Jump to content

Recommended Posts

Having issues where after a while of use my computer will start scrolling to the bottom of pages and documents or whenever I attempt to open on my desktop it opens my recycle bin which is in the lowest right hand corner of my screen.  I have ran malwarebytes and removed 87 items as well as AVG and that removed 23 files.  This is still happening and not sure what else to do. Any assistance would be appreciated.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:32:54 AM, on 12/26/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v11.0 (11.00.9600.16428)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Rachel\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49172;https=127.0.0.1:49172

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: BetterSrf - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

O2 - BHO: BetterSrf - {45277F9D-8C9C-4726-A558-D69AC740910E} - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ie\BetterSrf.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: BetterSrf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: WebexpEnhancedV1alpha913 - {fc5e9fc3-a288-4a35-a2e6-b7368b79afae} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha913\ie\WebexpEnhancedV1alpha913.dll (file missing)

O2 - BHO: WebexpEnhancedV1alpha167 - {fcfbfd75-d38a-401e-900d-88a18d9c10d7} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha167\ie\WebexpEnhancedV1alpha167.dll (file missing)

O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll

O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [browserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: vpngui.exe.lnk = ?



O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix: 

O16 - DPF: {5DBF0043-899B-4B69-87A5-34555198C7C2} (WinScribe Web Setup Control) - http://winscribe/winscribe/setup/includes/WinScribeWebSetup.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:  

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Olympus DVR Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater17.2.0 - AVG Secure Search - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 16350 bytes

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Are you aware of this proxy server running on your system?, ProxyServer = http=127.0.0.1:49172;https=127.0.0.1:49172

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

As far as the Proxy Server you are referring to I am not sure what that is.  I do use this computer to work from home so I'm not sure if that is what it is.  I use a VPN client to log into a computer at my place of work so that I can complete my work.

 

