Jump to content

MyPCBackup has hit


Recommended Posts

I just happened upon these forums when my roommate's laptop got hit by MyPCBackup and I Googled it. The Google search brought up this thread, which sadly dead-ended. The roommate is going out of town for a couple weeks in two days (probably about 36 hours), so I'd like to get this taken care of.

 

I'm assuming that I can follow the first few steps immediately, so right after I submit this post I will switch computers and start the process as described by "MrCharlie". 

 

I'll say straight up that there is no P2P software or pirated software on the infected computer.

 

So...off to download "RogueKiller" to the infected computer. I will be back tomorrow night, probably about this time, but hopefully sooner.

Link to post
Share on other sites

OK so I downloaded DDS, and here's the logs. 

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by brnwilson at 22:34:53 on 2013-12-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3999.2026 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\brnwilson\AppData\Local\Google\Chrome Frame\Application\31.0.1650.57\chrome_frame_helper.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WeatherEye] C:\Users\brnwilson\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
uRun: [ChromeFrameHelper] "C:\Users\brnwilson\AppData\Local\Google\Chrome Frame\Application\31.0.1650.57\chrome_frame_helper.exe" --startup
uRun: [ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\BRNWIL~1\AppData\Local\Temp\CT3287811\plugins\TBVerifier.dll",RunConduitFloatingPlugin jpkgnchjblgnciiopegmabnakdoapgkj
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\BRNWIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\brnwilson\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BRNWIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9EF69301-EE42-498F-867C-D4756633FE65} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9EF69301-EE42-498F-867C-D4756633FE65}\346333031353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9EF69301-EE42-498F-867C-D4756633FE65}\542333341353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B1B0E65B-717E-498B-B920-BF7804D91621} : DHCPNameServer = 172.20.10.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\brnwilson\AppData\Local\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Feven 1.7: {11111111-1111-1111-1111-110411051194} - 
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-12 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-3-19 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-12 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-12 227896]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-13 52320]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-16 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-12-6 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-12 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-16 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-12 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-13 04:13:31 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\Malwarebytes
2013-12-13 04:12:58 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-13 04:12:56 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-13 04:12:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-13 01:18:22 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\Uniblue
2013-12-13 01:18:22 -------- d-----w- C:\Program Files (x86)\Uniblue
2013-12-13 01:17:52 -------- d-----w- C:\Users\brnwilson\AppData\Local\Wajam
2013-12-12 14:12:37 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 14:12:37 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 14:12:36 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 14:12:35 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 12:47:25 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2CC4EEAD-931A-40C0-BD55-4AC8B62460B0}\mpengine.dll
2013-12-11 21:56:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 21:56:16 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 21:56:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 21:56:04 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-11 20:50:43 -------- d-----w- C:\Program Files\Uninstaller
2013-12-11 20:39:39 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\Optimizer Pro
2013-12-11 02:37:34 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-09 13:38:46 -------- d-----w- C:\Users\brnwilson\AppData\Local\SearchProtect
2013-12-07 01:48:45 -------- d-----w- C:\Users\brnwilson\AppData\Local\VS Revo Group
2013-12-07 01:48:40 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-12-07 01:48:40 -------- d-----w- C:\ProgramData\VS Revo Group
2013-12-07 01:48:36 -------- d-----w- C:\Program Files\VS Revo Group
2013-12-07 01:45:24 -------- d-----w- C:\ProgramData\TubeDimmer
2013-12-07 01:31:58 627256 ----a-w- C:\cc_reg_bu_20131206.reg
2013-12-07 01:03:03 -------- d-----w- C:\ProgramData\Conduit
2013-12-07 01:01:55 -------- d-----w- C:\Users\brnwilson\AppData\Local\NativeMessaging
2013-12-07 01:00:22 -------- d-----w- C:\ProgramData\VisualBee
2013-12-07 01:00:19 -------- d-----w- C:\Users\brnwilson\AppData\Local\emaze
2013-12-07 00:59:59 -------- d-----w- C:\Users\brnwilson\AppData\Local\Programs
2013-12-07 00:59:14 -------- d-----w- C:\ProgramData\RHelpers
2013-12-07 00:59:13 -------- d-----w- C:\ProgramData\Updater
2013-12-06 22:29:33 -------- d-----w- C:\Program Files (x86)\Lightspark 0.5.3-git
2013-12-06 22:28:49 -------- d-----w- C:\Users\brnwilson\AppData\Local\RegistryDR
2013-12-06 22:28:43 -------- d-----w- C:\Program Files (x86)\AmiExt
2013-12-06 22:28:40 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-12-06 22:28:30 -------- d-----w- C:\Program Files (x86)\Registry Dr
2013-12-06 22:28:16 -------- d-----w- C:\Users\brnwilson\.android
2013-12-06 22:28:14 -------- d-----w- C:\Users\brnwilson\AppData\Local\cache
2013-12-06 22:28:13 -------- d-----w- C:\Users\brnwilson\AppData\Local\Mobogenie
2013-12-06 22:28:13 -------- d-----w- C:\Users\brnwilson\AppData\Local\genienext
2013-12-06 22:27:22 -------- d-----w- C:\Windows\System32\log
2013-12-06 22:27:19 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\iSafe
2013-12-06 22:27:09 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-12-06 22:25:47 -------- d-----w- C:\Users\brnwilson\AppData\Local\Lollipop
2013-12-06 22:25:21 -------- d-----w- C:\Users\brnwilson\AppData\Local\SwvUpdater
2013-12-06 20:23:41 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-06 20:23:41 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1E72E5A-7164-4B83-800C-682201A3DF93}\gapaengine.dll
2013-11-14 23:23:56 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-11-14 23:23:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-11-14 23:09:58 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\FoxTab
2013-11-14 23:09:48 -------- d-----w- C:\Users\brnwilson\AppData\Roaming\UpdaterEX
2013-11-13 20:15:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 20:15:13 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 20:15:04 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M  ====================
.
2013-12-11 00:09:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:09:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 22:37:04.93 ===============
 
