Jump to content

Recommended Posts

Do the following..

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs...

 

Kevin

Link to post
Share on other sites

Kevin,

My computer is warning me that frst.exe (farbar recovery tool) is a very bad virus. 

 

Here is the adware cleaner:

 

# AdwCleaner v3.004 - Report created 19/09/2013 at 08:04:01
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Admin - MOM-PC
# Running from : C:\Users\Mom\Downloads\AdwCleaner (2).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aptoei79.default\prefs.js ]

[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\prefs.js ]

[ File : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\3lfc2wnn.default\prefs.js ]

[ File : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\4296iho8.default\prefs.js ]

[ File : C:\Users\john.MOM-PC\AppData\Roaming\Mozilla\Firefox\Profiles\31ftd9q4.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\john.MOM-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9512 octets] - [18/09/2013 18:28:57]
AdwCleaner[R1].txt - [1694 octets] - [19/09/2013 08:04:01]
AdwCleaner[s0].txt - [9560 octets] - [18/09/2013 18:30:53]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1814 octets] ##########

Link to post
Share on other sites

Farbar removal tool scan:

 

 

additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013

Ran by Mom at 2013-09-19 10:13:24

Running from C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIWRC016

Boot Mode: Normal

==========================================================

 

==================== Installed Programs =======================

Adobe AIR (x32 Version: 2.6.0.19140)

Adobe Community Help (x32 Version: 3.5.23)

Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Photoshop Elements 10 (x32 Version: 10.0)

Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07)

Adobe Reader X (10.1.4) (x32 Version: 10.1.4)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)

Amazon Kindle (HKCU)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.0.0.59)

Apple Software Update (x32 Version: 2.1.3.127)

Bonjour (Version: 3.0.0.10)

CameraHelperMsi (x32 Version: 13.25.1010.0)

Canon MX360 series MP Drivers

CCleaner (Version: 3.23)

Coupon Printer for Windows (x32 Version: 5.0.0.1)

Elements 10 Organizer (x32 Version: 10.0)

erLT (x32 Version: 1.20.138.34)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

Google Chrome (x32 Version: 29.0.1547.66)

Google Earth (x32 Version: 7.1.1.1888)

HiJackThis (x32 Version: 1.0.0)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)

Intel® Network Connections 16.2.49.0 (Version: 16.2.49.0)

Internet TV for Windows Media Center (x32 Version: 4.2.2.0)

iTunes (Version: 10.7.0.21)

Java Auto Updater (x32 Version: 2.0.6.1)

Java 6 Update 29 (x32 Version: 6.0.290)

Join Me Drivers (x32 Version: 1.0.0)

Lexmark Printable Web (x32 Version: 1.0.0.0)

Lexmark Toolbar (x32 Version: 4.0.53.0)

Logitech Vid HD (x32 Version: 7.2 (7248))

Logitech Webcam Software (x32 Version: 2.0)

LWS Facebook (x32 Version: 13.20.1166.0)

LWS Gallery (x32 Version: 13.20.1166.0)

LWS Help_main (x32 Version: 13.25.1016.0)

LWS Launcher (x32 Version: 13.20.1166.0)

LWS Motion Detection (x32 Version: 13.20.1176.0)

LWS Pictures And Video (x32 Version: 13.25.1010.0)

LWS Twitter (x32 Version: 13.20.1166.0)

LWS Video Mask Maker (x32 Version: 13.10.1216.0)

LWS VideoEffects (Version: 13.25.1005.0)

LWS Webcam Software (x32 Version: 13.20.1168.0)

LWS WLM Plugin (x32 Version: 1.20.1166.0)

LWS YouTube Plugin (x32 Version: 13.20.1166.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)

Mozilla Maintenance Service (x32 Version: 21.0)

Musicnotes Software Suite 1.5.5 (x32 Version: 1.5.5)

OpenOffice.org 3.3 (x32 Version: 3.3.9567)

Organizer Pro (x32 Version: 7.1)

Print Artist Platinum 24 (x32 Version: 24.0.1.2)

PSE10 STI Installer (x32 Version: 10.0)

QuickTime (x32 Version: 7.74.80.86)

Skype Click to Call (x32 Version: 6.10.13089)

Skype™ 6.7 (x32 Version: 6.7.102)

Support.com Toolbar Updater (HKCU Version: 1.2.2.23821)

System Requirements Lab for Intel (x32 Version: 4.4.24.0)

TI Connect 1.6 (x32 Version: 1.6)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (Version: 06/11/2009 1.0.0.0)

Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (Version: 09/02/2009 1.0.0.1)

Windows Media Center Add-in for Flash (x32 Version: 4.1.2.0)

ZTE Handset USB Driver

==================== Restore Points =========================

Could not list Restore Points.

