New Computer Win7 Overrun with Ads and Redirects - Tried Everything

Jadelynx · January 28, 2014

I recently got a new computer with Window 7 on it. Ever since I first turned it on, I have been inundated with pop ups, constant redirects, ads pasted over ads, ads pasted over text I am trying to read. I use Mozilla Firefox, and my preferences for home page and new tab will not save for longer than a day at most, before being changed to something else.

I have tried everything I can think of to fix this problem. I bought the Pro Version of Malwarebytes, I have tried the steps from

Remove Pop-up Ads from Internet Explorer, Firefox and Chrome

Which was from the Malwarebytes Forum and it worked for barely a day before the ads and redirects took over again. Adwcleaner will not work on my computer, it chokes up and goes non responsive. I have downloaded add ons for Firefox, they do not help. I run Kapersky Anti-Virus every single day. Very few if any problems show up on Kapersky or Malwarebytes, since I run them several times a day, trying to find SOMETHING that is causing this.

I am very close to wiping this computer and installing XP. I cannot get any work done, I am simply at my wits end. Can anyone help me? Is there something else I can do to handle this problem?

Thank you,

Tracey

jeffce · January 28, 2014

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If no malware is found please let me know.
----------

Jadelynx · January 28, 2014

I ran the AntiRookit and it said no Malware was found. I turned off Kapersky when I ran the scan, as instructed. If you need anything else, please let me know.