Here is the FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013
Ran by Rachel (administrator) on RACHEL-HP on 29-12-2013 09:18:09
Running from C:\Users\Rachel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2013-10-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2013-10-05] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2471448 2013-12-09] ()
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
MountPoints2: F - F:\MotoCastSetup.exe -a
MountPoints2: {6cf7059d-3abc-11e3-b5be-8ce4733062d1} - F:\VerizonSWUpgradeAssistantLauncher.exe
MountPoints2: {dfef432c-23d0-11e3-aeab-806e6f6e6963} - E:\SETUP.EXE
MountPoints2: {f30c95a8-5af8-11e3-b972-9b54ed3d66d1} - F:\MotoCastSetup.exe -a
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
AppInit_DLLs:   [ ] ()
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:49186;https=127.0.0.1:49186
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {4C50E60B-A45E-4B56-825D-EA0AFA620A17} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {6C2BF07D-7351-4A22-877D-B3AE43F315CE} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {6CE5DE51-200B-46BC-84AB-C05E23DCC62A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {4C50E60B-A45E-4B56-825D-EA0AFA620A17} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {6C2BF07D-7351-4A22-877D-B3AE43F315CE} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {6CE5DE51-200B-46BC-84AB-C05E23DCC62A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {4C50E60B-A45E-4B56-825D-EA0AFA620A17} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {6C2BF07D-7351-4A22-877D-B3AE43F315CE} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {6CE5DE51-200B-46BC-84AB-C05E23DCC62A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5CA5FE80-1AEE-41C4-8F38-96E45E03E0E0}&mid=8e11a4bb15ea47d38d381924bc8bf92c-0627f8f00d2236c9166eb618896f564944eec925〈=en&ds=AVG&pr=pr&d=2013-09-22 17:41:26&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Better Surf Plus - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BetterSurf Plus V1 - {45277F9D-8C9C-4726-A558-D69AC740910E} - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ie\BetterSrf.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Better-Surf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Webexp Enhanced - {fc5e9fc3-a288-4a35-a2e6-b7368b79afae} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha913\ie\WebexpEnhancedV1alpha913.dll No File
BHO-x32: Webexp Enhanced - {fcfbfd75-d38a-401e-900d-88a18d9c10d7} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha167\ie\WebexpEnhancedV1alpha167.dll No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {5DBF0043-899B-4B69-87A5-34555198C7C2} http://winscribe/winscribe/setup/includes/WinScribeWebSetup.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.225.5.2 24.225.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\yo3l65lw.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha913.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha913\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha167.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha167\ff
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (HP Product Detection Plugin) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0
CHR Extension: (Docs) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Rainbow Forest (SHERIFFF)) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdjilcpogpekcjghekpjffcoaaimjid\1_0
CHR Extension: (Add to Amazon Wish List) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Google Search) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dgfhlbdcljfblenmipbeinbciepehabo] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha913\ch\WebexpEnhancedV1alpha913.crx
CHR HKLM-x32\...\Chrome\Extension: [gdgjlnojmonmckgnggmagnilkpfdcige] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha167\ch\WebexpEnhancedV1alpha167.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [355496 2011-10-18] (Check Point Software Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-18] (AVG Technologies)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2011-10-18] (Check Point Software Technologies)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-29 09:18 - 2013-12-29 09:18 - 00023138 _____ C:\Users\Rachel\Downloads\FRST.txt
2013-12-29 09:18 - 2013-12-29 09:18 - 00000000 ____D C:\FRST
2013-12-29 09:17 - 2013-12-29 09:17 - 01931262 _____ (Farbar) C:\Users\Rachel\Downloads\FRST64.exe
2013-12-28 18:29 - 2013-12-28 18:29 - 00349800 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-12-28 18:29 - 2013-12-28 18:29 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-12-26 21:07 - 2013-12-26 21:07 - 00000000 ____D C:\Users\Rachel\AppData\Local\Microsoft Games
2013-12-26 21:03 - 2013-12-26 21:03 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Malwarebytes
2013-12-26 21:01 - 2013-12-26 21:01 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 21:01 - 2013-12-26 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 21:01 - 2013-12-26 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 21:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-26 11:43 - 2013-12-26 11:12 - 00002623 _____ C:\Users\Rachel\Desktop\VPN Client.lnk
2013-12-26 11:32 - 2013-12-26 11:32 - 00002089 _____ C:\Users\Rachel\Desktop\HijackThis.lnk
2013-12-26 11:32 - 2013-12-26 11:32 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-26 11:30 - 2013-12-26 11:31 - 29040552 _____ (Oracle Corporation) C:\Users\Rachel\Downloads\jre-7u45-windows-i586(1).exe
2013-12-26 11:22 - 2013-12-26 11:24 - 29040552 _____ (Oracle Corporation) C:\Users\Rachel\Downloads\jre-7u45-windows-i586.exe
2013-12-26 11:12 - 2013-12-26 11:14 - 00001594 _____ C:\Windows\VPNInstall.MIF
2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-12-26 11:08 - 2013-12-26 11:09 - 18257402 _____ C:\Users\Rachel\Downloads\SNX_MACOS.windows.gz
2013-12-26 10:58 - 2013-12-26 11:02 - 00000000 ____D C:\Users\Rachel\Desktop\Misc Desktop Items
2013-12-26 09:35 - 2013-12-26 09:35 - 00000245 _____ C:\Users\Rachel\AppData\Local\7C26.tmp
2013-12-24 17:44 - 2013-12-24 17:44 - 00000245 _____ C:\Users\Rachel\AppData\Local\CF53.tmp
2013-12-24 17:05 - 2013-12-24 17:05 - 00000245 _____ C:\Users\Rachel\AppData\Local\7B72.tmp
2013-12-24 16:56 - 2013-12-24 16:56 - 00000245 _____ C:\Users\Rachel\AppData\Local\A8E3.tmp
2013-12-23 21:39 - 2013-12-23 21:39 - 00000245 _____ C:\Users\Rachel\AppData\Local\671E.tmp
2013-12-23 21:25 - 2013-12-23 21:25 - 00000245 _____ C:\Users\Rachel\AppData\Local\B5A5.tmp
2013-12-23 21:07 - 2013-12-23 21:07 - 00000245 _____ C:\Users\Rachel\AppData\Local\6C4A.tmp
2013-12-23 12:54 - 2013-12-23 12:54 - 00000245 _____ C:\Users\Rachel\AppData\Local\6BC1.tmp
2013-12-23 11:07 - 2013-12-28 23:39 - 00000000 ____D C:\Users\Rachel\Desktop\Lane County
2013-12-23 10:56 - 2013-12-23 10:56 - 00000245 _____ C:\Users\Rachel\AppData\Local\6D25.tmp
2013-12-23 10:48 - 2013-12-23 10:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\WinScribe
2013-12-23 10:47 - 2013-12-23 10:47 - 00002501 _____ C:\Users\Rachel\Desktop\WinScribe Client.lnk
2013-12-23 10:45 - 2013-12-23 10:46 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\WinScribe
2013-12-23 10:45 - 2013-12-23 10:46 - 00000000 ____D C:\Program Files (x86)\WinScribe
