Jump to content

Infected with something that creates pop-up ads and surveys


Recommended Posts

For about a week I have been battling some sort of malware that is putting video ads in the lower right corner of my screen, giving me popup warnings about security breeches and popup surveys.  They always relate to the site I am on, but if I read the fine print at the bottom it says it is not affiliated with the site in any way.  I have run Malwarebytes several times.  The last 2 have come back clean, but the problem persists.  Any ideas?  Thanks

 

Link to post
Share on other sites

Sorry - Here the logs are pasted

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Melinda at 21:45:23 on 2013-10-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1596 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\Melinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - 
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2B49SGHH05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [Google Update] "C:\Users\Melinda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Melinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Melinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Melinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Melinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Melinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Melinda\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\tcbhn.lnk - C:\Users\Melinda\AppData\Roaming\BrowserCompanion\tcbhn.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{27C056E4-4F55-47B0-ADA2-C70D813EB422} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{27C056E4-4F55-47B0-ADA2-C70D813EB422}\2656C6B696E6E2032636 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{27C056E4-4F55-47B0-ADA2-C70D813EB422}\452756E647F6E6655647562716E637D456D6F6279616C6C4962627162797 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{27C056E4-4F55-47B0-ADA2-C70D813EB422}\C45696473686 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{27C056E4-4F55-47B0-ADA2-C70D813EB422}\C65696473686 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{ABE3B8B7-8635-4723-A5EB-5C9B3081387F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - 
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Melinda\AppData\Local\Roblox\Versions\version-8484f0d4199b4d0f\NPRobloxProxy.dll
FF - plugin: C:\Users\Melinda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-03 20:03; {96ba0cc0-f423-0224-ce2f-94c05d001171}; C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\extensions\{96ba0cc0-f423-0224-ce2f-94c05d001171}
FF - ExtSQL: !HIDDEN! 2012-04-17 03:29; 39ffxtbr@MapsGalaxy_39.com; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
.
---- FIREFOX POLICIES ----
.
.
.
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.id - 344c08b10000000000001c659d38954a
FF - user.js: extensions.BabylonToolbar.instlDay - 15573
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.617:24:21
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112050&tt=3412_5
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-4 203264]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-11-15 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-11-15 55296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-3-10 868896]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-2-18 82944]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2013-1-23 16896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2012-1-31 42504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-9 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-31 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-11-15 291352]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-17 243232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-4 116752]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-9 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-3-10 38528]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe --> C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-2 103448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-18 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-17 246376]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-2 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-18 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-27 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-10-07 13:40:40 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EDD5CB61-FEDD-45D2-AD02-C28F9734691A}\mpengine.dll
2013-10-06 05:42:14 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-04 16:14:49 -------- d-sh--w- C:\Windows\ftpcache
2013-09-21 18:53:50 -------- d-----w- C:\Program Files (x86)\Free PDF Solutions
2013-09-21 18:50:41 -------- d--h--w- C:\ProgramData\Common Files
2013-09-18 03:57:30 -------- d-----w- C:\Users\Melinda\AppData\Local\{D1312C7C-7B58-4859-818A-732CE0E571F6}
2013-09-18 03:11:53 -------- d-----w- C:\ProgramData\Oracle