 

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-09-18 10:07 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3106701223-18515579-3227075305-1001Core.job => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3106701223-18515579-3227075305-1001UA.job => C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-13 19:54 - 2013-09-13 19:54 - 00529288 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.dll

==================== Alternate Data Streams (whitelisted) ==========

 

 

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard

Description: Standard PS/2 Keyboard

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

==================== Event log errors: =========================

Application errors:

==================

Error: (09/18/2013 02:15:54 PM) (Source: Application Hang) (User: )

Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9d8

Start Time: 01ceb4b3b1dd850b

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service cannot open the Jet property store.

 

Details:

0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

 

System errors:

=============

Error: (09/18/2013 05:36:33 PM) (Source: BugCheck) (User: )

Description: 0x0000006b (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP091813-20966-01

Error: (09/18/2013 00:47:16 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:

%%1056

Error: (09/18/2013 00:46:44 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/18/2013 00:46:44 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (09/18/2013 00:29:57 PM) (Source: Service Control Manager) (User: )

Description: The Update lucky leap service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/15/2013 08:56:34 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/15/2013 08:56:34 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2013 07:52:54 AM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2013 07:52:51 AM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/09/2013 07:00:39 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Microsoft Office Sessions:

=========================

Error: (09/18/2013 02:15:54 PM) (Source: Application Hang)(User: )

Description: IEXPLORE.EXE10.0.9200.166869d801ceb4b3b1dd850b31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2013 00:46:44 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

Element not found. (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Details:

The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service)(User: )

Description:

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

4700

Error: (09/18/2013 00:46:42 PM) (Source: Windows Search Service)(User: )

Description:

Details:

0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

 

CodeIntegrity Errors:

===================================

Date: 2011-05-07 10:03:22.644

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:22.610

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:22.118

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\Support\10-02_legacy_xp32-64_dd_ccc\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:22.083

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\Support\10-02_legacy_xp32-64_dd_ccc\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:21.683

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:21.648

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:21.365

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\Support\10-02_legacy_xp32-64_dd_ccc\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 10:03:21.330

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ATI\Support\10-02_legacy_xp32-64_dd_ccc\BIN\aticd64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 09:54:32.015

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-07 09:54:31.975

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\ATICDSDr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

==================== Memory info ===========================

Percentage of memory in use: 46%

Total physical RAM: 4031.31 MB

Available physical RAM: 2162.41 MB

Total Pagefile: 8060.8 MB

Available Pagefile: 5453.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:229.19 GB) NTFS

Drive d: (SN 1-3) (CDROM) (Total:5.73 GB) (Free:0 GB) UDF

Drive f: (My Book) (Fixed) (Total:931.28 GB) (Free:827.55 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Link to post
Share on other sites

I think I found it.  I hope this is it.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01

Ran by Mom (ATTENTION: The logged in user is not administrator) on MOM-PC on 19-09-2013 14:20:47

Running from C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIWRC016

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Facebook Inc.) C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_174_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Farbar) C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIWRC016\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1

HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1

HKCU\...\Run: [Facebook Update] - C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-30] (Facebook Inc.)

HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-12] (Logitech Inc.)