 
Attach.txt:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 09/06/2010 4:25:20 PM
System Uptime: 12/12/2013 10:30:48 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 3612
Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | CPU | 1188/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 387.471 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.185 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP527: 21/11/2013 11:23:08 AM - Windows Update
RP528: 25/11/2013 10:40:39 AM - Windows Update
RP529: 29/11/2013 12:36:46 AM - Windows Update
RP530: 02/12/2013 9:52:08 AM - Windows Update
RP531: 03/12/2013 8:15:23 AM - Windows Update
RP532: 06/12/2013 2:22:32 PM - Windows Update
RP534: 06/12/2013 4:31:15 PM - Before Registry Dr fix
RP535: 09/12/2013 7:37:17 PM - Windows Update
RP536: 12/12/2013 8:00:27 AM - Windows Update
RP537: 12/12/2013 7:17:46 PM - Uniblue SpeedUpMyPC installation
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DMUninstaller
DocMgr
DocProc
Dropbox
ESU for Microsoft Windows 7
Extended Update
Fax
Google Chrome
Google Chrome Frame
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Document Manager 2.0
HP Games
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0156
HP Wireless Assistant
HPDiagnosticAlert
iCloud
Intel® Graphics Media Accelerator Driver
Java 7 Update 21
Java Auto Updater
Java 6 Update 15 (64-bit)
Java SE Development Kit 6 Update 15 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
LightScribe System Software
Lightspark 0.5.3-git
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (French) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help  (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669)
Mise à jour Microsoft Office Word 2007 Help  (KB963665)
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup 
Network64
OCR Software by I.R.I.S. 13.0
Power2Go
PowerDirector
PricePeep
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Revo Uninstaller Pro 3.0.7
Safari
Scan
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Skype Click to Call
Skype™ 6.11
SmartWebPrinting
Snap.Do
Snap.Do Engine
SpeedUpMyPC
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Updater
WeatherEye
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
12/12/2013 7:28:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
12/12/2013 7:28:17 PM, Error: Service Control Manager [7000]  - The Search Protect by Conduit Updater service failed to start due to the following error:  The system cannot find the file specified.
12/12/2013 7:28:17 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/12/2013 7:18:57 PM, Error: Service Control Manager [7034]  - The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).
07/12/2013 10:16:52 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/12/2013 10:16:52 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
06/12/2013 8:04:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
06/12/2013 7:34:34 PM, Error: Service Control Manager [7031]  - The Update GreyGray service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Uninstall the two following programs:

 

Uniblue

MyPC Backup

 

Any problems with the UNinstall just continue with the next steps, maybe try using Revo Uninstaller:

 

download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in next reply, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

(Two part post because it`s too long for one post.)

 

OK so I used Revo Uninstaller to uninstall those two programs: Uniblue and MyPC Backup.

 

Downloaded, uninstalled, and ran AdwCleaner.

 

Post-reboot log file is as follows (AdwCleaner[s0].txt):

 

# AdwCleaner v3.015 - Report created 13/12/2013 at 19:41:32
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : brnwilson - BRNWILSON-PC
# Running from : C:\Users\brnwilson\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Users\brnwilson\AppData\Local\lollipop
Folder Deleted : C:\Users\brnwilson\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\brnwilson\AppData\Local\Searchprotect
Folder Deleted : C:\Users\brnwilson\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\brnwilson\AppData\Local\Wajam
Folder Deleted : C:\Users\BRNWIL~1\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\brnwilson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\brnwilson\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\brnwilson\AppData\Roaming\FoxTab
Folder Deleted : C:\Users\brnwilson\AppData\Roaming\iSafe
Folder Deleted : C:\Users\brnwilson\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\brnwilson\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422052294}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466056694}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422052294}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466056694}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v
 