2013-09-18 03:10:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-18 02:36:06 -------- d-----w- C:\Program Files (x86)\APP
2013-09-16 16:30:40 4806016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-16 16:30:40 4806016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-09-11 19:30:02 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
.
==================== Find3M  ====================
.
2013-09-18 03:09:39 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-18 03:09:39 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 19:37:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-01 19:37:49 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:46:49.10 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 3/25/2011 5:40:02 PM
System Uptime: 10/8/2013 7:26:18 AM (14 hours ago)
.
Motherboard: Gateway |  | SJV52_DN
Processor: AMD Phenom II N970 Quad-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 467.522 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30AF0952&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30AF0952&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP305: 9/12/2013 10:32:22 AM - Windows Update
RP306: 9/12/2013 7:59:12 PM - Windows Update
RP307: 9/17/2013 5:46:09 PM - Windows Update
RP308: 9/17/2013 11:09:10 PM - Installed Java 7 Update 40
RP309: 9/21/2013 1:14:03 PM - Windows Update
RP310: 9/29/2013 6:30:16 PM - Windows Update
RP311: 10/4/2013 9:30:03 AM - Windows Update
RP312: 10/7/2013 9:39:55 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
18 Wheels of Steel - American Long Haul
Ace of Spades
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Advertising Center
Agatha Christie - Death on the Nile
Amazon Kindle
Amazon Music Importer
Amnesia - The Dark Descent Demo
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Install Manager
Backup Manager Basic
Bandicam
Bandisoft MPEG-1 Decoder
Battlefield Heroes
Battlefield Play4Free
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker 2
Bonjour
Broadcom Gigabit NetLink Controller
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDCheck
Chuzzle Deluxe
Cisco WebEx Meetings
ClueFinders 5th Grade Adventures
Combat Arms
Coupon Printer for Windows
CyberLink PowerDVD 9
D3DX10
Digital DJ Pro 1.7.0
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
eBay Worldwide
EZ Vinyl/Tape Converter 10 by Ion Audio
Facebook Video Calling 1.2.0.287
Fallen Earth
Fantapper Player
Fantapper Updater
FATE
File Scavenger 3.2 (English)
Fraps
Free PDF Solutions PDF to WORD version 1.0
Freemake Video Converter version 3.0.1
Freeze.com NetAssistant
GameFly
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
GeoGebra 4
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Graboid Video 3.83
Graboid Video 3.83 Setup
HP Deskjet 3000 J310 series Basic Device Software
HP Deskjet 3000 J310 series Help
HP Deskjet 3000 J310 series Product Improvement Study
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photo Creations
HP Update
I.R.I.S. OCR
iCloud
Identity Card
Image Resizer for Windows
Image Resizer for Windows (64 bit)
ImagXpress
InstallIQ Updater
Itibiti RTC
iTunes
Java 7 Update 40
Java Auto Updater
Java 6 Update 39
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
MapsGalaxy
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NetAssistant
Nexon Game Manager
NOOK for PC
OpenDNS Updater 2.2.1
Pando Media Booster
ParetoLogic Data Recovery
PC Optimizer Pro
Penguins!
Picasa 3
Plants vs. Zombies
Polar Bowler
Polar Golfer
PS-Wizard
PunkBuster Services
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recuva
ROBLOX Player for Melinda
ROBLOX Studio 2013 for Melinda
RollerCoaster Tycoon 3 Demo
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Sibelius 7 OpenType Fonts
Sibelius 7.0.2.8
Skype Click to Call
Skype™ 6.6
SpecialSavings
Spybot - Search & Destroy
Steam
swMSM
Symantec Technical Support Web Controls
TaxACT 2011 - 1040 Edition
TaxACT 2011 Michigan
TaxACT 2012 - 1040 Edition
TaxACT 2012 Michigan
Times Reader
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Vid-Saver
Video Mover
Video Web Camera
Virtual Villagers 4 - The Tree of Life
VirtualLab Client 6.0.6
VLC media player 1.0.1
War and Peace
WebcamMax
Welcome Center
WildTangent Games App (Gateway Games)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.20 (64-bit)
Wordaizer v2.3
World of Tanks
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/8/2013 7:28:14 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/8/2013 7:26:58 AM, Error: Service Control Manager [7000]  - The Browser Manager service failed to start due to the following error:  The system cannot find the file specified.
10/6/2013 6:42:50 AM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
10/4/2013 1:01:23 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
10/4/2013 1:01:23 PM, Error: Service Control Manager [7000]  - The BBUpdate service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2013 1:01:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
.
==== End Of File ===========================
 