HKCU\...\Run: [startNow Search Protect] - "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

MountPoints2: {00cf5b57-677e-11e0-80d1-000ffe88aa91} - E:\LaunchU3.exe -a

MountPoints2: {240bc4a8-7f20-11e2-b4fa-000ffe88aa91} - G:\AutoRun.exe

MountPoints2: {2c1b711e-a66c-11e1-9a96-000ffe88aa91} - E:\LaunchU3.exe -a

MountPoints2: {7d89c0c7-4f80-11e2-8e6c-000ffe88aa91} - E:\AutoRun.exe

MountPoints2: {da36f3cb-8d4c-11e0-8b40-000ffe88aa91} - E:\LaunchU3.exe -a

MountPoints2: {e210ecd2-163f-11e1-a6ec-000ffe88aa91} - E:\LaunchU3.exe

HKLM-x32\...\Run: [atr.exe] - [x]

Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0B8CF565D2FCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKLM - DefaultScope value is missing.

BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll ()

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{DC2CADFE-A1E9-4CA6-B73B-F7623C2D7128}: [NameServer]208.67.222.222,208.67.220.220

FireFox:

========

FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Extension: urchisycme - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\urchisycme@urchisycme.org.xpi

FF Extension: No Name - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR Extension: (Skype Click to Call) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0

CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Admin\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-22] (HandSet Incorporated)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129432 2011-08-22] (ZTE Incorporated)

S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-22] (ZTE Incorporated)

S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129432 2011-08-22] (ZTE Incorporated)

S3 ATICDSDr; \??\C:\Users\Admin\AppData\Local\Temp\ATICDSDr.sys [x]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

2013-09-19 10:12 - 2013-09-19 10:12 - 00000000 ____D C:\FRST

2013-09-19 10:00 - 2013-09-19 10:00 - 00002845 _____ C:\Users\Mom\Desktop\FSS.txt

2013-09-19 08:37 - 2013-09-19 14:17 - 01950622 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe

2013-09-19 08:03 - 2013-09-19 08:03 - 00013510 _____ C:\Users\Mom\Desktop\AdwCleaner (2) - Shortcut.lnk

2013-09-19 08:01 - 2013-09-19 08:03 - 01039554 _____ C:\Users\Mom\Downloads\AdwCleaner (2).exe

2013-09-19 08:01 - 2013-09-19 08:01 - 00000000 _____ C:\Users\Mom\Downloads\AdwCleaner (1).exe.vh3xg21.partial

2013-09-18 20:17 - 2013-09-18 20:17 - 00008253 _____ C:\Users\Mom\Desktop\hijackthis.log

2013-09-18 18:49 - 2013-09-18 18:49 - 00002965 _____ C:\Users\Mom\Desktop\HiJackThis.lnk

2013-09-18 18:49 - 2013-09-18 18:49 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2013-09-18 18:49 - 2013-09-18 18:49 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-09-18 18:28 - 2013-09-19 09:16 - 00000000 ____D C:\AdwCleaner

2013-09-18 17:36 - 2013-09-18 17:36 - 206190127 _____ C:\Windows\MEMORY.DMP

2013-09-18 13:13 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMXLMAK.DLL

2013-09-18 13:12 - 2013-09-18 18:14 - 00000000 ___HD C:\Program Files\CanonBJ

2013-09-18 12:44 - 2013-09-19 14:05 - 00000392 _____ C:\Windows\setupact.log

2013-09-18 12:44 - 2013-09-18 12:44 - 00009354 _____ C:\Windows\PFRO.log

2013-09-18 12:44 - 2013-09-18 12:44 - 00000000 _____ C:\Windows\setuperr.log

2013-09-18 12:17 - 2013-05-07 23:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2013-09-18 12:17 - 2013-05-07 23:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2013-09-18 12:16 - 2013-07-04 00:11 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll

2013-09-18 12:16 - 2013-07-04 00:11 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll

2013-09-18 09:25 - 2013-09-18 09:25 - 01039554 _____ C:\Users\Mom\Downloads\adwcleaner.exe

2013-09-17 10:05 - 2013-09-17 10:05 - 00017854 _____ C:\Users\Mom\Desktop\cookie dough bites.odt

2013-09-15 20:55 - 2013-09-18 18:18 - 00000000 ____D C:\Users\john.MOM-PC\AppData\Roaming\Skype

2013-09-13 13:27 - 2013-09-13 13:27 - 06148179 _____ C:\Users\Mom\Desktop\Diana Rader dialect project 2013.mp4