2013-12-23 10:45 - 2013-12-23 10:45 - 00000000 ____D C:\ProgramData\WinScribe
2013-12-23 10:35 - 2013-12-23 10:35 - 00000245 _____ C:\Users\Rachel\AppData\Local\FEA6.tmp
2013-12-23 10:32 - 2013-12-23 10:33 - 00000000 ____D C:\Users\Rachel\Desktop\rscoree
2013-12-23 10:31 - 2013-12-23 10:59 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-23 10:31 - 2013-12-23 10:31 - 00113224 _____ C:\Users\Rachel\g2ax_customer_downloadhelper_win32_x86.exe
2013-12-23 10:31 - 2013-12-23 10:31 - 00000000 ____D C:\Users\Rachel\AppData\Local\Citrix
2013-12-22 18:11 - 2013-12-26 10:59 - 00000000 ____D C:\Users\Rachel\Desktop\Sweet and Savory
2013-12-21 13:57 - 2013-12-21 13:57 - 00000245 _____ C:\Users\Rachel\AppData\Local\4205.tmp
2013-12-21 13:19 - 2013-12-21 13:19 - 00000245 _____ C:\Users\Rachel\AppData\Local\7DC8.tmp
2013-12-20 14:51 - 2013-12-20 14:51 - 00000245 _____ C:\Users\Rachel\AppData\Local\986C.tmp
2013-12-20 14:38 - 2013-12-20 14:39 - 00002084 _____ C:\Users\Rachel\Desktop\Lane.RDP
2013-12-20 14:37 - 2013-12-26 09:35 - 00001832 _____ C:\Users\Rachel\AppData\Local\SLC_Rachel.prx
2013-12-20 14:37 - 2013-12-20 14:37 - 00000245 _____ C:\Users\Rachel\AppData\Local\5D9A.tmp
2013-12-20 14:37 - 2013-12-20 14:37 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-20 14:36 - 2013-12-20 14:36 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\CheckPoint
2013-12-20 14:28 - 2013-12-20 14:28 - 00000000 ____H C:\Users\Rachel\Documents\Default.rdp
2013-12-20 14:27 - 2013-12-20 14:27 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\TeamViewer
2013-12-17 11:36 - 2013-12-17 11:36 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-15 12:11 - 2013-09-04 06:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-15 12:11 - 2013-09-04 06:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-15 04:11 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-15 04:11 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-15 04:11 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-15 04:11 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-15 04:11 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-15 04:11 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-15 04:11 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-15 04:11 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-15 04:11 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-15 04:11 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-15 04:11 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-15 04:11 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-15 04:11 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-15 04:11 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-15 04:11 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-15 04:11 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-15 04:11 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-15 04:11 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-15 04:11 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-15 04:11 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-15 04:11 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-15 04:11 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-15 04:11 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-15 04:11 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-15 04:11 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-15 04:11 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-15 04:11 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-15 04:11 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-15 04:11 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-15 04:11 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-15 04:11 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 09:28 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-14 09:26 - 2013-12-14 09:26 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-14 09:26 - 2013-12-14 09:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-14 09:26 - 2013-12-14 09:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-14 09:26 - 2013-12-14 09:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-14 09:26 - 2013-12-14 09:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-14 09:26 - 2013-12-14 09:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-14 09:26 - 2013-12-14 09:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-14 09:24 - 2013-12-14 09:28 - 00007379 _____ C:\Windows\IE11_main.log
2013-12-11 20:01 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:01 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:01 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 20:01 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 12:21 - 2013-12-11 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 10:16 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:16 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 10:16 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 10:16 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:16 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 10:16 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:16 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 10:16 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 10:16 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:16 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 10:16 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 10:16 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:16 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:16 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 10:16 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 10:16 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:16 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:16 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 10:16 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 11:48 - 2013-12-09 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-09 11:36 - 2013-12-28 11:38 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Skype
2013-12-09 11:35 - 2013-12-09 11:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 11:33 - 2013-12-09 11:33 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Rachel\Downloads\SkypeSetup.exe
2013-12-08 15:15 - 2013-12-08 15:16 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Five9
2013-12-08 14:26 - 2013-12-14 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-08 14:26 - 2013-12-08 14:51 - 00000000 ____D C:\Users\Rachel\AppData\Local\Mozilla
2013-12-08 14:26 - 2013-12-08 14:26 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Mozilla
2013-12-08 14:26 - 2013-12-08 14:26 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-05 16:15 - 2013-12-05 16:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-04 19:11 - 2013-12-04 19:11 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-12-02 22:23 - 2013-12-14 09:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-02 22:23 - 2013-12-02 22:26 - 00000000 ____D C:\Windows\SHELLNEW
2013-12-02 22:23 - 2013-12-02 22:23 - 00000000 ____D C:\Users\Rachel\AppData\Local\Microsoft Help
2013-12-02 22:23 - 2013-12-02 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-29 15:52 - 2013-11-29 15:52 - 00000000 _____ C:\extensions.sqlite
 