 
Thanks again
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the quick response

 

Log from Rogue Killer

 

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Melinda [Admin rights]
Mode : Scan -- Date : 10/08/2013 23:14:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][ROGUE ST] 4879 : wscript.exe - C:\Users\Melinda\AppData\Local\Temp\launchie.vbs //B -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD6400BEVT-22A0RT0 ATA Device +++++
--- User ---
[MBR] d19d362479e3a1aff1f74d4088e3110b
[bSP] a46707ea4de82d4cddfde5da0bb7a007 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10082013_231416.txt >>
Link to post
Share on other sites

Please uninstall MapsGalaxy from your add/remove programs:
http://www.systemlookup.com/CLSID/73927-39bar_dll.html

Then.........

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

AdwCleaner Log

 

# AdwCleaner v3.007 - Report created 09/10/2013 at 08:57:39
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Melinda - KERRAMEL2-PC
# Running from : C:\Users\Melinda\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : Browser Manager
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Freeze.com
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\SpecialSavings
Folder Deleted : C:\Program Files (x86)\v-Grabber
Folder Deleted : C:\Program Files (x86)\Vid-Saver
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Users\Melinda\AppData\Local\apn
Folder Deleted : C:\Users\Melinda\AppData\Local\mapsgalaxy_39
Folder Deleted : C:\Users\Melinda\AppData\Local\Vid-Saver
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\mapsgalaxy_39
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\MapsGalaxy_39EI
Folder Deleted : C:\Users\Melinda\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Melinda\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Melinda\AppData\Roaming\strongvault
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Mommy Music\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Mommy Music\AppData\LocalLow\mapsgalaxy_39
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\jetpack
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\39ffxtbr@MapsGalaxy_39.com
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\specialsavings@superfish.com
Folder Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Mommy Music\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Folder Deleted : C:\Users\Mommy Music\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Folder Deleted : C:\Users\Mommy Music\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Folder Deleted : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldbiondcoemmofebkcgcnbigliglcnl
File Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Deleted : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\user.js
File Deleted : C:\Windows\System32\Tasks\Browser Manager
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppdjnkblmcjfnlogjjhpigpdgpcgdpll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\582da8ab434be40
Key Deleted : HKLM\SOFTWARE\582da8ab434be40
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298570
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-server_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-server_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rollercoaster-tycoon-3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rollercoaster-tycoon-3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slender_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB9817CA-9B43-41EB-8706-44847957338D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\BrowseFox
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "344c08b10000000000001c659d38954a");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15573");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112050&tt=3412_5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.617:24:21");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22972417);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "snapdogoblidooyb");
Line Deleted : user_pref("extensions.helperbar.installationid", "96ba0cc0-f423-0224-ce2f-94c05d001171");
Line Deleted : user_pref("extensions.helperbar.installdate", "03/09/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "snapdogoblidooyb");
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
 
[ File : C:\Users\Mommy Music\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [21589 octets] - [09/10/2013 08:54:13]
AdwCleaner[s0].txt - [20320 octets] - [09/10/2013 08:57:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20381 octets] ##########
Link to post
Share on other sites

MBAM Log

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.04.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Melinda :: KERRAMEL2-PC [administrator]
 