[ File : C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [9605 octets] - [13/12/2013 19:39:15]
AdwCleaner[s0].txt - [8649 octets] - [13/12/2013 19:41:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8709 octets] ##########
 
 
Next I adjusted the Malwarebytes settings as described, and ran a full scan.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.13.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
brnwilson :: BRNWILSON-PC [administrator]
 
Protection: Enabled
 
13/12/2013 7:50:51 PM
mbam-log-2013-12-13 (19-50-51).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445984
Time elapsed: 1 hour(s), 21 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
And of course, I downloaded, installed, and ran the Farbar Recovery Scan Tool. Here are the logs.
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by brnwilson (administrator) on BRNWILSON-PC on 13-12-2013 21:16:39
Running from C:\Users\brnwilson\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\brnwilson\AppData\Local\Google\Chrome Frame\Application\31.0.1650.57\chrome_frame_helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-16] (Google Inc.)
HKCU\...\Run: [WeatherEye] - C:\Users\brnwilson\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe [309104 2010-09-21] (Pelmorex Media Inc.)
HKCU\...\Run: [ChromeFrameHelper] - C:\Users\brnwilson\AppData\Local\Google\Chrome Frame\Application\31.0.1650.57\chrome_frame_helper.exe [83408 2013-11-14] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs:    [ ] ()
Startup: C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\brnwilson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {38558705-E8DF-44D4-B726-F0AF58D3C0F4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
BHO: Feven 1.7 - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: search.snapdo.com
CHR DefaultSearchProvider: Web
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\brnwilson\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\brnwilson\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll (CouponAlert)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Liveu0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\brnwilson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\brnwilson\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-03-13] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
U4 eabfiltr; 
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-13 21:16 - 2013-12-13 21:17 - 00013662 _____ C:\Users\brnwilson\Desktop\FRST.txt
2013-12-13 21:16 - 2013-12-13 21:16 - 00000000 ____D C:\FRST
2013-12-13 21:15 - 2013-12-13 21:15 - 01927462 _____ (Farbar) C:\Users\brnwilson\Desktop\FRST64.exe
2013-12-13 19:46 - 2013-12-13 19:46 - 00008865 _____ C:\Users\brnwilson\Desktop\AdwCleaner[s0].txt
2013-12-13 19:38 - 2013-12-13 19:41 - 00000000 ____D C:\AdwCleaner
2013-12-13 19:37 - 2013-12-13 19:37 - 01226802 _____ C:\Users\brnwilson\Desktop\AdwCleaner.exe
2013-12-13 00:23 - 2013-12-13 00:23 - 01379840 _____ C:\Users\brnwilson\Downloads\ChristmasGreeting.pps
2013-12-13 00:23 - 2013-12-13 00:23 - 01379840 _____ C:\Users\brnwilson\Downloads\ChristmasGreeting (1).pps
2013-12-13 00:20 - 2013-12-13 00:20 - 00819184 _____ (Google Inc.) C:\Users\brnwilson\Downloads\ChromeSetup.exe
2013-12-13 00:20 - 2013-12-13 00:20 - 00002392 _____ C:\Users\brnwilson\Desktop\Google Chrome.lnk
2013-12-12 22:37 - 2013-12-12 22:37 - 00026282 _____ C:\Users\brnwilson\Desktop\dds.txt
2013-12-12 22:37 - 2013-12-12 22:37 - 00014120 _____ C:\Users\brnwilson\Desktop\attach.txt
2013-12-12 22:30 - 2013-12-12 22:30 - 00499464 _____ C:\Windows\PFRO.log
2013-12-12 22:17 - 2013-12-12 22:17 - 00688992 ____R (Swearware) C:\Users\brnwilson\Desktop\dds.com
2013-12-12 22:13 - 2013-12-12 22:13 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Malwarebytes
2013-12-12 22:12 - 2013-12-12 22:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 22:12 - 2013-12-12 22:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\brnwilson\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 22:12 - 2013-12-12 22:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 22:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-12 22:06 - 2013-12-12 22:06 - 00008740 _____ C:\Users\brnwilson\Desktop\RKreport[0]_S_12122013_220608.txt
2013-12-12 22:03 - 2013-12-12 22:15 - 00000000 ____D C:\Users\brnwilson\Desktop\RK_Quarantine
2013-12-12 21:57 - 2013-12-12 21:57 - 04166144 _____ C:\Users\brnwilson\Desktop\RogueKillerX64.exe
2013-12-12 19:32 - 2013-12-12 19:32 - 08669472 _____ (Microsoft Corporation) C:\Users\brnwilson\Downloads\Windows7UpgradeAdvisorSetup.exe
2013-12-12 19:19 - 2013-12-13 21:14 - 00001449 _____ C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-12-12 08:12 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 08:12 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 08:12 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 08:12 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 08:07 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 08:07 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 08:07 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 08:07 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 08:07 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 08:07 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 08:07 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 08:07 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 08:07 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 08:07 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 08:07 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 08:07 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 08:07 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 08:07 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 08:07 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 08:06 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 08:06 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 08:06 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 08:06 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 08:06 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 08:06 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 08:06 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:06 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 08:06 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 08:06 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 08:06 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 08:06 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 08:06 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 