==================== One Month Modified Files and Folders =======
 
2013-12-29 09:18 - 2013-12-29 09:18 - 00023138 _____ C:\Users\Rachel\Downloads\FRST.txt
2013-12-29 09:18 - 2013-12-29 09:18 - 00000000 ____D C:\FRST
2013-12-29 09:17 - 2013-12-29 09:17 - 01931262 _____ (Farbar) C:\Users\Rachel\Downloads\FRST64.exe
2013-12-29 09:15 - 2013-09-22 13:14 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EBD253A5-444A-4625-87C9-E5F4D8080EB1}
2013-12-29 09:06 - 2013-09-22 20:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 08:26 - 2013-09-22 16:35 - 00000000 ____D C:\ProgramData\MFAData
2013-12-29 08:11 - 2010-12-23 03:21 - 01317567 _____ C:\Windows\WindowsUpdate.log
2013-12-29 01:31 - 2013-09-22 13:06 - 00000000 ____D C:\Users\Rachel\AppData\Local\VirtualStore
2013-12-28 23:51 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 23:51 - 2009-07-13 22:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 23:43 - 2013-10-02 11:39 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForRachel.job
2013-12-28 23:43 - 2013-09-22 20:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 23:43 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 23:43 - 2009-07-13 22:51 - 00043626 _____ C:\Windows\setupact.log
2013-12-28 23:39 - 2013-12-23 11:07 - 00000000 ____D C:\Users\Rachel\Desktop\Lane County
2013-12-28 18:31 - 2013-10-02 11:39 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRachel
2013-12-28 18:31 - 2013-10-02 11:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 18:29 - 2013-12-28 18:29 - 00349800 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-12-28 18:29 - 2013-12-28 18:29 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-12-28 18:29 - 2010-12-23 03:24 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-12-28 18:29 - 2010-12-23 03:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-28 18:29 - 2009-09-06 18:40 - 00000000 ____D C:\SwSetup
2013-12-28 18:25 - 2013-10-05 13:32 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-28 11:38 - 2013-12-09 11:36 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Skype
2013-12-26 22:38 - 2013-09-22 15:49 - 00260672 _____ C:\Windows\PFRO.log
2013-12-26 22:35 - 2013-10-27 13:03 - 00000000 ____D C:\Users\Rachel\AppData\Local\SwvUpdater
2013-12-26 22:35 - 2013-10-19 14:07 - 00000000 ____D C:\Users\Rachel\Desktop\Miscellaneous
2013-12-26 21:07 - 2013-12-26 21:07 - 00000000 ____D C:\Users\Rachel\AppData\Local\Microsoft Games
2013-12-26 21:03 - 2013-12-26 21:03 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Malwarebytes
2013-12-26 21:01 - 2013-12-26 21:01 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-26 21:01 - 2013-12-26 21:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-26 21:01 - 2013-12-26 21:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 21:01 - 2009-07-13 23:13 - 00727182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 11:32 - 2013-12-26 11:32 - 00002089 _____ C:\Users\Rachel\Desktop\HijackThis.lnk
2013-12-26 11:32 - 2013-12-26 11:32 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-12-26 11:31 - 2013-12-26 11:30 - 29040552 _____ (Oracle Corporation) C:\Users\Rachel\Downloads\jre-7u45-windows-i586(1).exe
2013-12-26 11:24 - 2013-12-26 11:22 - 29040552 _____ (Oracle Corporation) C:\Users\Rachel\Downloads\jre-7u45-windows-i586.exe
2013-12-26 11:14 - 2013-12-26 11:12 - 00001594 _____ C:\Windows\VPNInstall.MIF
2013-12-26 11:12 - 2013-12-26 11:43 - 00002623 _____ C:\Users\Rachel\Desktop\VPN Client.lnk
2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Program Files\Common Files\Deterministic Networks
2013-12-26 11:12 - 2013-12-26 11:12 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
2013-12-26 11:09 - 2013-12-26 11:08 - 18257402 _____ C:\Users\Rachel\Downloads\SNX_MACOS.windows.gz