Protection: Enabled
 
10/9/2013 9:09:24 AM
mbam-log-2013-10-09 (09-09-24).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246003
Time elapsed: 17 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Please uninstall Java™ 6 Update 39 from your add/remove programs. (old version)
Then.....
Go here and follow the instructions to clear your Java Cache

~~~~~~~~~~~~~~~~~~~~

Next:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

OK, we had to check for any rootkits.

What browsers are affected???

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Done  :)

 

I have not seen a pop-up in a while :D , but there do seem to be double underscored words in the text that give me ads that say "Powered by Top Hits Arcade".  Not sure if they were there before and I just didn't notice or if they are supposed to be there.

 

Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Melinda (administrator) on KERRAMEL2-PC on 09-10-2013 13:17:50
Running from C:\Users\Melinda\Desktop\Fanbar
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11444840 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [VideoWebCamera] - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe [1655544 2010-10-25] (Suyin)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Mommy Music\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab
DPF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default
FF NewTab: about:blank
FF SearchEngineOrder.3: Bing 
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Melinda\AppData\Local\Roblox\Versions\version-759151294bb84441\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Melinda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Melinda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Melinda\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Melinda\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Melinda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\crossriderapp3491@crossrider.com
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (MouseHunt HornTracker for Chrome) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoakbimfnggbhoplpfcpeifgbigmpepl\2.4.8_0
CHR Extension: (YouTube) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Battlefield Heroes) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.110.0_0
CHR Extension: (Freemake Video Converter) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (MouseHunt Horn Timer) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkoojecgfgialnfnllpgmdgdoaofpen\1.9.1_0
CHR Extension: (Fantapper) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\2.0.7_0
CHR Extension: (Gmail) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (MouseHuntizer for Chrome) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\poopecipggnjoikoamlhhaehakehihjn\0.9.7_0
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82944 2012-02-17] (Freemake)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-25] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST
2013-10-09 13:15 - 2013-10-09 13:16 - 00000000 ____D C:\Users\Melinda\Desktop\Fanbar
2013-10-09 12:45 - 2013-10-09 12:45 - 00027630 _____ C:\ComboFix.txt
2013-10-09 12:14 - 2013-10-09 12:45 - 00000000 ____D C:\Qoobox
2013-10-09 12:14 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 12:14 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 12:14 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 12:14 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 12:14 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 12:14 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 12:14 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 12:14 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 12:13 - 2013-10-09 12:43 - 00000000 ____D C:\Windows\erdnt
2013-10-09 12:07 - 2013-10-09 12:07 - 05131844 ____R (Swearware) C:\Users\Melinda\Desktop\ComboFix.exe
2013-10-09 10:12 - 2013-10-09 11:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-09 10:11 - 2013-10-09 11:06 - 00000000 ____D C:\Users\Melinda\Desktop\mbar
2013-10-09 10:10 - 2013-10-09 10:10 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melinda\Downloads\mbar-1.07.0.1005.exe
2013-10-09 08:53 - 2013-10-09 08:58 - 00000000 ____D C:\AdwCleaner
2013-10-09 08:42 - 2013-10-09 08:43 - 01048960 _____ C:\Users\Melinda\Desktop\AdwCleaner.exe
2013-10-08 23:14 - 2013-10-08 23:14 - 00001734 _____ C:\Users\Melinda\Desktop\RKreport[0]_S_10082013_231416.txt
2013-10-08 23:01 - 2013-10-08 23:09 - 00000000 ____D C:\Users\Melinda\Desktop\RK_Quarantine
2013-10-08 22:59 - 2013-10-08 22:59 - 03980800 _____ C:\Users\Melinda\Downloads\RogueKillerX64.exe
2013-10-08 21:47 - 2013-10-08 21:53 - 00027757 _____ C:\Users\Melinda\Desktop\dds.txt
2013-10-08 21:47 - 2013-10-08 21:47 - 00014518 _____ C:\Users\Melinda\Desktop\attach.txt
2013-10-08 21:40 - 2013-10-08 21:41 - 00688992 ____R (Swearware) C:\Users\Melinda\Downloads\dds.scr
2013-10-08 10:25 - 2013-10-08 10:25 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (3).gdoc
