13 20:12 - 00050472 _____ C:\Users\Mark\Desktop\RealDose - Home.htm
2013-09-13 16:54 - 2012-07-26 06:26 - 00390896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2013-09-13 08:03 - 2013-09-13 08:02 - 00317520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 10:54 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-09-11 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-09-11 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-09-11 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\en-GB
2013-09-11 21:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-11 21:00 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-11 18:00 - 2013-09-11 11:54 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Audacity
2013-09-11 17:57 - 2013-09-11 17:57 - 00000000 ____D C:\Users\Mark\Desktop\Belinda_data
2013-09-11 12:05 - 2013-09-11 11:40 - 00000000 ____D C:\Users\Mark\Documents\WEBINAR
2013-09-11 11:54 - 2013-09-11 11:54 - 00000979 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-09-11 11:54 - 2013-09-11 11:54 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-09-11 11:53 - 2013-09-11 11:53 - 22308174 _____ (Audacity Team                                               ) C:\Users\Mark\Downloads\audacity-win-2.0.4.exe
2013-09-11 10:48 - 2013-08-26 13:16 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:47 - 2013-01-01 14:02 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 10:23 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-10 18:08 - 2013-01-01 14:17 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-09 12:13 - 2013-09-09 12:13 - 00094926 _____ C:\Users\Mark\Desktop\Jon Loomer Digital  For Advanced Facebook Marketers.htm
2013-09-08 19:11 - 2013-01-04 18:51 - 00000000 ____D C:\Users\Mark\Desktop\Parris-13
2013-09-06 15:12 - 2013-01-01 12:48 - 00000000 ____D C:\Users\Mark\Documents\Parris-1
2013-09-05 21:09 - 2013-09-12 07:35 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 21:09 - 2013-09-12 07:35 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-05 20:16 - 2013-02-27 13:04 - 00051712 ___SH C:\Users\Mark\Documents\Thumbs.db
2013-09-05 20:15 - 2013-01-01 12:19 - 00000000 ____D C:\Users\Mark\Documents\NEIL ASHER
2013-09-04 19:47 - 2013-05-01 20:18 - 00002155 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-30 10:18 - 2013-01-29 12:08 - 00000000 ____D C:\Users\Mark\Documents\11th Element
2013-08-30 08:48 - 2013-05-01 15:07 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 08:48 - 2013-05-01 15:07 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 08:48 - 2013-05-01 15:07 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 08:48 - 2013-02-05 15:04 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 08:48 - 2013-02-05 15:04 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 08:48 - 2013-02-05 15:04 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 08:48 - 2013-02-05 15:04 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 08:48 - 2013-02-05 15:04 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 08:47 - 2013-02-05 15:04 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 08:47 - 2013-02-05 15:04 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 08:31 - 2013-08-30 08:31 - 00064641 _____ C:\Users\Mark\Desktop\The Truth About Selling.htm
2013-08-29 15:34 - 2013-01-01 12:19 - 00000000 ____D C:\Users\Mark\Documents\Mark Pocock
2013-08-27 17:48 - 2013-04-08 09:08 - 00000000 ____D C:\Users\Mark\Documents\eye exercises
2013-08-27 11:15 - 2013-01-01 12:19 - 00000000 ____D C:\Users\Mark\Documents\Marcella Swipes
2013-08-27 08:34 - 2013-01-01 12:17 - 00000000 ____D C:\Users\Mark\Documents\Alexi
2013-08-26 21:54 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-26 21:54 - 2012-07-26 09:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-26 21:54 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-26 21:54 - 2012-07-26 09:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-22 19:24 - 2013-05-14 12:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-22 11:56 - 2013-06-22 17:27 - 00000000 ____D C:\Users\Mark\AppData\Local\Microsoft Help
2013-08-21 05:12 - 2013-09-11 10:19 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 05:12 - 2013-09-11 10:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 05:11 - 2013-09-11 10:20 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 05:11 - 2013-09-11 10:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 05:11 - 2013-09-11 10:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 03:34 - 2013-09-11 10:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 03:06 - 2013-09-11 10:19 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 03:06 - 2013-09-11 10:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 03:06 - 2013-09-11 10:19 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-21 03:05 - 2013-09-11 10:20 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 03:05 - 2013-09-11 10:19 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 02:43 - 2013-09-11 10:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 00:52 - 2013-09-11 10:19 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-20 16:08 - 2013-08-20 11:40 - 00000022 _____ C:\Users\Mark\Downloads\fwf.zip
2013-08-20 08:52 - 2013-08-20 08:52 - 00038093 _____ C:\Users\Mark\Desktop\Super Fast Business Success with James Schramko —.htm
2013-08-19 05:58 - 2013-01-01 11:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 12:04 - 2013-08-18 12:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 06:41 - 2013-09-11 10:20 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-08-16 06:39 - 2013-09-11 10:21 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-08-16 06:39 - 2013-09-11 10:20 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-08-16 06:32 - 2013-09-11 10:21 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-08-16 06:22 - 2013-09-11 10:21 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-08-16 06:22 - 2013-09-11 10:20 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-08-16 06:21 - 2013-09-11 10:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-08-16 06:21 - 2013-09-11 10:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-08-16 06:21 - 2013-09-11 10:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-08-16 06:21 - 2013-09-11 10:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-08-16 06:21 - 2013-09-11 10:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-08-16 06:21 - 2013-09-11 10:20 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-08-16 06:20 - 2013-09-11 10:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-01-02 07:22] - [2012-09-20 05:10] - 1126912 ____A (Microsoft Corporation) 82DC81A069759FE726E274F0ADC8D606