2013-09-11 19:47 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-11 19:47 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-11 19:47 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-11 19:47 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-11 19:47 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-11 19:47 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-11 19:47 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-11 19:47 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-11 19:47 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-11 19:47 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-11 19:47 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-11 19:47 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-11 19:47 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-11 19:47 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-11 19:47 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 19:46 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-11 19:46 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-11 19:46 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-11 19:46 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-11 19:46 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-11 19:46 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-11 19:46 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-11 19:46 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-11 19:46 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-11 19:46 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-11 19:46 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-11 15:12 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-11 15:12 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-11 15:12 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-11 15:12 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-11 15:12 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-11 15:12 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-11 15:12 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-11 15:12 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-11 15:12 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-11 15:12 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-11 15:12 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-11 15:12 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-11 15:12 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-11 15:12 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-11 15:12 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-11 15:12 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-11 15:12 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-11 15:12 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-11 15:12 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-11 15:12 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-11 15:12 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-11 15:12 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 15:12 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-11 15:12 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-11 15:12 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-11 15:12 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-11 15:12 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-10 23:10 - 2013-09-10 23:10 - 00021141 _____ C:\Users\Mom\Desktop\asl unit 1.odt

2013-09-09 19:02 - 2013-09-09 19:25 - 22754289 _____ C:\Users\Mom\Downloads\2011-09-016-flecks-of-gold-360p-eng.mp4

2013-09-09 14:06 - 2013-09-09 14:06 - 00763878 _____ C:\Users\Mom\Downloads\The__28Honest_29_Truth.epub

2013-09-09 13:33 - 2013-09-18 18:18 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2013-09-09 13:33 - 2013-09-09 14:09 - 00000000 ____D C:\Users\Mom\Documents\My Kindle Content

2013-09-09 13:33 - 2013-09-09 13:33 - 00002215 _____ C:\Users\Mom\Desktop\Kindle.lnk

2013-09-09 13:32 - 2013-09-18 18:15 - 00000000 ____D C:\Users\Mom\AppData\Local\Amazon

2013-09-09 13:32 - 2013-09-09 13:32 - 38103832 _____ (Amazon.com) C:\Users\Mom\Downloads\KindleForPC-installer.exe

2013-09-06 15:31 - 2013-09-18 18:18 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-09-06 15:29 - 2013-09-06 15:29 - 41404760 _____ (Apple Inc.) C:\Users\Mom\Downloads\QuickTimeInstaller(3).exe

2013-09-06 15:28 - 2013-09-06 15:28 - 41404760 _____ (Apple Inc.) C:\Users\Mom\Downloads\QuickTimeInstaller(2).exe

2013-09-06 14:24 - 2013-09-06 14:15 - 22309232 _____ C:\Users\Mom\accent project 1.mp4

2013-09-06 12:43 - 2013-09-06 13:09 - 00362029 _____ C:\Users\Mom\Desktop\sqlite3.dll

2013-08-26 11:58 - 2013-08-19 09:00 - 00019516 _____ C:\Users\Mom\Documents\cups diet.odt

2013-08-26 11:55 - 2013-08-26 11:55 - 00000000 ____D C:\Users\Mom\Desktop\John

2013-08-26 11:54 - 2013-08-06 09:38 - 00488974 _____ C:\Users\Mom\Documents\babboons.odt

2013-08-26 11:53 - 2013-08-28 11:39 - 00000000 ____D C:\Users\Mom\Desktop\Meal planning

2013-08-20 10:04 - 2013-08-26 11:54 - 00000000 ____D C:\Users\Mom\Desktop\relief society

==================== One Month Modified Files and Folders =======

2013-09-19 14:17 - 2013-09-19 08:37 - 01950622 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe

2013-09-19 14:16 - 2011-08-13 11:19 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3106701223-18515579-3227075305-1001UA.job

2013-09-19 14:16 - 2011-08-13 11:19 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3106701223-18515579-3227075305-1001Core.job

2013-09-19 14:16 - 2011-04-09 22:20 - 01442985 _____ C:\Windows\WindowsUpdate.log

2013-09-19 14:12 - 2009-07-13 21:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-19 14:12 - 2009-07-13 21:45 - 00014976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-19 14:05 - 2013-09-18 12:44 - 00000392 _____ C:\Windows\setupact.log