2013-10-05 18:59 - 2013-10-05 18:59 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (2).gdoc
2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS.gdoc
2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (1).gdoc
2013-10-04 15:55 - 2013-10-04 15:56 - 00000000 ____D C:\Users\Melinda\Documents\memory stick
2013-10-04 13:00 - 2013-10-04 13:00 - 35289352 _____ (Dropbox, Inc.) C:\Users\Melinda\Downloads\Dropbox 2.4.1.exe
2013-10-04 12:14 - 2013-10-04 12:14 - 00000000 __SHD C:\Windows\ftpcache
2013-09-21 14:53 - 2013-09-21 15:12 - 00000000 ____D C:\Program Files (x86)\Free PDF Solutions
2013-09-19 08:51 - 2013-01-01 22:05 - 00787968 _____ C:\Users\Melinda\Desktop\COD5 Game Save Editor PS3.exe
2013-09-19 08:46 - 2013-09-19 08:47 - 00004888 _____ C:\Users\Melinda\Downloads\Blue Ice CFG.rar
2013-09-19 08:45 - 2013-09-19 08:45 - 00012638 _____ C:\Users\Melinda\Downloads\ZombieMods.cfg
2013-09-19 08:40 - 2013-09-19 08:40 - 00000000 ____D C:\Users\Melinda\Documents\SAVEGAME
2013-09-19 08:33 - 2013-09-19 08:54 - 01469992 _____ C:\Users\Melinda\Downloads\COD5 Game Save Editor PS3.rar
2013-09-18 22:04 - 2013-09-18 22:04 - 00223566 _____ C:\Users\Melinda\Downloads\testdown.svg
2013-09-18 21:56 - 2013-09-18 21:56 - 00223566 _____ C:\Users\Melinda\Desktop\Cloud 2.svg
2013-09-17 23:57 - 2013-09-17 23:57 - 00000000 ____D C:\Users\Melinda\AppData\Local\{D1312C7C-7B58-4859-818A-732CE0E571F6}
2013-09-17 23:11 - 2013-09-17 23:11 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:10 - 2013-09-17 23:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-17 23:10 - 2013-09-17 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-17 23:10 - 2013-09-17 23:09 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-17 23:10 - 2013-09-17 23:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-17 23:08 - 2013-09-17 23:08 - 00913832 _____ (Oracle Corporation) C:\Users\Melinda\Downloads\chromeinstall-7u40.exe
2013-09-17 22:36 - 2013-09-17 22:36 - 00001076 _____ C:\Users\Melinda\Desktop\Wordaizer.lnk
2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Users\Public\Documents\APP
2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Program Files (x86)\APP
2013-09-17 22:34 - 2013-09-17 22:34 - 08596303 _____ C:\Users\Melinda\Downloads\WordaizerSetUp.zip
2013-09-15 16:37 - 2013-09-15 16:37 - 00275232 _____ C:\Windows\Minidump\091513-19094-01.dmp
2013-09-12 15:16 - 2013-09-12 15:16 - 00001934 _____ C:\Users\Melinda\Desktop\Skype.lnk
2013-09-11 21:24 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 21:24 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 21:24 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 21:24 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 21:24 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 21:24 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 21:24 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 21:24 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 21:24 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 21:24 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 21:24 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 21:24 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 21:24 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 21:24 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 15:30 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 15:30 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 15:30 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:30 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 15:30 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 15:29 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 15:29 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 15:29 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 15:29 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 15:29 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 15:29 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 15:29 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 15:29 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 15:29 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 15:29 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 15:29 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 15:29 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 15:29 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 15:29 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 15:29 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 15:29 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 15:29 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 15:29 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 15:29 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 15:29 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 15:29 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 15:29 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 17:40 - 2013-09-10 17:40 - 00262144 _____ C:\Windows\Minidump\091013-21949-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-10-09 13:19 - 2013-02-09 16:25 - 00000342 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-10-09 13:17 - 2013-10-09 13:17 - 00000000 ____D C:\FRST