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-10 06:29

==================== End Of Log ============================

Link to post
Share on other sites

when I started my laptop this morning it came up with a box Btv.stack.exe


You have a BlueTooth device set to run at start up, is this related to Skype or similar....

Next,

Uninstall the following BrowserSafeguard > select start > type uninstall a program into the search box, seletc enter. Installed programs list will populate. Select BrowserSafeguard then Uninstall.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



Next,

Run Malwarebytes, check for updates and run Quick scan, post log....

Kevin

Link to post
Share on other sites

# AdwCleaner v3.004 - Report created 15/09/2013 at 15:25:55
# Updated 15/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Mark - MARK
# Running from : C:\Users\Mark\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Users\Mark\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Mark\AppData\Roaming\Babylon
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default\user.js
File Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\53ed7d1b73be543
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\w6u0r3yc.default\prefs.js ]

Line Deleted : user_pref("CT3289075.installerVersion", "1.4.2.3");

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "88983792000000000000164bf5a6f568");
Line Deleted : user_pref("extensions.delta.instlDay", "15962");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.616:45:09");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121240&tsp=5005");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [6628 octets] - [15/09/2013 14:25:40]
AdwCleaner[R1].txt - [6688 octets] - [15/09/2013 14:28:18]
AdwCleaner[s0].txt - [6132 octets] - [15/09/2013 15:25:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6192 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.14.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Mark :: MARK [administrator]

15/09/2013 18:15:31
mbam-log-2013-09-15 (18-15-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444516
Time elapsed: 55 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Mark\Downloads\Setup(1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Mark\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

Good to hear, we need to run an online AV scan to be sure we`ve missed nothing.

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs...

 

Thank you,

 

Kevin

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
Windows Defender  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Flash Player  11.8.800.168 
 Adobe Reader XI 
 Mozilla Firefox (23.0.1)
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Thanks for the logs, ok continue:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\BExternal.dllC:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\IEHelper.dllC:\Users\Mark\Downloads\FRST64(2).exeC:\Users\Mark\Downloads\FRST64(1).exeC:\FRST:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Post log from OTM, Let me know if any remaining issues or concerns... Also your AV program (Avast) is showing outdated, that will need updating ASAP...

 

Kevin

Link to post
Share on other sites

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mark\Desktop\cmd.bat deleted successfully.
C:\Users\Mark\Desktop\cmd.txt deleted successfully.
DllUnregisterServer procedure not found in C:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\BExternal.dll
C:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\BExternal.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\IEHelper.dll
C:\Users\Mark\AppData\Local\Temp\3FE1ED05-BAB0-7891-9D82-99EFABF9E447\Latest\IEHelper.dll moved successfully.
File/Folder C:\Users\Mark\Downloads\FRST64(2).exe not found.
C:\Users\Mark\Downloads\FRST64(1).exe moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mark
->Temp folder emptied: 6427267 bytes
->Temporary Internet Files folder emptied: 44197355 bytes
->FireFox cache emptied: 7022583 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 515 bytes
 
User: Mark Pocock
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715504 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1248382 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 456443 bytes
RecycleBin emptied: 58545953 bytes
 
Total Files Cleaned = 114.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09182013_123352

Files moved on Reboot...
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\Mark\aipflib.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\Mark\LMutilps32.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Thanks for the update, I assume the system rebooted after running OTM... Do the following:

 


Double-click OTM.exe to run it. Windows 7/8 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

If no remaining issues you should be good to go...

here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.