08:06 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 08:06 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 08:06 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 15:57 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 15:57 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 15:57 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 15:57 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 15:57 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 15:57 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 15:57 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 15:57 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 15:57 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 15:57 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 15:57 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 15:57 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 15:57 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 15:57 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 15:57 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 15:56 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 15:56 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 15:56 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 15:56 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 22:14 - 2013-12-13 19:43 - 00000336 _____ C:\Windows\setupact.log
2013-12-07 22:14 - 2013-12-07 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\Users\brnwilson\AppData\Local\VS Revo Group
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\Program Files\VS Revo Group
2013-12-06 19:48 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2013-12-06 19:47 - 2013-12-06 19:47 - 10031224 _____ (VS Revo Group                                               ) C:\Users\brnwilson\Downloads\RevoUninProSetup.exe
2013-12-06 19:31 - 2013-12-06 19:32 - 00627256 _____ C:\cc_reg_bu_20131206.reg
2013-12-06 19:26 - 2013-12-06 19:27 - 04616840 _____ (Piriform Ltd) C:\Users\brnwilson\Downloads\ccsetup408pro (1).exe
2013-12-06 19:26 - 2013-12-06 19:26 - 04616840 _____ (Piriform Ltd) C:\Users\brnwilson\Downloads\ccsetup408pro.exe
2013-12-06 19:00 - 2013-12-06 19:00 - 00001258 _____ C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-12-06 19:00 - 2013-12-06 19:00 - 00000000 ____D C:\Users\brnwilson\AppData\Local\emaze
2013-12-06 18:59 - 2013-12-12 22:29 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-06 18:59 - 2013-12-12 22:28 - 00000000 ____D C:\ProgramData\Updater
2013-12-06 18:59 - 2013-12-06 18:59 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Mozilla
2013-12-06 18:51 - 2013-12-06 18:52 - 00000000 ____D C:\Users\brnwilson\Documents\RegistryDr
2013-12-06 16:29 - 2013-12-06 16:29 - 00000000 ____D C:\Program Files (x86)\Lightspark 0.5.3-git
2013-12-06 16:29 - 2013-12-06 16:29 - 00000000 _____ C:\extensions.sqlite
2013-12-06 16:28 - 2013-12-06 19:37 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-06 16:28 - 2013-12-06 19:37 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2013-12-06 16:28 - 2013-12-06 19:33 - 00000000 ____D C:\Program Files (x86)\AmiExt
2013-12-06 16:28 - 2013-12-06 18:52 - 00003466 _____ C:\Windows\System32\Tasks\RegistryDr_Popup
2013-12-06 16:28 - 2013-12-06 16:58 - 00000000 ____D C:\Users\brnwilson\AppData\Local\Mobogenie
2013-12-06 16:28 - 2013-12-06 16:28 - 00003202 _____ C:\Windows\System32\Tasks\RegistryDr_Start
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\RegistryDR
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\genienext
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\cache
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\.android
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 _____ C:\Users\brnwilson\daemonprocess.txt
2013-12-06 16:27 - 2013-12-06 16:27 - 00000000 ____D C:\Windows\system32\log
2013-12-03 08:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 08:18 - 2013-12-03 08:18 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 08:18 - 2013-12-03 08:18 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 08:18 - 2013-12-03 08:18 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 08:18 - 2013-12-03 08:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 08:18 - 2013-12-03 08:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 08:18 - 2013-12-03 08:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 08:18 - 2013-12-03 08:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-02 11:39 - 2013-12-02 11:39 - 00336740 _____ C:\Users\brnwilson\Downloads\Michelle1.htm
2013-12-02 11:38 - 2013-12-02 11:38 - 00338472 _____ C:\Users\brnwilson\Downloads\Michelle.htm
2013-11-14 17:23 - 2013-11-14 17:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 17:23 - 2013-11-14 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 14:15 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 14:15 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 14:15 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 14:14 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 14:14 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 14:14 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 14:14 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 14:14 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 14:14 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 14:14 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 14:14 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 14:14 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 14:14 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 14:14 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 14:14 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 14:14 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 14:14 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 14:14 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 14:14 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 14:14 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 14:14 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 14:14 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 14:14 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 14:14 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 14:14 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 14:14 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 14:14 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 14:14 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 14:14 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 14:14 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
 