Tracey

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Tracey Boyer at 15:50:26 on 2014-01-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.13821 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\The Print Shop 23.1\RegApp\encore_reg.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Users\Tracey Boyer\AppData\Local\Apps\2.0\54GDTHN5.GCA\D3A52OE5.A2B\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\AOL\1390174142\ee\aolsoftware.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\wmi64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [20090604] C:\Program Files (x86)\The Print Shop 23.1\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 23.1\RegApp\encore_reg.rpd"
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe /S
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1390174142\ee\AOLSoftware.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Tracey Boyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\The Print Shop 23.1\Remind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{83F2FAB5-12BC-4B4F-A099-694373910AF5} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} -
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Tracey Boyer\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\windows\System32\drivers\asahci64.sys [2012-3-27 49760]
R0 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2012-3-26 293416]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2014-1-19 46368]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2013-6-10 29792]
R1 klpd;klpd;C:\windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-3-27 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [2012-3-27 947328]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-3-27 586880]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe [2012-3-27 1399296]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2013-6-17 214512]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2012-3-27 203392]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2014-1-20 151648]
R2 EpsonScanSvc;Epson Scanner Service;C:\windows\System32\escsvc64.exe [2014-1-20 135824]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-28 109352]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-3-27 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-8 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-3-13 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-27 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-5-5 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-5-5 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-9-8 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-27 646248]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-3-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-20 111616]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-27 331264]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-9-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-9-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-9 1255736]
S4 klflt;klflt;C:\windows\System32\drivers\klflt.sys [2013-10-5 112224]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-28 09:04:58   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E224BC25-7BDA-4170-AAFE-E3F04F0F289D}\offreg.dll
2014-01-28 09:02:36   10315576   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E224BC25-7BDA-4170-AAFE-E3F04F0F289D}\mpengine.dll
2014-01-26 22:42:24   --------   d-----w-   C:\ProgramData\McAfee Security Scan
2014-01-26 22:42:23   --------   d-----w-   C:\Program Files (x86)\McAfee Security Scan
2014-01-24 18:39:02   --------   d-----w-   C:\Program Files\HitmanPro
2014-01-24 18:38:06   --------   d-----w-   C:\ProgramData\HitmanPro
2014-01-24 18:24:20   --------   d-----w-   C:\windows\ERUNT
2014-01-24 18:14:53   --------   d-----w-   C:\AdwCleaner
2014-01-24 07:13:43   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\ElevatedDiagnostics
2014-01-24 07:13:29   --------   d-----w-   C:\MATS
2014-01-23 03:37:27   --------   d-----w-   C:\Program Files (x86)\Pop up Blocker
2014-01-22 23:55:21   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Apple Computer
2014-01-22 23:54:52   33240   ----a-w-   C:\windows\System32\drivers\GEARAspiWDM.sys
2014-01-22 23:54:45   --------   d-----w-   C:\Program Files\iPod
2014-01-22 23:54:44   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-22 23:54:44   --------   d-----w-   C:\Program Files\iTunes
2014-01-22 23:54:44   --------   d-----w-   C:\Program Files (x86)\iTunes
2014-01-22 23:54:20   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Apple
2014-01-22 23:54:07   --------   d-----w-   C:\Program Files\Bonjour
2014-01-22 23:54:07   --------   d-----w-   C:\Program Files (x86)\Bonjour
2014-01-22 20:31:27   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\eTeks
2014-01-22 20:30:28   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\RealNetworks
2014-01-22 20:30:24   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Real
2014-01-22 20:30:14   --------   d-----w-   C:\Program Files (x86)\RealNetworks
2014-01-22 20:30:12   --------   d-----w-   C:\ProgramData\RealNetworks
2014-01-22 20:30:00   --------   d-----w-   C:\Program Files (x86)\Common Files\xing shared
2014-01-22 20:28:54   --------   d-----w-   C:\Program Files (x86)\Sweet Home 3D
2014-01-22 20:12:16   71048   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 20:12:16   692616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2014-01-20 23:58:02   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\newplayer
2014-01-20 23:58:00   --------   d-----w-   C:\Users\Tracey Boyer\.android
2014-01-20 23:57:59   --------   d-----w-   C:\Program Files (x86)\NewPlayer
2014-01-20 23:57:58   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\cache
2014-01-20 22:06:32   466432   ----a-w-   C:\windows\System32\esxw2ud.dll
2014-01-20 22:06:32   135824   ----a-w-   C:\windows\System32\escsvc64.exe
2014-01-20 22:06:32   --------   d-----w-   C:\Program Files (x86)\epson
2014-01-20 20:40:05   --------   d-----w-   C:\Program Files (x86)\EPSON Software
2014-01-20 18:51:11   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\FastStone
2014-01-20 18:51:08   --------   d-----w-   C:\Program Files (x86)\FastStone Image Viewer
2014-01-20 18:48:41   --------   d-----w-   C:\Program Files (x86)\Texture Maker
2014-01-20 18:37:40   --------   d-----w-   C:\Program Files (x86)\Collage Maker
2014-01-20 18:34:39   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Broderbund Software
2014-01-20 18:34:39   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\ApplicationHistory
2014-01-20 18:34:39   --------   d-----w-   C:\ProgramData\Broderbund Software
2014-01-20 08:10:24   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2014-01-20 08:10:24   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-01-20 08:10:23   12625920   ----a-w-   C:\windows\System32\wmploc.DLL