2013-12-26 11:03 - 2013-11-10 14:43 - 00000000 ____D C:\Users\Rachel\Desktop\It Works
2013-12-26 11:02 - 2013-12-26 10:58 - 00000000 ____D C:\Users\Rachel\Desktop\Misc Desktop Items
2013-12-26 10:59 - 2013-12-22 18:11 - 00000000 ____D C:\Users\Rachel\Desktop\Sweet and Savory
2013-12-26 09:35 - 2013-12-26 09:35 - 00000245 _____ C:\Users\Rachel\AppData\Local\7C26.tmp
2013-12-26 09:35 - 2013-12-20 14:37 - 00001832 _____ C:\Users\Rachel\AppData\Local\SLC_Rachel.prx
2013-12-24 17:44 - 2013-12-24 17:44 - 00000245 _____ C:\Users\Rachel\AppData\Local\CF53.tmp
2013-12-24 17:05 - 2013-12-24 17:05 - 00000245 _____ C:\Users\Rachel\AppData\Local\7B72.tmp
2013-12-24 16:56 - 2013-12-24 16:56 - 00000245 _____ C:\Users\Rachel\AppData\Local\A8E3.tmp
2013-12-23 21:39 - 2013-12-23 21:39 - 00000245 _____ C:\Users\Rachel\AppData\Local\671E.tmp
2013-12-23 21:25 - 2013-12-23 21:25 - 00000245 _____ C:\Users\Rachel\AppData\Local\B5A5.tmp
2013-12-23 21:07 - 2013-12-23 21:07 - 00000245 _____ C:\Users\Rachel\AppData\Local\6C4A.tmp
2013-12-23 12:54 - 2013-12-23 12:54 - 00000245 _____ C:\Users\Rachel\AppData\Local\6BC1.tmp
2013-12-23 10:59 - 2013-12-23 10:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-23 10:56 - 2013-12-23 10:56 - 00000245 _____ C:\Users\Rachel\AppData\Local\6D25.tmp
2013-12-23 10:48 - 2013-12-23 10:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\WinScribe
2013-12-23 10:47 - 2013-12-23 10:47 - 00002501 _____ C:\Users\Rachel\Desktop\WinScribe Client.lnk
2013-12-23 10:46 - 2013-12-23 10:45 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\WinScribe
2013-12-23 10:46 - 2013-12-23 10:45 - 00000000 ____D C:\Program Files (x86)\WinScribe
2013-12-23 10:45 - 2013-12-23 10:45 - 00000000 ____D C:\ProgramData\WinScribe
2013-12-23 10:35 - 2013-12-23 10:35 - 00000245 _____ C:\Users\Rachel\AppData\Local\FEA6.tmp
2013-12-23 10:33 - 2013-12-23 10:32 - 00000000 ____D C:\Users\Rachel\Desktop\rscoree
2013-12-23 10:31 - 2013-12-23 10:31 - 00113224 _____ C:\Users\Rachel\g2ax_customer_downloadhelper_win32_x86.exe
2013-12-23 10:31 - 2013-12-23 10:31 - 00000000 ____D C:\Users\Rachel\AppData\Local\Citrix
2013-12-23 10:31 - 2013-09-22 13:53 - 00000000 ____D C:\Users\Rachel
2013-12-23 10:06 - 2013-10-19 14:04 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Dropbox
2013-12-21 13:57 - 2013-12-21 13:57 - 00000245 _____ C:\Users\Rachel\AppData\Local\4205.tmp
2013-12-21 13:19 - 2013-12-21 13:19 - 00000245 _____ C:\Users\Rachel\AppData\Local\7DC8.tmp
2013-12-20 14:51 - 2013-12-20 14:51 - 00000245 _____ C:\Users\Rachel\AppData\Local\986C.tmp
2013-12-20 14:39 - 2013-12-20 14:38 - 00002084 _____ C:\Users\Rachel\Desktop\Lane.RDP
2013-12-20 14:37 - 2013-12-20 14:37 - 00000245 _____ C:\Users\Rachel\AppData\Local\5D9A.tmp
2013-12-20 14:37 - 2013-12-20 14:37 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-12-20 14:36 - 2013-12-20 14:36 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\CheckPoint
2013-12-20 14:28 - 2013-12-20 14:28 - 00000000 ____H C:\Users\Rachel\Documents\Default.rdp
2013-12-20 14:27 - 2013-12-20 14:27 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\TeamViewer
2013-12-19 14:05 - 2013-10-25 09:41 - 00000000 ____D C:\ProgramData\HP
2013-12-19 14:05 - 2013-10-25 09:41 - 00000000 ____D C:\Program Files\HP
2013-12-19 14:05 - 2013-10-25 09:41 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-19 14:04 - 2013-09-22 13:06 - 00000000 ___RD C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-19 13:19 - 2013-10-19 14:06 - 00001021 _____ C:\Users\Rachel\Desktop\Dropbox.lnk
2013-12-19 13:19 - 2013-10-19 14:06 - 00000000 ___RD C:\Users\Rachel\Dropbox
2013-12-19 13:19 - 2013-10-19 14:05 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-19 13:17 - 2013-10-25 09:41 - 00000000 ____D C:\Users\Rachel\AppData\Local\HP