==================== One Month Modified Files and Folders =======
 
2013-12-13 21:17 - 2013-12-13 21:16 - 00013662 _____ C:\Users\brnwilson\Desktop\FRST.txt
2013-12-13 21:16 - 2013-12-13 21:16 - 00000000 ____D C:\FRST
2013-12-13 21:15 - 2013-12-13 21:15 - 01927462 _____ (Farbar) C:\Users\brnwilson\Desktop\FRST64.exe
2013-12-13 21:14 - 2013-12-12 19:19 - 00001449 _____ C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-12-13 21:12 - 2010-03-19 23:25 - 00924115 _____ C:\Windows\WindowsUpdate.log
2013-12-13 21:09 - 2012-03-29 10:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-13 20:49 - 2011-03-23 17:25 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001UA.job
2013-12-13 20:38 - 2010-10-10 08:16 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-13 19:50 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 19:50 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 19:46 - 2013-12-13 19:46 - 00008865 _____ C:\Users\brnwilson\Desktop\AdwCleaner[s0].txt
2013-12-13 19:46 - 2010-06-11 10:41 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Skype
2013-12-13 19:45 - 2012-02-10 17:16 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Dropbox
2013-12-13 19:44 - 2012-02-10 17:18 - 00000000 ___RD C:\Users\brnwilson\Dropbox
2013-12-13 19:44 - 2010-06-09 16:36 - 00000000 ____D C:\Users\brnwilson\AppData\Local\VirtualStore
2013-12-13 19:43 - 2013-12-07 22:14 - 00000336 _____ C:\Windows\setupact.log
2013-12-13 19:43 - 2010-10-10 08:16 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 19:43 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 19:41 - 2013-12-13 19:38 - 00000000 ____D C:\AdwCleaner
2013-12-13 19:37 - 2013-12-13 19:37 - 01226802 _____ C:\Users\brnwilson\Desktop\AdwCleaner.exe
2013-12-13 19:35 - 2010-06-09 16:36 - 00000000 ___RD C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-13 19:17 - 2013-04-05 07:09 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{211BC292-F288-4086-9EB6-1F070BC3D980}
2013-12-13 17:41 - 2011-12-24 11:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-13 17:41 - 2010-06-10 17:41 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-13 06:33 - 2011-03-23 17:25 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001Core.job
2013-12-13 00:23 - 2013-12-13 00:23 - 01379840 _____ C:\Users\brnwilson\Downloads\ChristmasGreeting.pps
2013-12-13 00:23 - 2013-12-13 00:23 - 01379840 _____ C:\Users\brnwilson\Downloads\ChristmasGreeting (1).pps
2013-12-13 00:20 - 2013-12-13 00:20 - 00819184 _____ (Google Inc.) C:\Users\brnwilson\Downloads\ChromeSetup.exe
2013-12-13 00:20 - 2013-12-13 00:20 - 00002392 _____ C:\Users\brnwilson\Desktop\Google Chrome.lnk
2013-12-12 22:37 - 2013-12-12 22:37 - 00026282 _____ C:\Users\brnwilson\Desktop\dds.txt
2013-12-12 22:37 - 2013-12-12 22:37 - 00014120 _____ C:\Users\brnwilson\Desktop\attach.txt
2013-12-12 22:33 - 2010-07-09 16:57 - 00000000 ____D C:\Users\brnwilson\AppData\Local\CrashDumps
2013-12-12 22:30 - 2013-12-12 22:30 - 00499464 _____ C:\Windows\PFRO.log
2013-12-12 22:29 - 2013-12-06 18:59 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-12 22:28 - 2013-12-06 18:59 - 00000000 ____D C:\ProgramData\Updater
2013-12-12 22:17 - 2013-12-12 22:17 - 00688992 ____R (Swearware) C:\Users\brnwilson\Desktop\dds.com
2013-12-12 22:17 - 2012-05-22 05:43 - 00782848 ___SH C:\Users\brnwilson\Downloads\Thumbs.db
2013-12-12 22:15 - 2013-12-12 22:03 - 00000000 ____D C:\Users\brnwilson\Desktop\RK_Quarantine
2013-12-12 22:13 - 2013-12-12 22:13 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Malwarebytes
2013-12-12 22:13 - 2013-12-12 22:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 22:12 - 2013-12-12 22:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\brnwilson\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 22:12 - 2013-12-12 22:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 22:06 - 2013-12-12 22:06 - 00008740 _____ C:\Users\brnwilson\Desktop\RKreport[0]_S_12122013_220608.txt
2013-12-12 21:57 - 2013-12-12 21:57 - 04166144 _____ C:\Users\brnwilson\Desktop\RogueKillerX64.exe
2013-12-12 19:33 - 2009-07-13 23:13 - 00731034 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 19:32 - 2013-12-12 19:32 - 08669472 _____ (Microsoft Corporation) C:\Users\brnwilson\Downloads\Windows7UpgradeAdvisorSetup.exe
2013-12-12 08:20 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 08:19 - 2009-07-13 22:45 - 00438008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 08:11 - 2010-03-12 23:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 17:32 - 2013-11-08 17:44 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForbrnwilson
2013-12-11 17:32 - 2013-11-08 17:44 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForbrnwilson.job
2013-12-10 18:09 - 2012-03-29 10:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 18:09 - 2012-03-29 10:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 18:09 - 2011-05-17 21:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-07 22:14 - 2013-12-07 22:14 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\Users\brnwilson\AppData\Local\VS Revo Group
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-06 19:48 - 2013-12-06 19:48 - 00000000 ____D C:\Program Files\VS Revo Group
2013-12-06 19:47 - 2013-12-06 19:47 - 10031224 _____ (VS Revo Group                                               ) C:\Users\brnwilson\Downloads\RevoUninProSetup.exe
2013-12-06 19:37 - 2013-12-06 16:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-06 19:37 - 2013-12-06 16:28 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2013-12-06 19:37 - 2013-05-31 18:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-06 19:33 - 2013-12-06 16:28 - 00000000 ____D C:\Program Files (x86)\AmiExt
2013-12-06 19:32 - 2013-12-06 19:31 - 00627256 _____ C:\cc_reg_bu_20131206.reg
2013-12-06 19:30 - 2010-12-04 17:34 - 00000000 ____D C:\Windows\Minidump
2013-12-06 19:30 - 2009-09-06 19:57 - 00000000 ____D C:\Windows\Panther
2013-12-06 19:27 - 2013-12-06 19:26 - 04616840 _____ (Piriform Ltd) C:\Users\brnwilson\Downloads\ccsetup408pro (1).exe
2013-12-06 19:26 - 2013-12-06 19:26 - 04616840 _____ (Piriform Ltd) C:\Users\brnwilson\Downloads\ccsetup408pro.exe
2013-12-06 19:02 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-06 19:00 - 2013-12-06 19:00 - 00001258 _____ C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2013-12-06 19:00 - 2013-12-06 19:00 - 00000000 ____D C:\Users\brnwilson\AppData\Local\emaze