2014-01-20 08:10:23   12625408   ----a-w-   C:\windows\SysWow64\wmploc.DLL
2014-01-20 03:59:52   --------   d-----w-   C:\Program Files (x86)\World of Warcraft~~
2014-01-20 00:47:14   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\NVIDIA
2014-01-20 00:20:11   3715072   ----a-w-   C:\windows\SysWow64\cdintf300.dll
2014-01-20 00:20:11   --------   d-----w-   C:\Program Files (x86)\Web Publish
2014-01-20 00:18:57   --------   d-----w-   C:\Program Files (x86)\Common Files\Broderbund
2014-01-20 00:18:42   --------   d-----w-   C:\Program Files (x86)\The Print Shop 23.1
2014-01-20 00:16:19   --------   d-----w-   C:\windows\SysWow64\URTTEMP
2014-01-19 23:29:39   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\AOL
2014-01-19 23:29:30   58696   ----a-w-   C:\windows\SysWow64\AOLParconLink.exe
2014-01-19 23:29:13   24064   ----a-w-   C:\windows\System32\drivers\wanatw64.sys
2014-01-19 23:29:10   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\AOL
2014-01-19 23:28:59   --------   d-----w-   C:\Program Files (x86)\Common Files\aolshare
2014-01-19 23:28:59   --------   d-----w-   C:\Program Files (x86)\Common Files\AOL
2014-01-19 23:28:59   --------   d-----w-   C:\Program Files (x86)\AOL Desktop 9.7
2014-01-19 22:30:17   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Macromedia
2014-01-19 21:35:50   --------   d-----w-   C:\Program Files (x86)\The weDownload Manager
2014-01-19 21:35:46   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Roaming\SmartPCFix
2014-01-19 21:16:36   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\AVG SafeGuard toolbar
2014-01-19 21:16:10   46368   ----a-w-   C:\windows\System32\drivers\avgtpx64.sys
2014-01-19 21:15:33   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Adobe
2014-01-19 21:15:21   --------   d--h--w-   C:\ProgramData\Common Files
2014-01-19 20:40:07   --------   d-----w-   C:\Users\Tracey Boyer\AppData\Local\Mozilla
2014-01-19 20:21:56   633856   ----a-w-   C:\windows\System32\comctl32.dll
2014-01-19 20:20:59   327168   ----a-w-   C:\windows\System32\mswsock.dll
2014-01-19 20:20:58   231424   ----a-w-   C:\windows\SysWow64\mswsock.dll
2014-01-19 20:20:55   376768   ----a-w-   C:\windows\System32\drivers\netio.sys
2014-01-19 20:20:55   1903552   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2014-01-19 20:20:54   404480   ----a-w-   C:\windows\System32\gdi32.dll
2014-01-19 20:20:54   311808   ----a-w-   C:\windows\SysWow64\gdi32.dll
2014-01-19 20:20:34   10315576   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-19 20:18:44   --------   d-----w-   C:\Program Files\Common Files\EPSON
2014-01-19 20:18:33   --------   d-----w-   C:\ProgramData\EPSON
2014-01-19 20:18:18   10752   ----a-w-   C:\windows\System32\E_GCINST.DLL
2014-01-19 20:18:16   83968   ----a-w-   C:\windows\System32\E_YD4BIVE.DLL
2014-01-19 20:18:16   120320   ----a-w-   C:\windows\System32\E_YLMIVE.DLL
2014-01-19 20:11:54   --------   d-----w-   C:\Program Files\Microsoft Mouse and Keyboard Center
.
==================== Find3M ====================
.
2014-01-22 20:29:53   499712   ----a-w-   C:\windows\SysWow64\msvcp71.dll
2014-01-22 20:29:53   348160   ----a-w-   C:\windows\SysWow64\msvcr71.dll
2014-01-21 19:18:00   178272   ----a-w-   C:\windows\System32\drivers\kneps.sys
2014-01-21 19:17:59   29280   ----a-w-   C:\windows\System32\drivers\klmouflt.sys
2014-01-21 19:17:58   29792   ----a-w-   C:\windows\System32\drivers\klim6.sys
2014-01-21 19:17:58   29280   ----a-w-   C:\windows\System32\drivers\klkbdflt.sys
2014-01-21 19:17:57   458336   ----a-w-   C:\windows\System32\drivers\kl1.sys
2013-12-18 11:13:56   270496   ------w-   C:\windows\System32\MpSigStub.exe
2013-11-27 01:41:37   343040   ----a-w-   C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15   99840   ----a-w-   C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11   53248   ----a-w-   C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11   325120   ----a-w-   C:\windows\System32\drivers\usbport.sys
2013-11-27 01:41:09   25600   ----a-w-   C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06   30720   ----a-w-   C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03   7808   ----a-w-   C:\windows\System32\drivers\usbd.sys
2013-11-26 10:32:56   3156480   ----a-w-   C:\windows\System32\win32k.sys
2013-11-26 10:19:07   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\windows\System32\WMPhoto.dll
2013-11-12 02:23:09   2048   ----a-w-   C:\windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
.
============= FINISH: 15:50:39.41 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/7/2013 1:25:36 PM
System Uptime: 1/28/2014 12:59:09 PM (3 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | CM6330_CM6630_CM6730_CM6830
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 745 GiB total, 568.645 GiB free.
D: is FIXED (NTFS) - 1095 GiB total, 941.728 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 233 GiB total, 164.514 GiB free.
H: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 1/22/2014 12:20:05 PM - Windows Defender Checkpoint
RP46: 1/22/2014 12:21:51 PM - Windows Backup
RP47: 1/22/2014 12:52:32 PM - Windows Backup
RP48: 1/22/2014 6:54:23 PM - Installed iTunes
RP50: 1/24/2014 2:13:21 AM - Restore Point before Shopop was removed using Program Install and Uninstall troubleshooter
RP52: 1/24/2014 2:13:35 AM - Shopop
RP53: 1/24/2014 4:56:18 AM - Windows Update
RP54: 1/26/2014 7:00:14 PM - Windows Backup
RP55: 1/28/2014 4:01:36 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AI Manager
AI Suite II
Aion
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Backup Wizard
ASUS Easy Update
ASUS Instant On
ASUS Music Maker
ASUS WebStorage
AsusVibe2.0
Bing Bar
Bonjour
Collage Maker 2.03
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Curse Client
D3DX10
Diablo III
DMUninstaller
EPSON Scan
EPSON WF-2530 Series Printer Uninstall
FastStone Image Viewer 3.5
Firebird SQL Server - MAGIX Edition
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
HitmanPro 3.7
Iminent
Intel® Management Engine Components
Intel® Trusted Connect Service Client
iTunes
Junk Mail filter update
Kaspersky Anti-Virus
Lightspark 0.5.3-git
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NCSOFT Game Launcher
NewPlayer
NVIDIA 3D Vision Controller Driver 296.16
NVIDIA 3D Vision Driver 296.27
NVIDIA Control Panel 296.27
NVIDIA Graphics Driver 296.27
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
Raccolta foto di Windows Live
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Shopop
Skype™ 6.11
Software Updater
Sweet Home 3D version 4.2
SySaver
Texture Maker
The Print Shop 23.1
The weDownload Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
uPlayer
Ventrilo Client
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip
World of Warcraft
.
==== End Of File ===========================