2013-10-09 13:16 - 2013-10-09 13:15 - 00000000 ____D C:\Users\Melinda\Desktop\Fanbar
2013-10-09 12:53 - 2012-07-19 22:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4110347981-1074187552-290032074-1001UA.job
2013-10-09 12:46 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:46 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 12:45 - 2013-10-09 12:45 - 00027630 _____ C:\ComboFix.txt
2013-10-09 12:45 - 2013-10-09 12:14 - 00000000 ____D C:\Qoobox
2013-10-09 12:45 - 2011-08-25 13:35 - 00000000 ____D C:\Users\Kerry
2013-10-09 12:45 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-10-09 12:43 - 2013-10-09 12:13 - 00000000 ____D C:\Windows\erdnt
2013-10-09 12:42 - 2011-03-10 02:39 - 01358282 _____ C:\Windows\WindowsUpdate.log
2013-10-09 12:37 - 2011-04-27 16:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 12:37 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-10-09 12:36 - 2011-03-25 18:13 - 01285862 _____ C:\Windows\PFRO.log
2013-10-09 12:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 12:36 - 2009-07-14 00:51 - 00136783 _____ C:\Windows\setupact.log
2013-10-09 12:35 - 2009-07-13 22:34 - 81788928 _____ C:\Windows\system32\config\software.bak
2013-10-09 12:35 - 2009-07-13 22:34 - 22544384 _____ C:\Windows\system32\config\system.bak
2013-10-09 12:35 - 2009-07-13 22:34 - 01048576 _____ C:\Windows\system32\config\default.bak
2013-10-09 12:35 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-10-09 12:35 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-09 12:30 - 2011-04-27 16:28 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 12:29 - 2011-03-25 17:42 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-09 12:07 - 2013-10-09 12:07 - 05131844 ____R (Swearware) C:\Users\Melinda\Desktop\ComboFix.exe
2013-10-09 12:05 - 2013-07-10 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-09 12:05 - 2011-10-29 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-09 11:06 - 2013-10-09 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-09 11:06 - 2013-10-09 10:11 - 00000000 ____D C:\Users\Melinda\Desktop\mbar
2013-10-09 10:52 - 2012-07-19 22:25 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4110347981-1074187552-290032074-1001Core.job
2013-10-09 10:10 - 2013-10-09 10:10 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Melinda\Downloads\mbar-1.07.0.1005.exe
2013-10-09 09:02 - 2011-11-10 18:40 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Dropbox
2013-10-09 09:01 - 2011-11-11 08:37 - 00000000 ___RD C:\Users\Melinda\Dropbox
2013-10-09 08:58 - 2013-10-09 08:53 - 00000000 ____D C:\AdwCleaner
2013-10-09 08:43 - 2013-10-09 08:42 - 01048960 _____ C:\Users\Melinda\Desktop\AdwCleaner.exe
2013-10-09 08:22 - 2011-03-27 19:55 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Skype
2013-10-08 23:14 - 2013-10-08 23:14 - 00001734 _____ C:\Users\Melinda\Desktop\RKreport[0]_S_10082013_231416.txt
2013-10-08 23:09 - 2013-10-08 23:01 - 00000000 ____D C:\Users\Melinda\Desktop\RK_Quarantine
2013-10-08 22:59 - 2013-10-08 22:59 - 03980800 _____ C:\Users\Melinda\Downloads\RogueKillerX64.exe
2013-10-08 21:53 - 2013-10-08 21:47 - 00027757 _____ C:\Users\Melinda\Desktop\dds.txt
2013-10-08 21:47 - 2013-10-08 21:47 - 00014518 _____ C:\Users\Melinda\Desktop\attach.txt
2013-10-08 21:41 - 2013-10-08 21:40 - 00688992 ____R (Swearware) C:\Users\Melinda\Downloads\dds.scr
2013-10-08 18:00 - 2013-03-11 07:51 - 00000470 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-10-08 10:25 - 2013-10-08 10:25 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (3).gdoc
2013-10-07 21:32 - 2011-12-09 07:45 - 00004595 _____ C:\Windows\wininit.ini
2013-10-06 20:54 - 2009-07-14 01:13 - 00780196 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 18:59 - 2013-10-05 18:59 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (2).gdoc
2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS.gdoc
2013-10-05 18:55 - 2013-10-05 18:55 - 00000184 _____ C:\Users\Melinda\Downloads\GFS (1).gdoc
2013-10-04 17:34 - 2013-08-14 11:10 - 00000000 ___RD C:\Users\Melinda\Google Drive
2013-10-04 15:56 - 2013-10-04 15:55 - 00000000 ____D C:\Users\Melinda\Documents\memory stick
2013-10-04 13:14 - 2011-11-10 18:41 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-04 13:00 - 2013-10-04 13:00 - 35289352 _____ (Dropbox, Inc.) C:\Users\Melinda\Downloads\Dropbox 2.4.1.exe
2013-10-04 12:14 - 2013-10-04 12:14 - 00000000 __SHD C:\Windows\ftpcache
2013-09-29 18:29 - 2011-03-27 19:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-29 18:29 - 2011-03-27 19:55 - 00000000 ____D C:\ProgramData\Skype
2013-09-21 15:12 - 2013-09-21 14:53 - 00000000 ____D C:\Program Files (x86)\Free PDF Solutions
2013-09-21 15:12 - 2012-07-10 17:15 - 00000000 ____D C:\Users\Melinda\Desktop\C21 A1 Forms
2013-09-19 08:54 - 2013-09-19 08:33 - 01469992 _____ C:\Users\Melinda\Downloads\COD5 Game Save Editor PS3.rar