2013-12-06 18:59 - 2013-12-06 18:59 - 00000000 ____D C:\Users\brnwilson\AppData\Roaming\Mozilla
2013-12-06 18:52 - 2013-12-06 18:51 - 00000000 ____D C:\Users\brnwilson\Documents\RegistryDr
2013-12-06 18:52 - 2013-12-06 16:28 - 00003466 _____ C:\Windows\System32\Tasks\RegistryDr_Popup
2013-12-06 16:58 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\Mobogenie
2013-12-06 16:29 - 2013-12-06 16:29 - 00000000 ____D C:\Program Files (x86)\Lightspark 0.5.3-git
2013-12-06 16:29 - 2013-12-06 16:29 - 00000000 _____ C:\extensions.sqlite
2013-12-06 16:28 - 2013-12-06 16:28 - 00003202 _____ C:\Windows\System32\Tasks\RegistryDr_Start
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\RegistryDR
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\genienext
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\AppData\Local\cache
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 ____D C:\Users\brnwilson\.android
2013-12-06 16:28 - 2013-12-06 16:28 - 00000000 _____ C:\Users\brnwilson\daemonprocess.txt
2013-12-06 16:28 - 2010-06-09 16:25 - 00000000 ____D C:\Users\brnwilson
2013-12-06 16:27 - 2013-12-06 16:27 - 00000000 ____D C:\Windows\system32\log
2013-12-05 05:44 - 2011-03-23 17:25 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001UA
2013-12-05 05:44 - 2011-03-23 17:25 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001Core
2013-12-03 08:41 - 2010-06-11 10:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-03 08:41 - 2010-06-11 10:40 - 00000000 ____D C:\ProgramData\Skype
2013-12-03 08:39 - 2010-06-09 16:36 - 00001417 _____ C:\Users\brnwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 08:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 08:18 - 2013-12-03 08:18 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 08:18 - 2013-12-03 08:18 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 08:18 - 2013-12-03 08:18 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 08:18 - 2013-12-03 08:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 08:18 - 2013-12-03 08:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 08:18 - 2013-12-03 08:18 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 08:18 - 2013-12-03 08:18 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 08:18 - 2013-12-03 08:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 08:18 - 2013-12-03 08:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 05:33 - 2010-10-10 08:16 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 05:33 - 2010-10-10 08:16 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 11:39 - 2013-12-02 11:39 - 00336740 _____ C:\Users\brnwilson\Downloads\Michelle1.htm
2013-12-02 11:38 - 2013-12-02 11:38 - 00338472 _____ C:\Users\brnwilson\Downloads\Michelle.htm
2013-11-26 05:54 - 2013-12-12 08:07 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 04:19 - 2013-12-12 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 04:18 - 2013-12-12 08:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 04:11 - 2013-12-12 08:06 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 03:48 - 2013-12-12 08:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:46 - 2013-12-12 08:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:41 - 2013-12-12 08:06 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:29 - 2013-12-12 08:07 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:27 - 2013-12-12 08:07 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:23 - 2013-12-12 08:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 03:21 - 2013-12-12 08:07 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:18 - 2013-12-12 08:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:18 - 2013-12-12 08:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:16 - 2013-12-12 08:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 02:57 - 2013-12-12 08:07 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 02:38 - 2013-12-12 08:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 02:38 - 2013-12-12 08:06 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 02:35 - 2013-12-12 08:06 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 02:32 - 2013-12-12 08:07 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 02:28 - 2013-12-12 08:07 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 02:16 - 2013-12-12 08:06 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 02:02 - 2013-12-12 08:06 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 01:48 - 2013-12-12 08:06 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 01:32 - 2013-12-12 08:06 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 01:26 - 2013-12-12 08:06 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 01:07 - 2013-12-12 08:06 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 00:40 - 2013-12-12 08:06 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 00:34 - 2013-12-12 08:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 00:34 - 2013-12-12 08:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 00:33 - 2013-12-12 08:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 00:27 - 2013-12-12 08:06 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-23 12:26 - 2013-12-11 15:57 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 11:47 - 2013-12-11 15:57 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 08:49 - 2012-02-14 12:07 - 00000302 _____ C:\Users\brnwilson\AppData\Roaming\wklnhst.dat
2013-11-23 08:49 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-19 04:21 - 2010-06-09 16:39 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-14 17:24 - 2013-11-14 17:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 17:24 - 2011-09-07 18:59 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-14 17:23 - 2013-11-14 17:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-14 17:23 - 2010-03-12 23:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-14 14:03 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 08:03 - 2013-08-14 08:01 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 08:01 - 2010-06-12 21:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\brnwilson\AppData\Local\Temp\BackupSetup.exe
C:\Users\brnwilson\AppData\Local\Temp\ntdll_dump.dll
C:\Users\brnwilson\AppData\Local\Temp\Quarantine.exe
C:\Users\brnwilson\AppData\Local\Temp\SendMsg.dll
C:\Users\brnwilson\AppData\Local\Temp\tbVisu.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-30 07:46
 