jeffce · January 29, 2014

Hi,

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

jeffce · January 31, 2014

Still with me?

Maurice Naggar · February 2, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

jeffce · February 2, 2014

This topic has been reopened per the request of the OP....could you post the ComboFix log that was requested from the last set of instructions please?

Jadelynx · February 3, 2014

Thanks for reopening this. ComboFix log:

ComboFix 14-02-01.01 - Tracey Boyer 02/02/2014 11:58:41.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.11762 [GMT -5:00]
Running from: c:\users\Tracey Boyer\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\background.html
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\crossriderManifest.json
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\manifest.xml
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins.json
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\1_base.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\17_jQuery.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\182_openUrl.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\21_debug.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\22_resources.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\28_initializer.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\47_resources_background.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\5_notifications.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\64_appApiMessage.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\7_hooks.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\72_appApiValidation.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\userCode\background.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\userCode\extension.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\icons\actions\1.png
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\icons\icon128.png
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\icons\icon16.png
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\icons\icon48.png
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\api\chrome.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\api\cookie.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\api\message.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\api\pageAction.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\api\pageActionBG.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\background.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\app_api.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\bg_app_api.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\consts.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\cookie_store.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\crossriderAPI.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\delegate.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\events.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\extensionDataStore.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\installer.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\logFile.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\logging.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\onBGDocumentLoad.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\popupResource\newPopup.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\popupResource\popup.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\reports.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\storageWrapper.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\updateManager.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\util.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\lib\xhr.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\main.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\js\platformVersion.js
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\manifest.json
c:\users\Tracey Boyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\popup.html
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_ctypes.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_elementtree.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_hashlib.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_multiprocessing.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_psutil_mswindows.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_socket.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_sqlite3.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_ssl.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\_yappi.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\BoxSyncWindowsUI.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\clr.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\Crypto.Cipher._AES.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\Crypto.Random.OSRNG.winrandom.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\Crypto.Util._counter.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\Crypto.Util.strxor.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\IconLogic.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\pyexpat.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\Python.Runtime.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\python27.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\pythoncom27.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\pywintypes27.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\select.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\sqlite3.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\SyncContextMenuService.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\SyncIconOverlayService.dll
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\ujson.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\unicodedata.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32api.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32clipboard.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32com.shell.shell.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32cred.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32event.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32file.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32process.pyd
c:\users\Tracey Boyer\AppData\Local\Temp\_MEI28842\win32security.pyd
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome.manifest
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\asyncDB.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\background.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\browserAction.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\contextMenu.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\dbManager.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\dom_bg.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\fileManager.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\firefox.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\firefoxNotifications.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\firefoxOmnibox.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\message.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\pageAction.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\request.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\tabs.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\webRequest.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\background.html
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\baseObject.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\browser.xul
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\console.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\consts.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\delegate.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\extensionDataStore.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\folderIOWrapper.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\httpObserver.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\IDBWrapper.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\installer.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\logFile.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\prefs.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\progressListenerObserver.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\registry.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\reloadObserver.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\reports.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\requestObject.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\searchSettings.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\uninstallObserver.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\updateManager.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\utils.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\core\xhr.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\dialog.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\main.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\options.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\options.xul
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\platformVersion.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\chrome\content\search_dialog.xul
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\defaults\preferences\prefs.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\manifest.xml
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins.json
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\1_base.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\102_dealply_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\103_intext_5_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\105_corticas_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\17_jQuery.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\182_openUrl.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\207_dbWrapper.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\21_debug.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\22_resources.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\28_initializer.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\47_resources_background.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\5_notifications.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\64_appApiMessage.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\7_hooks.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\72_appApiValidation.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\98_omniCommands.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode\background.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode\extension.js
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\install.rdf
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\locale\en-US\translations.dtd
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button1.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button2.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button3.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button4.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\button5.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\crossrider_statusbar.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon128.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon16.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon24.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\icon48.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\panelarrow-up.png
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\popup.html
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\skin.css
c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\skin\update.css
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_ctypes.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_elementtree.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_hashlib.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_multiprocessing.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_psutil_mswindows.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_socket.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_sqlite3.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_ssl.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\_yappi.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\BoxSyncWindowsUI.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\clr.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\Crypto.Cipher._AES.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\Crypto.Random.OSRNG.winrandom.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\Crypto.Util._counter.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\Crypto.Util.strxor.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\IconLogic.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\pyexpat.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\Python.Runtime.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\python27.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\pythoncom27.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\pywintypes27.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\select.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\sqlite3.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\SyncContextMenuService.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\SyncIconOverlayService.dll