2013-09-19 14:05 - 2011-06-17 20:19 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-19 14:05 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-19 10:12 - 2013-09-19 10:12 - 00000000 ____D C:\FRST

2013-09-19 10:00 - 2013-09-19 10:00 - 00002845 _____ C:\Users\Mom\Desktop\FSS.txt

2013-09-19 09:54 - 2012-12-12 18:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-19 09:23 - 2011-06-17 20:19 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-19 09:16 - 2013-09-18 18:28 - 00000000 ____D C:\AdwCleaner

2013-09-19 08:03 - 2013-09-19 08:03 - 00013510 _____ C:\Users\Mom\Desktop\AdwCleaner (2) - Shortcut.lnk

2013-09-19 08:03 - 2013-09-19 08:01 - 01039554 _____ C:\Users\Mom\Downloads\AdwCleaner (2).exe

2013-09-19 08:01 - 2013-09-19 08:01 - 00000000 _____ C:\Users\Mom\Downloads\AdwCleaner (1).exe.vh3xg21.partial

2013-09-18 20:17 - 2013-09-18 20:17 - 00008253 _____ C:\Users\Mom\Desktop\hijackthis.log

2013-09-18 18:49 - 2013-09-18 18:49 - 00002965 _____ C:\Users\Mom\Desktop\HiJackThis.lnk

2013-09-18 18:49 - 2013-09-18 18:49 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2013-09-18 18:49 - 2013-09-18 18:49 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2013-09-18 18:18 - 2013-09-15 20:55 - 00000000 ____D C:\Users\john.MOM-PC\AppData\Roaming\Skype

2013-09-18 18:18 - 2013-09-09 13:33 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2013-09-18 18:18 - 2013-09-06 15:31 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-09-18 18:18 - 2013-05-24 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-18 18:18 - 2013-04-30 16:11 - 00000000 ____D C:\Users\john.MOM-PC

2013-09-18 18:18 - 2011-06-01 10:06 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-18 18:18 - 2011-06-01 10:06 - 00000000 ____D C:\ProgramData\Skype

2013-09-18 18:18 - 2011-04-23 12:11 - 00000000 ____D C:\Users\Kate

2013-09-18 18:18 - 2011-04-13 14:07 - 00000000 ____D C:\Windows\system32\Macromed

2013-09-18 18:18 - 2011-04-12 10:08 - 00000000 ____D C:\Users\Wendy

2013-09-18 18:18 - 2011-04-10 20:41 - 00000000 ___RD C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-18 18:18 - 2011-04-10 20:41 - 00000000 ___RD C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-18 18:18 - 2011-04-10 20:41 - 00000000 ____D C:\Users\Mom

2013-09-18 18:18 - 2011-04-10 00:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2013-09-18 18:18 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-09-18 18:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-09-18 18:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat

2013-09-18 18:18 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-18 18:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration

2013-09-18 18:16 - 2012-01-29 15:00 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information

2013-09-18 18:15 - 2013-09-09 13:32 - 00000000 ____D C:\Users\Mom\AppData\Local\Amazon

2013-09-18 18:15 - 2011-06-01 10:07 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Skype

2013-09-18 18:15 - 2011-04-10 00:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes

2013-09-18 18:14 - 2013-09-18 13:12 - 00000000 ___HD C:\Program Files\CanonBJ

2013-09-18 17:43 - 2011-04-09 22:26 - 00000000 ____D C:\Users\Admin

2013-09-18 17:36 - 2013-09-18 17:36 - 206190127 _____ C:\Windows\MEMORY.DMP

2013-09-18 17:36 - 2011-07-09 15:51 - 00000000 ____D C:\Windows\Minidump

2013-09-18 14:05 - 2009-07-14 00:45 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-09-18 13:42 - 2011-06-01 09:33 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs

2013-09-18 12:44 - 2013-09-18 12:44 - 00009354 _____ C:\Windows\PFRO.log

2013-09-18 12:44 - 2013-09-18 12:44 - 00000000 _____ C:\Windows\setuperr.log

2013-09-18 12:34 - 2012-10-13 17:11 - 00000000 ____D C:\ProgramData\HitmanPro

2013-09-18 12:14 - 2011-04-09 23:16 - 00000000 ____D C:\Windows\Panther

2013-09-18 10:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Resources

2013-09-18 09:55 - 2011-04-11 17:25 - 00000360 _____ C:\Windows\WinInit.Ini

2013-09-18 09:34 - 2011-04-09 23:51 - 00000632 __RSH C:\Users\Admin\ntuser.pol

2013-09-18 09:25 - 2013-09-18 09:25 - 01039554 _____ C:\Users\Mom\Downloads\adwcleaner.exe

2013-09-17 10:05 - 2013-09-17 10:05 - 00017854 _____ C:\Users\Mom\Desktop\cookie dough bites.odt

2013-09-15 21:10 - 2011-04-10 20:41 - 00001228 __RSH C:\Users\Mom\ntuser.pol

2013-09-15 20:55 - 2012-11-23 02:21 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk

2013-09-15 20:54 - 2013-04-30 16:11 - 00001230 __RSH C:\Users\john.MOM-PC\ntuser.pol

2013-09-13 19:54 - 2012-12-12 18:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-13 19:54 - 2011-05-16 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-13 13:27 - 2013-09-13 13:27 - 06148179 _____ C:\Users\Mom\Desktop\Diana Rader dialect project 2013.mp4

2013-09-11 19:59 - 2009-07-13 21:45 - 00417576 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-11 19:46 - 2013-08-06 22:15 - 00000000 ____D C:\Windows\system32\MRT

2013-09-11 19:44 - 2011-04-09 23:16 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-10 23:10 - 2013-09-10 23:10 - 00021141 _____ C:\Users\Mom\Desktop\asl unit 1.odt

2013-09-09 21:19 - 2009-07-13 22:13 - 00732638 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-09 19:36 - 2013-08-01 10:03 - 00011668 _____ C:\Users\Mom\Downloads\attachment

2013-09-09 19:35 - 2013-08-01 10:05 - 00011668 _____ C:\Users\Mom\Downloads\attachment (2)

2013-09-09 19:25 - 2013-09-09 19:02 - 22754289 _____ C:\Users\Mom\Downloads\2011-09-016-flecks-of-gold-360p-eng.mp4

2013-09-09 14:09 - 2013-09-09 13:33 - 00000000 ____D C:\Users\Mom\Documents\My Kindle Content

2013-09-09 14:06 - 2013-09-09 14:06 - 00763878 _____ C:\Users\Mom\Downloads\The__28Honest_29_Truth.epub

2013-09-09 13:33 - 2013-09-09 13:33 - 00002215 _____ C:\Users\Mom\Desktop\Kindle.lnk

2013-09-09 13:32 - 2013-09-09 13:32 - 38103832 _____ (Amazon.com) C:\Users\Mom\Downloads\KindleForPC-installer.exe

2013-09-06 16:36 - 2013-04-26 16:20 - 00000000 ____D C:\Users\Mom\Desktop\New folder

2013-09-06 15:29 - 2013-09-06 15:29 - 41404760 _____ (Apple Inc.) C:\Users\Mom\Downloads\QuickTimeInstaller(3).exe

2013-09-06 15:28 - 2013-09-06 15:28 - 41404760 _____ (Apple Inc.) C:\Users\Mom\Downloads\QuickTimeInstaller(2).exe

2013-09-06 14:15 - 2013-09-06 14:24 - 22309232 _____ C:\Users\Mom\accent project 1.mp4

2013-09-06 13:09 - 2013-09-06 12:43 - 00362029 _____ C:\Users\Mom\Desktop\sqlite3.dll

2013-09-02 16:26 - 2013-04-30 16:11 - 00000000 ____D C:\Users\john.MOM-PC\AppData\Roaming\Adobe

2013-08-28 11:39 - 2013-08-26 11:53 - 00000000 ____D C:\Users\Mom\Desktop\Meal planning

2013-08-26 12:00 - 2013-08-18 15:22 - 00000000 ____D C:\Users\Mom\Desktop\blog stuff

2013-08-26 11:57 - 2013-06-10 12:14 - 00017408 _____ C:\Users\Mom\Documents\menu planning.atw