==================== End Of Log ============================
 
 
 
Link to post
Share on other sites

Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by brnwilson at 2013-12-13 21:17:47
Running from C:\Users\brnwilson\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32)
4500_G510nz_Help (x32 Version: 000.0.439.000)
4500G510nz (x32 Version: 000.0.439.000)
4500G510nz_Software_Min (x32 Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player (x32 Version: 11.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Driver Installation Program (x32 Version: 9.0)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 130.0.331.000)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.98.60.50)
CyberLink DVD Suite (x32 Version: 7.0.2111)
CyberLink MediaShow (x32 Version: 4.1.3325)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005)
CyberLink YouCam (x32 Version: 3.0.2201)
D3DX10 (x32 Version: 15.4.2368.0902)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DMUninstaller (x32)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 13.0.0.0)
Dropbox (HKCU Version: 2.0.22)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Fax (x32 Version: 130.0.418.000)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Chrome Frame (HKCU Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.3.9512.3162)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Document Manager 2.0 (Version: 2.0)
HP Games (x32 Version: 1.0.0.71)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Quick Launch Buttons (x32 Version: 6.50.16.1)
HP Setup (x32 Version: 1.2.3560.3170)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HP User Guides 0156 (x32 Version: 1.02.0001)
HP Wireless Assistant (x32 Version: 3.50.11.2)
HPDiagnosticAlert (x32 Version: 1.00.0000)
iCloud (Version: 2.1.2.8)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 15 (64-bit) (Version: 6.0.150)
Java SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LightScribe System Software (x32 Version: 1.18.12.1)
Lightspark 0.5.3-git (x32 Version: 0.5.3-git)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40820)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825)
Microsoft Works (x32 Version: 9.7.0621)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (x32)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (x32)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (x32)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Power2Go (x32 Version: 6.0.3311)
PowerDirector (x32 Version: 7.0.3311)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0007)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30093)
Recovery Manager (x32 Version: 5.5.2214)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 13.0.0.0)
Skype Click to Call (x32 Version: 6.10.13089)
Skype™ 6.11 (x32 Version: 6.11.102)
SmartWebPrinting (x32 Version: 140.0.186.000)
Snap.Do (x32 Version: 11.8.1.13233)
Snap.Do Engine (HKCU Version: 11.8.1.13233)
Status (x32 Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Updater (x32 Version: 2.6.49)
WeatherEye (HKCU)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Yahoo! Detect (x32)
 