2013-09-19 08:51 - 2011-03-28 20:50 - 00000000 ____D C:\Users\Melinda\AppData\Local\CrashDumps
2013-09-19 08:47 - 2013-09-19 08:46 - 00004888 _____ C:\Users\Melinda\Downloads\Blue Ice CFG.rar
2013-09-19 08:45 - 2013-09-19 08:45 - 00012638 _____ C:\Users\Melinda\Downloads\ZombieMods.cfg
2013-09-19 08:40 - 2013-09-19 08:40 - 00000000 ____D C:\Users\Melinda\Documents\SAVEGAME
2013-09-18 22:04 - 2013-09-18 22:04 - 00223566 _____ C:\Users\Melinda\Downloads\testdown.svg
2013-09-18 21:56 - 2013-09-18 21:56 - 00223566 _____ C:\Users\Melinda\Desktop\Cloud 2.svg
2013-09-17 23:57 - 2013-09-17 23:57 - 00000000 ____D C:\Users\Melinda\AppData\Local\{D1312C7C-7B58-4859-818A-732CE0E571F6}
2013-09-17 23:11 - 2013-09-17 23:11 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 23:09 - 2013-09-17 23:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-17 23:09 - 2013-09-17 23:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-17 23:09 - 2013-09-17 23:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-17 23:09 - 2013-09-17 23:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-17 23:09 - 2012-05-07 08:53 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-17 23:09 - 2011-03-27 10:44 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-17 23:09 - 2011-03-27 10:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-17 23:08 - 2013-09-17 23:08 - 00913832 _____ (Oracle Corporation) C:\Users\Melinda\Downloads\chromeinstall-7u40.exe
2013-09-17 22:36 - 2013-09-17 22:36 - 00001076 _____ C:\Users\Melinda\Desktop\Wordaizer.lnk
2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Users\Public\Documents\APP
2013-09-17 22:36 - 2013-09-17 22:36 - 00000000 ____D C:\Program Files (x86)\APP
2013-09-17 22:34 - 2013-09-17 22:34 - 08596303 _____ C:\Users\Melinda\Downloads\WordaizerSetUp.zip
2013-09-17 21:18 - 2013-02-17 19:50 - 00000061 _____ C:\Windows\TaxACT12.ini
2013-09-15 16:37 - 2013-09-15 16:37 - 00275232 _____ C:\Windows\Minidump\091513-19094-01.dmp
2013-09-15 16:37 - 2011-05-20 06:07 - 586157449 _____ C:\Windows\MEMORY.DMP
2013-09-15 16:37 - 2011-05-20 06:07 - 00000000 ____D C:\Windows\Minidump
2013-09-15 07:04 - 2012-07-26 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-14 22:15 - 2011-09-29 16:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 22:44 - 2011-08-27 17:08 - 00000000 ____D C:\Users\Melinda\AppData\Roaming\.minecraft
2013-09-12 16:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 15:16 - 2013-09-12 15:16 - 00001934 _____ C:\Users\Melinda\Desktop\Skype.lnk
2013-09-12 08:35 - 2011-03-25 17:42 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 08:34 - 2009-07-14 00:45 - 00396584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 21:23 - 2013-08-14 19:33 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 21:23 - 2011-04-02 14:06 - 00796892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-11 21:23 - 2011-04-02 14:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-11 21:17 - 2013-05-18 22:49 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 18:06 - 2011-03-25 17:40 - 00000000 ___RD C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-10 17:40 - 2013-09-10 17:40 - 00262144 _____ C:\Windows\Minidump\091013-21949-01.dmp
 
Files to move or delete:
====================
C:\Users\Melinda\jagex_cl_runescape_LIVE.dat
C:\Users\Melinda\jagex_runescape_preferences.dat
C:\Users\Melinda\jagex_runescape_preferences2.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 20:55
 
==================== End Of Log ============================
Link to post
Share on other sites

I did not click Fix on Fanbar - should I?

No, there's nothing to fix.

This is in your add/remove programs:

Advertising Center (x32 Version: 0.0.0.2)

Did you install it or know what it is??

-------------------------------

The only thing I see is this extension in FF:

FF Extension: No Name - C:\Users\Melinda\AppData\Roaming\Mozilla\Firefox\Profiles\v41f996r.default\Extensions\crossriderapp3491@crossrider.com

It should be disabled/removed.

Let me know....MrC

Link to post
Share on other sites

No clue what Advertising Center is.  Would you like me to uninstall it?

 

Went to add-ons manager in FF and do not see that extension.  The only ones listed are Freemake Video Converter, Skype Click to Call, SmartPrintButton and Vid Saver and all are already disabled.

 

Is there another place to look for it or another way to remove it?

 

Thanks

Link to post
Share on other sites

You can just reset Firefox:


 

(we can reset Chrome and IE if needed also)

 

-------------------------------------------

 

Download, install and run CCleaner free to clean out temp files.

Here's a Tutorial if needed.

You may want to uncheck "cookies" and please stay away from the registry cleaner.

 

Then go to "Tools" > Uninstall > look for "Advertising Center" > click on "Run Uninstaller" if it doesn't uninstall > click on "Delete Entry".

 

Let me know what problems remain.

 

MrC

 

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.