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\ujson.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\unicodedata.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32api.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32clipboard.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32com.shell.shell.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32cred.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32event.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32file.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32process.pyd
c:\users\TRACEY~1\AppData\Local\Temp\_MEI28842\win32security.pyd
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-02 to 2014-02-02 )))))))))))))))))))))))))))))))
.
.
2014-02-02 17:04 . 2014-02-02 17:04   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-02-01 23:06 . 2014-02-01 23:06   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ACDPhotoEditor
2014-02-01 08:50 . 2014-02-01 08:50   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E29584B-65D0-47CA-8544-2E3616899879}\offreg.dll
2014-01-31 07:36 . 2013-12-16 06:54   10315576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E29584B-65D0-47CA-8544-2E3616899879}\mpengine.dll
2014-01-31 05:01 . 2014-01-31 05:01   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Windows Live Writer
2014-01-31 05:01 . 2014-01-31 05:01   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\Windows Live Writer
2014-01-29 17:32 . 2014-01-31 22:48   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Box Sync
2014-01-29 17:32 . 2014-01-29 17:32   --------   d-----w-   c:\program files\Box
2014-01-29 17:31 . 2014-01-29 17:32   --------   d-----w-   c:\programdata\Package Cache
2014-01-28 22:43 . 2014-01-28 22:43   --------   d-----w-   c:\program files\McAfee Security Scan
2014-01-28 20:55 . 2014-01-28 21:02   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-28 20:54 . 2014-01-28 20:54   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-26 22:42 . 2014-01-26 22:42   --------   d-----w-   c:\programdata\McAfee Security Scan
2014-01-26 22:42 . 2014-01-28 22:43   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
2014-01-26 22:42 . 2014-01-26 22:42   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2014-01-24 18:39 . 2014-01-28 18:04   --------   d-----w-   c:\program files\HitmanPro
2014-01-24 18:38 . 2014-01-24 18:43   --------   d-----w-   c:\programdata\HitmanPro
2014-01-24 18:24 . 2014-01-24 18:24   --------   d-----w-   c:\windows\ERUNT
2014-01-24 18:14 . 2014-01-25 23:23   --------   d-----w-   C:\AdwCleaner
2014-01-24 07:13 . 2014-01-24 07:13   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ElevatedDiagnostics
2014-01-24 07:13 . 2014-01-24 07:13   --------   d-----w-   C:\MATS
2014-01-23 03:37 . 2014-01-24 17:56   --------   d-----w-   c:\program files (x86)\Pop up Blocker
2014-01-22 23:55 . 2014-01-27 21:11   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\Apple Computer
2014-01-22 23:55 . 2014-01-22 23:55   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Apple Computer
2014-01-22 20:31 . 2014-01-22 20:31   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\eTeks
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Real
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\programdata\RealNetworks
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2014-01-22 20:29 . 2014-01-22 20:30   --------   d-----w-   c:\program files (x86)\Real
2014-01-22 20:29 . 2014-01-22 20:29   --------   d-----w-   c:\program files (x86)\Google
2014-01-22 20:28 . 2014-01-22 20:28   --------   d-----w-   c:\program files (x86)\Sweet Home 3D
2014-01-22 20:12 . 2014-01-22 20:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 20:12 . 2014-01-22 20:12   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-21 03:48 . 2013-11-26 09:41   2764288   ----a-w-   c:\windows\system32\iertutil.dll
2014-01-20 23:58 . 2014-01-20 23:58   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\newplayer
2014-01-20 23:58 . 2014-01-20 23:58   --------   d-----w-   c:\users\Tracey Boyer\.android
2014-01-20 23:57 . 2014-01-20 23:58   --------   d-----w-   c:\program files (x86)\NewPlayer
2014-01-20 23:57 . 2014-01-23 03:52   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\cache
2014-01-20 22:06 . 2014-01-20 22:06   --------   d-----w-   c:\program files (x86)\epson
2014-01-20 22:06 . 2012-07-24 05:00   466432   ----a-w-   c:\windows\system32\esxw2ud.dll
2014-01-20 22:06 . 2011-12-12 05:00   135824   ----a-w-   c:\windows\system32\escsvc64.exe
2014-01-20 20:40 . 2014-01-20 20:40   --------   d-----w-   c:\program files (x86)\EPSON Software
2014-01-20 18:51 . 2014-01-20 18:51   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\FastStone
2014-01-20 18:51 . 2014-01-20 18:51   --------   d-----w-   c:\program files (x86)\FastStone Image Viewer
2014-01-20 18:48 . 2014-01-20 18:48   --------   d-----w-   c:\program files (x86)\Texture Maker
2014-01-20 18:37 . 2014-01-25 19:45   --------   d-----w-   c:\program files (x86)\Collage Maker
2014-01-20 18:34 . 2014-02-01 17:20   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ApplicationHistory
2014-01-20 18:34 . 2014-01-20 18:34   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Broderbund Software
2014-01-20 18:34 . 2014-01-20 18:34   --------   d-----w-   c:\programdata\Broderbund Software
2014-01-20 08:10 . 2013-05-10 04:30   167424   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2014-01-20 08:10 . 2013-05-10 03:48   164864   ----a-w-   c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-20 08:10 . 2013-05-10 05:56   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2014-01-20 08:10 . 2013-05-10 04:56   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2014-01-20 08:10 . 2013-05-10 05:56   14631424   ----a-w-   c:\windows\system32\wmp.dll
2014-01-20 08:09 . 2013-10-14 23:00   28368   ----a-w-   c:\windows\system32\IEUDINIT.EXE
2014-01-20 03:59 . 2014-01-31 22:40   --------   d-----w-   c:\program files (x86)\World of Warcraft~~
2014-01-20 03:58 . 2014-01-20 06:48   --------   d-----w-   c:\users\Public\Games
2014-01-20 00:47 . 2014-01-20 00:47   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\NVIDIA
2014-01-20 00:20 . 2014-01-20 00:20   --------   d-----w-   c:\program files (x86)\Web Publish
2014-01-20 00:20 . 2008-05-15 19:19   3715072   ----a-w-   c:\windows\SysWow64\cdintf300.dll
2014-01-20 00:18 . 2014-01-20 00:19   --------   d-----w-   c:\program files (x86)\Common Files\Broderbund
2014-01-20 00:18 . 2014-01-24 20:39   --------   d-----w-   c:\program files (x86)\The Print Shop 23.1
2014-01-20 00:16 . 2014-01-20 00:16   --------   d-----w-   c:\windows\SysWow64\URTTEMP
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\AOL
2014-01-19 23:29 . 2014-01-19 23:27   58696   ----a-w-   c:\windows\SysWow64\AOLParconLink.exe
2014-01-19 23:29 . 2006-11-29 22:24   24064   ----a-w-   c:\windows\system32\drivers\wanatw64.sys
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\AOL
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\programdata\AOL OCP
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\AOL Desktop 9.7
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\programdata\AOL
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\Common Files\AOL
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\Common Files\aolshare
2014-01-19 23:27 . 2014-01-19 23:27   --------   d-----w-   c:\programdata\AOL Downloads
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Macromedia
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\programdata\McAfee
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\windows\system32\Macromed
2014-01-19 21:35 . 2014-01-19 21:36   --------   d-----w-   c:\program files (x86)\The weDownload Manager
2014-01-19 21:35 . 2014-01-19 21:36   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\SmartPCFix
2014-01-19 21:16 . 2014-01-24 18:18   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\AVG SafeGuard toolbar
2014-01-19 21:16 . 2014-01-19 21:16   46368   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2014-01-19 21:15 . 2014-01-26 22:59   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Adobe
2014-01-19 21:15 . 2014-01-19 21:15   --------   d--h--w-   c:\programdata\Common Files
2014-01-19 20:40 . 2014-01-19 20:40   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Mozilla
2014-01-19 20:21 . 2013-10-30 02:32   335360   ----a-w-   c:\windows\system32\msieftp.dll
2014-01-19 20:20 . 2013-09-08 02:27   327168   ----a-w-   c:\windows\system32\mswsock.dll
2014-01-19 20:20 . 2013-09-08 02:03   231424   ----a-w-   c:\windows\SysWow64\mswsock.dll
2014-01-19 20:20 . 2013-11-26 11:40   376768   ----a-w-   c:\windows\system32\drivers\netio.sys
2014-01-19 20:20 . 2013-09-08 02:30   1903552   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2014-01-19 20:20 . 2013-10-03 02:23   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-01-19 20:20 . 2013-10-03 02:00   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-01-19 20:18 . 2014-01-19 20:18   --------   d-----w-   c:\program files\Common Files\EPSON
2014-01-19 20:18 . 2014-01-20 22:05   --------   d-----w-   c:\programdata\EPSON
2014-01-19 20:18 . 2007-04-09 21:06   10752   ----a-w-   c:\windows\system32\E_GCINST.DLL
2014-01-19 20:18 . 2011-04-18 23:03   120320   ----a-w-   c:\windows\system32\E_YLMIVE.DLL
2014-01-19 20:18 . 2011-03-13 23:03   83968   ----a-w-   c:\windows\system32\E_YD4BIVE.DLL
2014-01-19 20:11 . 2014-01-19 20:11   --------   d-----w-   c:\program files\Microsoft Mouse and Keyboard Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 20:29 . 2013-09-07 17:20   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2014-01-22 20:29 . 2013-09-07 17:20   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2014-01-21 19:18 . 2013-06-06 21:38   178272   ----a-w-   c:\windows\system32\drivers\kneps.sys
2014-01-21 19:17 . 2013-05-06 02:42   29280   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2014-01-21 19:17 . 2013-10-05 22:56   620640   ----a-w-   c:\windows\system32\drivers\klif.sys
2014-01-21 19:17 . 2013-06-10 16:27   29792   ----a-w-   c:\windows\system32\drivers\klim6.sys
2014-01-21 19:17 . 2013-05-06 02:42   29280   ----a-w-   c:\windows\system32\drivers\klkbdflt.sys
2014-01-21 19:17 . 2013-05-06 13:22   458336   ----a-w-   c:\windows\system32\drivers\kl1.sys
2014-01-06 21:20 . 2013-09-27 04:14   86054176   ----a-w-   c:\windows\system32\MRT.exe
2013-12-18 11:13 . 2010-11-21 03:27   270496   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2013-09-07 72760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe" [2011-07-05 737104]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-09-18 528360]
"HostManager"="c:\program files (x86)\Common Files\AOL\1390174142\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2014-01-22 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\users\Tracey Boyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-9-8 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-3-27 548528]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2014-1-20 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 18:43   1211672   ----a-w-   c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22 20:12]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
2014-02-02 c:\windows\Tasks\The weDownload Manager-chromeinstaller.job
- c:\program files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe [2014-01-19 21:35]
.
2014-02-02 c:\windows\Tasks\The weDownload Manager-codedownloader.job
- c:\program files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [2014-01-19 21:36]
.
2014-02-02 c:\windows\Tasks\The weDownload Manager-firefoxinstaller.job
- c:\program files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [2014-01-19 21:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09   227840   ----a-w-   c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09   227840   ----a-w-   c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-27 12881512]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-01-14 12920496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{93DBF2BB-A2B3-4683-A92E-57E60751F346} - c:\program files\Conduit\ValueApps\IE\ValueAppsLoader.dll
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-02 12:05:54
ComboFix-quarantined-files.txt 2014-02-02 17:05
.
Pre-Run: 614,436,241,408 bytes free
Post-Run: 615,057,154,048 bytes free
.
- - End Of File - - 1CA2F9B5BD04141680301E24DB767BEF
A36C5E4F47E84449FF07ED3517B43A31