2013-12-18 00:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-17 11:36 - 2013-12-17 11:36 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-12-17 11:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\spool
2013-12-15 04:11 - 2013-10-05 14:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 04:08 - 2013-10-05 14:04 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:34 - 2013-09-22 13:06 - 00001409 _____ C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-14 13:33 - 2013-12-08 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 13:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-14 09:28 - 2013-12-14 09:24 - 00007379 _____ C:\Windows\IE11_main.log
2013-12-14 09:26 - 2013-12-14 09:26 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-14 09:26 - 2013-12-14 09:26 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-14 09:26 - 2013-12-14 09:26 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-14 09:26 - 2013-12-14 09:26 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-14 09:26 - 2013-12-14 09:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-14 09:26 - 2013-12-14 09:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-14 09:26 - 2013-12-14 09:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-14 09:26 - 2013-12-14 09:26 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-14 09:26 - 2013-12-14 09:26 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-14 09:24 - 2013-12-02 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 09:24 - 2009-07-13 20:34 - 00000478 _____ C:\Windows\win.ini
2013-12-11 20:09 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 20:08 - 2009-07-13 22:45 - 00427840 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 12:21 - 2013-12-11 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-09 11:48 - 2013-12-09 11:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-09 11:48 - 2013-09-22 13:13 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Adobe
2013-12-09 11:36 - 2013-12-09 11:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 11:36 - 2010-07-15 14:44 - 00000000 ____D C:\ProgramData\Skype
2013-12-09 11:33 - 2013-12-09 11:33 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Rachel\Downloads\SkypeSetup.exe
2013-12-09 11:15 - 2013-09-22 16:41 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-09 11:15 - 2013-09-22 16:41 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-08 15:16 - 2013-12-08 15:15 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Five9
2013-12-08 14:57 - 2009-07-13 23:08 - 00015452 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-08 14:51 - 2013-12-08 14:26 - 00000000 ____D C:\Users\Rachel\AppData\Local\Mozilla
2013-12-08 14:26 - 2013-12-08 14:26 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\Mozilla
2013-12-08 14:26 - 2013-12-08 14:26 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-08 11:01 - 2013-09-22 20:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 11:01 - 2013-09-22 20:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-08 11:00 - 2013-09-22 13:05 - 00114384 _____ C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 16:15 - 2013-12-05 16:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-04 19:11 - 2013-12-04 19:11 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-12-02 22:47 - 2013-09-25 11:39 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\SoftGrid Client
2013-12-02 22:26 - 2013-12-02 22:23 - 00000000 ____D C:\Windows\SHELLNEW
2013-12-02 22:26 - 2010-07-15 14:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-02 22:24 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-02 22:23 - 2013-12-02 22:23 - 00000000 ____D C:\Users\Rachel\AppData\Local\Microsoft Help
2013-12-02 22:23 - 2013-12-02 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-11-29 15:52 - 2013-11-29 15:52 - 00000000 _____ C:\extensions.sqlite
 