==================== Restore Points  =========================
 
25-11-2013 16:40:39 Windows Update
29-11-2013 06:36:46 Windows Update
02-12-2013 15:52:08 Windows Update
03-12-2013 14:15:23 Windows Update
06-12-2013 20:22:32 Windows Update
06-12-2013 22:31:15 Before Registry Dr fix
10-12-2013 01:37:17 Windows Update
12-12-2013 14:00:27 Windows Update
13-12-2013 01:17:46 Uniblue SpeedUpMyPC installation
14-12-2013 01:33:51 Revo Uninstaller Pro's restore point - SpeedUpMyPC
14-12-2013 01:35:22 Revo Uninstaller Pro's restore point - MyPC Backup 
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {11F64B5F-9828-40CA-A482-27A96CEC3A63} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe
Task: {21B1EE96-F003-47DD-ACB6-BC70C6CFDC5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001UA => C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16] (Google Inc.)
Task: {513BE026-1140-4631-B711-C39721A7F39B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10] (Google Inc.)
Task: {9133FA19-A459-4219-B464-2B5C42CB675F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10] (Google Inc.)
Task: {A93B281F-B67F-4616-A116-CD89FABCE30D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-12-12] (Microsoft)
Task: {AAB169DF-1CBF-4548-BC44-88C63D4D53A0} - System32\Tasks\{8BD86690-C68B-4638-806F-89608CD8AC9E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B98C4B1B-6C4A-48BE-93C8-4B36B2EF19BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001Core => C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16] (Google Inc.)
Task: {C812B112-13B4-4EA0-B83C-599F7B1B8CBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D10E6D46-7E84-40E5-B2A0-6CC2450F8F17} - System32\Tasks\HPCeeScheduleForbrnwilson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D9170665-93E6-4F95-B120-38FBBD0433E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {E34701EB-A714-4169-9811-7B7EC5B0EBCD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EEE13B24-9892-49DB-9CCB-201FF07136D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F46AFDBB-D2F1-44DA-92EB-131F3CBA4A21} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {F623EF12-1C62-47FF-935A-CB674D6E41FF} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001Core.job => C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1228314945-1806429614-2320376098-1001UA.job => C:\Users\brnwilson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForbrnwilson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/13/2013 07:35:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1228314945-1806429614-2320376098-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {88d6985c-06af-4b2e-bca3-fa467cc17298}
 
Error: (12/13/2013 07:35:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1228314945-1806429614-2320376098-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {88d6985c-06af-4b2e-bca3-fa467cc17298}
 
Error: (12/13/2013 07:33:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1228314945-1806429614-2320376098-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {88d6985c-06af-4b2e-bca3-fa467cc17298}
 
Error: (12/13/2013 07:33:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1228314945-1806429614-2320376098-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {88d6985c-06af-4b2e-bca3-fa467cc17298}
 
Error: (12/13/2013 07:33:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {85973976-ccc9-4675-8f70-22ebaa32b8bf}
 
Error: (12/12/2013 10:33:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: Dropbox.exe, version: 2.0.22.0, time stamp: 0x515f37bb
Faulting module name: libcef.dll, version: 1.1364.1123.0, time stamp: 0x513530d7
Exception code: 0xc0000005
Fault offset: 0x0005fba7
Faulting process id: 0xf0c
Faulting application start time: 0xDropbox.exe0
Faulting application path: Dropbox.exe1
Faulting module path: Dropbox.exe2
Report Id: Dropbox.exe3
 
Error: (12/12/2013 09:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1388
 
Error: (12/12/2013 09:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1388
 
Error: (12/12/2013 09:25:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/12/2013 09:24:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 656436
 
 
System errors:
=============
Error: (12/13/2013 07:39:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer BRACHAM-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EF69301-EE42-498F-867C-D4756633FE65}.
The master browser is stopping or an election is being forced.
 
Error: (12/13/2013 07:35:39 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/13/2013 07:17:46 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer BRACHAM-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9EF69301-EE42-498F-867C-D4756633FE65}.
The master browser is stopping or an election is being forced.
 
Error: (12/13/2013 00:17:58 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/12/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service failed to start due to the following error: 
%%2
 
Error: (12/12/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (12/12/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (12/12/2013 07:18:57 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/07/2013 10:16:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/07/2013 10:16:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 3999.19 MB
Available physical RAM: 2465.45 MB
Total Pagefile: 7996.56 MB
Available Pagefile: 6461.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:452.43 GB) (Free:387.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.14 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 82BB191C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

After completing all that, the computer (which I am currently on, which made posting of the log files much easier!) seems to be clean. Both used browsers (IE and Chrome) are now back to preferred homepages instead of the pages set by the malware. After completing this post, I will restart the computer again, and check back in. I'm expecting that it's all cleaned up now, as when I'd previously attempted to clean it myself, everything came back right after a restart.

Link to post
Share on other sites

After the restart, the computer seemed to be running very well, and as clean as ever! 

 

Thank you Kevin! My roommate was talking about spending money on getting the laptop cleaned, and I know he appreciates my time going through the process as much as I appreciate your instruction of the process!

 

Thanks again! Have a great day!

Link to post
Share on other sites

Still some work to do....

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs...

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.