jeffce · February 3, 2014

How is your system running?

Jadelynx · February 3, 2014

It seems to be good, no pop ups or redirects, just like last time. The question is, will they come back in a few days again? :unsure:

jeffce · February 3, 2014

Hi,

Let's check and be sure that nothing else is hiding in there.

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

----------

Jadelynx · February 3, 2014

Malwarebytes Quick Scan Results

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Tracey Boyer :: TRACEYBOYER-PC [administrator]

Protection: Enabled

2/3/2014 4:01:25 PM
mbam-log-2014-02-03 (16-01-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214017
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

jeffce · February 3, 2014

Ok when you get the ESET scan, post the log for that too.

Jadelynx · February 3, 2014

The link you sent me went to a shopping cart to buy Eset, but I googled it and found the page with the scanner. It took a very long time to scan, this is what it found:

C:\Users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm   JS/Agent.NKW trojan
C:\Users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm   JS/Agent.NKW trojan
D:\TRACEYBOYER-PC\Backup Set 2014-01-22 122140\Backup Files 2014-01-22 122140\Backup files 3.zip   JS/Agent.NKW trojan
G:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm   JS/Agent.NKW trojan
G:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm   JS/Agent.NKW trojan

You told me to uncheck the box to delete what it found so what do I do now, since there are trojans here that need to go!

Let me know,

Tracey

jeffce · February 4, 2014

Hi,

Sorry for any inconvenience with the link. I will adjust that.

Let's remove those now. We don't have you remove them at first in case there is a false positive. We don't want anything removed that shouldn't be.

ComboFix

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::

File::
C:\Users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm
C:\Users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm
D:\TRACEYBOYER-PC\Backup Set 2014-01-22 122140\Backup Files 2014-01-22 122140\Backup files 3.zip
G:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm
G:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Post the new ComboFix log and let me know what remaining malware problems you are having.

Jadelynx · February 4, 2014

Here is the log from ComboFix. I will see how the computer runs and get back with you later today to let you know if the problems are resolved.

Thanks. :wacko:

ComboFix 14-02-03.01 - Tracey Boyer 02/04/2014 11:40:25.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16349.13762 [GMT -5:00]
Running from: c:\users\Tracey Boyer\Desktop\ComboFix.exe
Command switches used :: c:\users\Tracey Boyer\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm"
"c:\users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm"
"d:\traceyboyer-pc\Backup Set 2014-01-22 122140\Backup Files 2014-01-22 122140\Backup files 3.zip"
"g:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm"
"g:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm
c:\users\Tracey Boyer\Desktop\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm
d:\traceyboyer-pc\Backup Set 2014-01-22 122140\Backup Files 2014-01-22 122140\Backup files 3.zip
g:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat).htm
g:\~~~~\~~Preps\3 Mason Jar Meal Recipes (With Meat)_files\top_bottom__gray.htm
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-04 to 2014-02-04 )))))))))))))))))))))))))))))))
.
.
2014-02-04 16:44 . 2014-02-04 16:44   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-02-04 16:44 . 2014-02-04 16:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-02-04 08:53 . 2014-02-04 08:53   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D92D9E-9345-4146-9ACE-277C175583E5}\offreg.dll
2014-02-04 08:52 . 2013-12-16 06:54   10315576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D92D9E-9345-4146-9ACE-277C175583E5}\mpengine.dll
2014-02-03 21:14 . 2014-02-03 21:14   --------   d-----w-   c:\program files (x86)\ESET
2014-02-01 23:06 . 2014-02-01 23:06   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ACDPhotoEditor
2014-01-31 05:01 . 2014-01-31 05:01   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Windows Live Writer
2014-01-31 05:01 . 2014-01-31 05:01   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\Windows Live Writer
2014-01-29 17:32 . 2014-01-31 22:48   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Box Sync
2014-01-29 17:32 . 2014-01-29 17:32   --------   d-----w-   c:\program files\Box
2014-01-29 17:31 . 2014-01-29 17:32   --------   d-----w-   c:\programdata\Package Cache
2014-01-28 22:43 . 2014-01-28 22:43   --------   d-----w-   c:\program files\McAfee Security Scan
2014-01-28 20:55 . 2014-01-28 21:02   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-28 20:54 . 2014-01-28 20:54   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-01-26 22:42 . 2014-01-26 22:42   --------   d-----w-   c:\programdata\McAfee Security Scan
2014-01-26 22:42 . 2014-01-28 22:43   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
2014-01-26 22:42 . 2014-01-26 22:42   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2014-01-24 18:39 . 2014-01-28 18:04   --------   d-----w-   c:\program files\HitmanPro
2014-01-24 18:38 . 2014-01-24 18:43   --------   d-----w-   c:\programdata\HitmanPro
2014-01-24 18:24 . 2014-01-24 18:24   --------   d-----w-   c:\windows\ERUNT
2014-01-24 18:14 . 2014-01-25 23:23   --------   d-----w-   C:\AdwCleaner
2014-01-24 07:13 . 2014-01-24 07:13   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ElevatedDiagnostics
2014-01-24 07:13 . 2014-01-24 07:13   --------   d-----w-   C:\MATS
2014-01-23 03:37 . 2014-01-24 17:56   --------   d-----w-   c:\program files (x86)\Pop up Blocker
2014-01-22 23:55 . 2014-01-27 21:11   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\Apple Computer
2014-01-22 23:55 . 2014-01-22 23:55   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Apple Computer
2014-01-22 20:31 . 2014-01-22 20:31   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\eTeks
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Real
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\programdata\RealNetworks
2014-01-22 20:30 . 2014-01-22 20:30   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2014-01-22 20:29 . 2014-01-22 20:30   --------   d-----w-   c:\program files (x86)\Real
2014-01-22 20:29 . 2014-01-22 20:29   --------   d-----w-   c:\program files (x86)\Google
2014-01-22 20:28 . 2014-01-22 20:28   --------   d-----w-   c:\program files (x86)\Sweet Home 3D
2014-01-22 20:12 . 2014-01-22 20:12   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 20:12 . 2014-01-22 20:12   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-21 03:48 . 2013-11-26 09:41   2764288   ----a-w-   c:\windows\system32\iertutil.dll
2014-01-20 23:58 . 2014-01-20 23:58   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\newplayer
2014-01-20 23:58 . 2014-01-20 23:58   --------   d-----w-   c:\users\Tracey Boyer\.android
2014-01-20 23:57 . 2014-01-20 23:58   --------   d-----w-   c:\program files (x86)\NewPlayer
2014-01-20 23:57 . 2014-01-23 03:52   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\cache
2014-01-20 22:06 . 2014-01-20 22:06   --------   d-----w-   c:\program files (x86)\epson
2014-01-20 22:06 . 2012-07-24 05:00   466432   ----a-w-   c:\windows\system32\esxw2ud.dll
2014-01-20 22:06 . 2011-12-12 05:00   135824   ----a-w-   c:\windows\system32\escsvc64.exe
2014-01-20 20:40 . 2014-01-20 20:40   --------   d-----w-   c:\program files (x86)\EPSON Software
2014-01-20 18:51 . 2014-01-20 18:51   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\FastStone
2014-01-20 18:51 . 2014-01-20 18:51   --------   d-----w-   c:\program files (x86)\FastStone Image Viewer
2014-01-20 18:48 . 2014-01-20 18:48   --------   d-----w-   c:\program files (x86)\Texture Maker
2014-01-20 18:37 . 2014-01-25 19:45   --------   d-----w-   c:\program files (x86)\Collage Maker
2014-01-20 18:34 . 2014-02-01 17:20   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\ApplicationHistory
2014-01-20 18:34 . 2014-01-20 18:34   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Broderbund Software
2014-01-20 18:34 . 2014-01-20 18:34   --------   d-----w-   c:\programdata\Broderbund Software
2014-01-20 08:10 . 2013-05-10 04:30   167424   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2014-01-20 08:10 . 2013-05-10 03:48   164864   ----a-w-   c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-20 08:10 . 2013-05-10 05:56   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2014-01-20 08:10 . 2013-05-10 04:56   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2014-01-20 08:10 . 2013-05-10 05:56   14631424   ----a-w-   c:\windows\system32\wmp.dll
2014-01-20 08:09 . 2013-10-14 23:00   28368   ----a-w-   c:\windows\system32\IEUDINIT.EXE
2014-01-20 03:59 . 2014-01-31 22:40   --------   d-----w-   c:\program files (x86)\World of Warcraft~~
2014-01-20 03:58 . 2014-01-20 06:48   --------   d-----w-   c:\users\Public\Games
2014-01-20 00:47 . 2014-01-20 00:47   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\NVIDIA