Files to move or delete:
====================
C:\Users\Rachel\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\Rachel\AppData\Local\Temp\contentDATs.exe
C:\Users\Rachel\AppData\Local\Temp\Extract.exe
C:\Users\Rachel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Rachel\AppData\Local\Temp\HPQSi.exe
C:\Users\Rachel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Rachel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Rachel\AppData\Local\Temp\mssinstaller.exe
C:\Users\Rachel\AppData\Local\Temp\oi_{BF892F84-A8D5-43D7-82EE-6CEF37D4192A}.exe
C:\Users\Rachel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rachel\AppData\Local\Temp\SP50701.exe
C:\Users\Rachel\AppData\Local\Temp\SP50702.exe
C:\Users\Rachel\AppData\Local\Temp\SP50703.exe
C:\Users\Rachel\AppData\Local\Temp\SP52264.exe
C:\Users\Rachel\AppData\Local\Temp\SP54714.exe
C:\Users\Rachel\AppData\Local\Temp\SP56215.exe
C:\Users\Rachel\AppData\Local\Temp\SP56221.exe
C:\Users\Rachel\AppData\Local\Temp\sp58915.exe
C:\Users\Rachel\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rachel\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rachel\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Rachel\AppData\Local\Temp\vpnclient_setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-21 12:42
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, also give update on any issues/concerns...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013
Ran by Rachel at 2013-12-29 10:39:39 Run:1
Running from C:\Users\Rachel\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
MountPoints2: F - F:\MotoCastSetup.exe -a
MountPoints2: {6cf7059d-3abc-11e3-b5be-8ce4733062d1} - F:\VerizonSWUpgradeAssistantLauncher.exe
MountPoints2: {dfef432c-23d0-11e3-aeab-806e6f6e6963} - E:\SETUP.EXE
MountPoints2: {f30c95a8-5af8-11e3-b972-9b54ed3d66d1} - F:\MotoCastSetup.exe -a
ProxyServer: http=127.0.0.1:49186;https=127.0.0.1:49186
C:\Users\Rachel\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Rachel\AppData\Local\Temp\contentDATs.exe
C:\Users\Rachel\AppData\Local\Temp\Extract.exe
C:\Users\Rachel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Rachel\AppData\Local\Temp\HPQSi.exe
C:\Users\Rachel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Rachel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Rachel\AppData\Local\Temp\mssinstaller.exe
C:\Users\Rachel\AppData\Local\Temp\oi_{BF892F84-A8D5-43D7-82EE-6CEF37D4192A}.exe
C:\Users\Rachel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Rachel\AppData\Local\Temp\SP50701.exe
C:\Users\Rachel\AppData\Local\Temp\SP50702.exe
C:\Users\Rachel\AppData\Local\Temp\SP50703.exe
C:\Users\Rachel\AppData\Local\Temp\SP52264.exe
C:\Users\Rachel\AppData\Local\Temp\SP54714.exe
C:\Users\Rachel\AppData\Local\Temp\SP56215.exe
C:\Users\Rachel\AppData\Local\Temp\SP56221.exe
C:\Users\Rachel\AppData\Local\Temp\sp58915.exe
C:\Users\Rachel\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Rachel\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rachel\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Rachel\AppData\Local\Temp\vpnclient_setup.exe
2009-07-13 20:34 - 2013-12-20 14:30 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {93BA3A9F-AA2E-4B00-97ED-F038D50F3DEA} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTION
C:\Program Files (x86)\Browsersafeguard
End
 