2013-08-26 11:57 - 2011-07-03 07:59 - 00000000 ____D C:\Users\Mom\Desktop\stuff to do

2013-08-26 11:55 - 2013-08-26 11:55 - 00000000 ____D C:\Users\Mom\Desktop\John

2013-08-26 11:54 - 2013-08-20 10:04 - 00000000 ____D C:\Users\Mom\Desktop\relief society

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$b90984c50f40e98e50bf562040c36593

Some content of TEMP:

====================

C:\Users\Mom\AppData\Local\Temp\air88D7.exe

C:\Users\Mom\AppData\Local\Temp\bpuninstall.exe

C:\Users\Mom\AppData\Local\Temp\install_flashplayer.exe

C:\Users\Mom\AppData\Local\Temp\install_flashplayer_1.exe

C:\Users\Mom\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Mom\AppData\Local\Temp\SkypeSetup.exe

 

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

 

When the scan is complete

 

 

If threats were found

 

 

close program

 

copy and paste the report here

 

Let me see those logs..

 

Kevin

fixlist.txt

Link to post
Share on other sites

I'm posting this first and then have to switch to admin.  I'll post the other when I'm done.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-09-2013 01
Ran by Mom at 2013-09-19 20:24:29 Run:1
Running from C:\AdwCleaner
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [startNow Search Protect] - "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
HKLM-x32\...\Run: [atr.exe] - [x]
FF Extension: urchisycme - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\urchisycme@urchisycme.org.xpi
FF Extension: No Name - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
C:\Program Files (x86)\StartNow Toolbar\search_protect.exe
C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$b90984c50f40e98e50bf562040c36593
C:\Users\Mom\AppData\Local\Temp\air88D7.exe
C:\Users\Mom\AppData\Local\Temp\bpuninstall.exe
C:\Users\Mom\AppData\Local\Temp\install_flashplayer.exe
C:\Users\Mom\AppData\Local\Temp\install_flashplayer_1.exe
C:\Users\Mom\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Mom\AppData\Local\Temp\SkypeSetup.exe
End

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\StartNow Search Protect => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\atr.exe => Value not found.
C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\urchisycme@urchisycme.org.xpi => Moved successfully.
C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
"C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$b90984c50f40e98e50bf562040c36593 => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\air88D7.exe => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\install_flashplayer.exe => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\install_flashplayer_1.exe => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Mom\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

When I ran the first mbam scan I had 28 new adware.   I did a second run and it cleaned it.

Let me know if you I'm good to go.  Thank you so much!!

 

Dee

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.19.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Mom :: MOM-PC [limited]

9/19/2013 9:14:34 PM
mbam-log-2013-09-19 (21-14-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239204
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Link to post
Share on other sites

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$R3UE7VT.exe a variant of Win32/Toolbar.Perion.G application

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$RAJ66VW.exe Win32/DownloadAdmin.G application

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$REY9UR3.exe Win32/DownloadAdmin.G application

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R2RDWTE.exe Win32/Toolbar.Zugo application

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R57U0DL.exe Win32/Toolbar.Zugo application

C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R8CL801.exe Win32/Toolbar.Zugo application

C:\MGtools\Process.exe Win32/PrcView application

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6I21FKU\SPSetup[1].exe multiple threats

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\background.html Win32/BHO.OEI trojan

C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\ContentScript.js Win32/BHO.OEI trojan

C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I1WJZG6\frst64-exe[1].htm HTML/ScrInject.B.Gen virus

C:\Users\Mom\Downloads\musicnotesSuite.exe Win32/OpenCandy application

C:\Users\Wendy\Downloads\FFCrowdstarToolbarInstaller_CDS_tbr_sa_1.14.1.0.exe a variant of Win32/Bundled.Toolbar.Ask application

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$R3UE7VT.exeC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$RAJ66VW.exeC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$REY9UR3.exeC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R2RDWTE.exeC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R57U0DL.exeC:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R8CL801.exeC:\MGtools\Process.exeC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6I21FKU\SPSetup[1].exeC:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\background.htmlC:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\ContentScript.jsC:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I1WJZG6\frst64-exe[1].htmC:\Users\Mom\Downloads\musicnotesSuite.exeC:\Users\Wendy\Downloads\FFCrowdstarToolbarInstaller_CDS_tbr_sa_1.14.1.0.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Re-run Malwarebytes, check for updates and do a quick scan, remove anything found. Post log...