2014-01-20 00:20 . 2014-01-20 00:20   --------   d-----w-   c:\program files (x86)\Web Publish
2014-01-20 00:20 . 2008-05-15 19:19   3715072   ----a-w-   c:\windows\SysWow64\cdintf300.dll
2014-01-20 00:18 . 2014-01-20 00:19   --------   d-----w-   c:\program files (x86)\Common Files\Broderbund
2014-01-20 00:18 . 2014-01-24 20:39   --------   d-----w-   c:\program files (x86)\The Print Shop 23.1
2014-01-20 00:16 . 2014-01-20 00:16   --------   d-----w-   c:\windows\SysWow64\URTTEMP
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\AOL
2014-01-19 23:29 . 2014-01-19 23:27   58696   ----a-w-   c:\windows\SysWow64\AOLParconLink.exe
2014-01-19 23:29 . 2006-11-29 22:24   24064   ----a-w-   c:\windows\system32\drivers\wanatw64.sys
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\AOL
2014-01-19 23:29 . 2014-01-19 23:29   --------   d-----w-   c:\programdata\AOL OCP
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\AOL Desktop 9.7
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\programdata\AOL
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\Common Files\AOL
2014-01-19 23:28 . 2014-01-19 23:29   --------   d-----w-   c:\program files (x86)\Common Files\aolshare
2014-01-19 23:27 . 2014-01-19 23:27   --------   d-----w-   c:\programdata\AOL Downloads
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Macromedia
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\programdata\McAfee
2014-01-19 22:30 . 2014-01-19 22:30   --------   d-----w-   c:\windows\system32\Macromed
2014-01-19 21:35 . 2014-01-19 21:36   --------   d-----w-   c:\users\Tracey Boyer\AppData\Roaming\SmartPCFix
2014-01-19 21:16 . 2014-01-24 18:18   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\AVG SafeGuard toolbar
2014-01-19 21:16 . 2014-01-19 21:16   46368   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2014-01-19 21:15 . 2014-01-26 22:59   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Adobe
2014-01-19 21:15 . 2014-01-19 21:15   --------   d--h--w-   c:\programdata\Common Files
2014-01-19 20:40 . 2014-01-19 20:40   --------   d-----w-   c:\users\Tracey Boyer\AppData\Local\Mozilla
2014-01-19 20:21 . 2013-10-30 02:32   335360   ----a-w-   c:\windows\system32\msieftp.dll
2014-01-19 20:20 . 2013-09-08 02:27   327168   ----a-w-   c:\windows\system32\mswsock.dll
2014-01-19 20:20 . 2013-09-08 02:03   231424   ----a-w-   c:\windows\SysWow64\mswsock.dll
2014-01-19 20:20 . 2013-11-26 11:40   376768   ----a-w-   c:\windows\system32\drivers\netio.sys
2014-01-19 20:20 . 2013-09-08 02:30   1903552   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2014-01-19 20:20 . 2013-10-03 02:23   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-01-19 20:20 . 2013-10-03 02:00   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-01-19 20:18 . 2014-01-19 20:18   --------   d-----w-   c:\program files\Common Files\EPSON
2014-01-19 20:18 . 2014-01-20 22:05   --------   d-----w-   c:\programdata\EPSON
2014-01-19 20:18 . 2007-04-09 21:06   10752   ----a-w-   c:\windows\system32\E_GCINST.DLL
2014-01-19 20:18 . 2011-04-18 23:03   120320   ----a-w-   c:\windows\system32\E_YLMIVE.DLL
2014-01-19 20:18 . 2011-03-13 23:03   83968   ----a-w-   c:\windows\system32\E_YD4BIVE.DLL
2014-01-19 20:11 . 2014-01-19 20:11   --------   d-----w-   c:\program files\Microsoft Mouse and Keyboard Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 20:29 . 2013-09-07 17:20   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2014-01-22 20:29 . 2013-09-07 17:20   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2014-01-21 19:18 . 2013-06-06 21:38   178272   ----a-w-   c:\windows\system32\drivers\kneps.sys
2014-01-21 19:17 . 2013-05-06 02:42   29280   ----a-w-   c:\windows\system32\drivers\klmouflt.sys
2014-01-21 19:17 . 2013-10-05 22:56   620640   ----a-w-   c:\windows\system32\drivers\klif.sys
2014-01-21 19:17 . 2013-06-10 16:27   29792   ----a-w-   c:\windows\system32\drivers\klim6.sys
2014-01-21 19:17 . 2013-05-06 02:42   29280   ----a-w-   c:\windows\system32\drivers\klkbdflt.sys
2014-01-21 19:17 . 2013-05-06 13:22   458336   ----a-w-   c:\windows\system32\drivers\kl1.sys
2014-01-06 21:20 . 2013-09-27 04:14   86054176   ----a-w-   c:\windows\system32\MRT.exe
2013-12-18 11:13 . 2010-11-21 03:27   270496   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2013-09-07 72760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"ASUS Easy Update"="c:\program files (x86)\ASUS\ASUS Easy Update\ALU.exe" [2011-12-21 188416]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe" [2011-07-05 737104]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2013-09-18 528360]
"HostManager"="c:\program files (x86)\Common Files\AOL\1390174142\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2014-01-22 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\users\Tracey Boyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-9-8 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-3-27 548528]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2014-1-20 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe [x]
S2 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 01:42   1211720   ----a-w-   c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-22 20:12]
.
2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22 20:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}]
c:\program files\Conduit\ValueApps\IE\ValueAppsLoader.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09   227840   ----a-w-   c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09   227840   ----a-w-   c:\program files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-27 12881512]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-01-14 12920496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tracey Boyer\AppData\Roaming\Mozilla\Firefox\Profiles\ng45m2jg.default-1390840251434\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-04 11:46:12
ComboFix-quarantined-files.txt 2014-02-04 16:46
.
Pre-Run: 614,209,630,208 bytes free
Post-Run: 613,409,538,048 bytes free
.
- - End Of File - - F0881D40BD449938F030C7E2B67CE299
A36C5E4F47E84449FF07ED3517B43A31

jeffce · February 4, 2014

Ok that sounds great!

Jadelynx · February 5, 2014

I am not seeing any problems with it. Lets hope it stays that way.

jeffce · February 5, 2014

Providing there are no other malware related problems...

IT APPEARS THAT THE LOGS WE HAVE NOW ARE NOW CLEAN! GREAT JOB!!

This infection appears to have been cleared, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------

LDTate · February 6, 2014

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

New Computer Win7 Overrun with Ads and Redirects - Tried Everything

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information