 
 
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cf7059d-3abc-11e3-b5be-8ce4733062d1} => Key deleted successfully.
HKCR\CLSID\{6cf7059d-3abc-11e3-b5be-8ce4733062d1} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfef432c-23d0-11e3-aeab-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{dfef432c-23d0-11e3-aeab-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f30c95a8-5af8-11e3-b972-9b54ed3d66d1} => Key deleted successfully.
HKCR\CLSID\{f30c95a8-5af8-11e3-b972-9b54ed3d66d1} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
C:\Users\Rachel\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\oi_{BF892F84-A8D5-43D7-82EE-6CEF37D4192A}.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP50701.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP50702.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP50703.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP52264.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP54714.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP56215.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\SP56221.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\UninstallHPTCA.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\vpnclient_setup.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93BA3A9F-AA2E-4B00-97ED-F038D50F3DEA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93BA3A9F-AA2E-4B00-97ED-F038D50F3DEA} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

Here is the adwcleaner log.  Not sure what should and shouldn't be removed.

 

# AdwCleaner v3.016 - Report created 29/12/2013 at 10:41:08
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rachel - RACHEL-HP
# Running from : C:\Users\Rachel\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\Users\Rachel\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Rachel\AppData\Local\SwvUpdater
Folder Found C:\Users\Rachel\AppData\LocalLow\AVG SafeGuard toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\yo3l65lw.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7444 octets] - [29/12/2013 10:41:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7504 octets] ##########
Link to post
Share on other sites

Here is the log after the cleaning.  The issue I am having is an intermittent issue so I will go ahead and use the computer for a day or two and see if it happens again.  Either way in a day or two I will let you know if it is still happening or not.

 

# AdwCleaner v3.016 - Report created 29/12/2013 at 11:04:20
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rachel - RACHEL-HP
# Running from : C:\Users\Rachel\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Rachel\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Rachel\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Rachel\AppData\LocalLow\AVG SafeGuard toolbar
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\yo3l65lw.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [7624 octets] - [29/12/2013 10:41:08]
AdwCleaner[s0].txt - [7390 octets] - [29/12/2013 11:04:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7450 octets] ##########
Link to post
Share on other sites

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also let me know if the original problem still occurs..

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.