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, give update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$R3UE7VT.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$RAJ66VW.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1000\$REY9UR3.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R2RDWTE.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R57U0DL.exe not found.
File/Folder C:\$Recycle.Bin\S-1-5-21-3106701223-18515579-3227075305-1001\$R8CL801.exe not found.
File/Folder C:\MGtools\Process.exe not found.
File/Folder C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6I21FKU\SPSetup[1].exe not found.
File/Folder C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\background.html not found.
File/Folder C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdbdggbdhdcgdgggbdhdddededegg\ContentScript.js not found.
File/Folder C:\Users\Mom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0I1WJZG6\frst64-exe[1].htm not found.
File/Folder C:\Users\Mom\Downloads\musicnotesSuite.exe not found.
File/Folder C:\Users\Wendy\Downloads\FFCrowdstarToolbarInstaller_CDS_tbr_sa_1.14.1.0.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 46636 bytes
->Temporary Internet Files folder emptied: 4309008 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Emily
 
User: John
 
User: john.MOM-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kate
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5837 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Wendy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 826 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09202013_144607

Files moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MM1V06XI\google_com[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MM1V06XI\index[2].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MM1V06XI\xd_arbiter[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH72NCCV\fastbutton[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH72NCCV\frame[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AH72NCCV\like[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ADC41RDR\postmessageRelay[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ADC41RDR\xd_arbiter[1].htm moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Admin :: MOM-PC [administrator]

9/20/2013 5:07:55 PM
mbam-log-2013-09-20 (17-07-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314488
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 29 
 Java version out of Date!
 Adobe Flash Player 11.8.800.168 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox 21.0 Firefox out of Date! 
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes Anti-Malware mbam.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Where did you get the updates for Adobe and Java from? which one offered Sweet time?  Installing Toolbars is always risky and refusing them is always the best option....

 

Re-run AdwCleaner and post the new log, also run another quick scan with Malwarebytes and post that log....

 

Let me know how your system is responding, also if any remaining issuses or concerns..

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.004 - Report created 21/09/2013 at 08:43:47
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Admin - MOM-PC
# Running from : C:\Users\Mom\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aptoei79.default\prefs.js ]

[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\mm4r62aa.default\prefs.js ]

[ File : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\3lfc2wnn.default\prefs.js ]

[ File : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\4296iho8.default\prefs.js ]

[ File : C:\Users\john.MOM-PC\AppData\Roaming\Mozilla\Firefox\Profiles\31ftd9q4.default\prefs.js ]

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\john.MOM-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1892 octets] - [19/09/2013 08:04:01]
AdwCleaner[R2].txt - [1891 octets] - [19/09/2013 08:46:19]
AdwCleaner[R3].txt - [7021 octets] - [12/11/2012 17:28:00]
AdwCleaner[s1].txt - [1955 octets] - [19/09/2013 08:13:16]
AdwCleaner[s2].txt - [1952 octets] - [19/09/2013 09:15:47]
AdwCleaner[s3].txt - [1814 octets] - [21/09/2013 08:43:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1874 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Admin :: MOM-PC [administrator]

9/21/2013 10:05:53 AM
mbam-log-2013-09-21 (10-05-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315235
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Download Junkware Removal tool from this link:

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Save to your desktop.

 

  • Shut down your Security Protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come.
  • The tool will open and start scanning your system. (Press any key when prompted to continue)
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post JRT.txt to your next message.

Link to post
Share on other sites

After running JRT I got a pop up that said:  A program tried to change default search provider settings for IE.  IE has reset the settings back to your original search provder to google.  just fyi. 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Professional x64
Ran by Admin on Sat 09/21/2013 at 17:27:17.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{69F03798-954E-46E2-8521-9A5D919CD7EB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Admin :: MOM-PC [administrator]

9/21/2013 5:42:52 PM
mbam-log-2013-09-21 (17-42-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316493
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.