Jump to content

Recommended Posts

I upgraded to the Pro version yesterday because Malwarebytes could not removed 403 bugs, but I'm having the same problem where I can select the bugs, but Pro won't remove or quarantine. It just freezes, won't respond and I have to close it down. I followed the suggested protocols and here are the files. First is DDS and then the "Attach" Notepad file. Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.51.2
Run by Matt at 10:23:33 on 2014-03-06
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3545.1348 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Dell V520 Series\DKADGmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\vVX3000.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [spotify Web Helper] "c:\users\matt\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Facebook Update] "c:\users\matt\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DKADGmon] "c:\program files\dell v520 series\DKADGmon.exe"
uRun: [Amazon Cloud Player] "c:\users\matt\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DKADGmon] "c:\program files\dell v520 series\DKADGmon.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6352F28E-E80E-4E66-BE02-E72C00A2D312} : DHCPNameServer = 128.226.6.250 128.226.6.251
TCP: Interfaces\{8554D68F-0208-4909-8692-0ED99CE4B73E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 MpKslecd758ed;MpKslecd758ed;c:\programdata\microsoft\microsoft antimalware\definition updates\{46616e4c-ad53-475a-9d8d-a707279296b7}\MpKslecd758ed.sys [2014-3-6 39464]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2012-9-20 81920]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2012-8-16 152576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-5 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-5 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-5 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-6 40776]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-4-11 19968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
.
=============== Created Last 30 ================
.
2014-03-06 14:30:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-06 14:09:59 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46616e4c-ad53-475a-9d8d-a707279296b7}\MpKslecd758ed.sys
2014-03-05 23:02:39 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2014-03-05 23:02:23 -------- d-----w- c:\programdata\Malwarebytes
2014-03-05 23:02:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-05 23:02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-05 22:14:39 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46616e4c-ad53-475a-9d8d-a707279296b7}\mpengine.dll
2014-03-05 20:29:40 -------- d-----w- c:\users\matt\appdata\roaming\DigitalSites
2014-03-04 14:08:03 765968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0cc3233a-2828-48b3-9a96-01fbd85e2ce7}\gapaengine.dll
2014-03-01 05:05:23 -------- d-----w- c:\users\matt\appdata\roaming\WiseUpdate
2014-02-28 02:19:16 -------- d-----w- c:\program files\iPod
2014-02-28 02:19:13 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-28 02:19:13 -------- d-----w- c:\program files\iTunes
2014-02-28 02:13:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-02-28 02:13:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-02-28 02:13:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-02-28 02:13:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-02-28 02:13:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-02-26 14:34:54 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-25 14:52:33 -------- d-----w- c:\programdata\Oracle
2014-02-25 14:51:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-25 04:05:41 -------- d-----w- c:\users\matt\appdata\local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2014-01-17 21:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 10:25:11.48 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/19/2012 5:15:06 PM
System Uptime: 3/6/2014 8:56:19 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0K138P
Processor: Pentium® Dual-Core CPU       T4200  @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 152.201 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Shockwave Player 12.0
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audible Download Manager
Bonjour
CrashPlan
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Touchpad
Dell V520 Series Uninstaller
Dropbox
Facebook Messenger 2.1.4814.0
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
IDT Audio
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft OneNote 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
OEM Logo and Information
PhoneClean 3.2.0
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.6
Spotify
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Wise Disk Cleaner 8.03
Wise Registry Cleaner 7.94
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Staff

Hello and welcome to malwarebytes

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thanks for your help. I ran the Farbar Scan, and here is the FRST result. I didn't see the Addition.txt you mentioned, though. Sorry, I'm new to doing these kind of deep scans.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014 01
Ran by Matt (administrator) on MATT-PC on 08-03-2014 20:47:06
Running from C:\Users\Matt\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Dell V520 Series\DKADGmon.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [278528 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295072 2012-12-26] (RealNetworks, Inc.)
HKLM\...\Run: [DKADGmon] - C:\Program Files\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-06] (IDT, Inc.)
HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-08] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [spotify Web Helper] - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-12] (Spotify Ltd)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [DKADGmon] - C:\Program Files\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [Amazon Cloud Player] - C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\MountPoints2: {4fe22fb4-0580-11e2-9303-002564579899} - E:\unlock.exe autoplay=true
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Desktop) - C:\Users\Matt\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-02]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-02]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-02]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj [2013-09-07]
CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-07]
CHR Extension: (avast! Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08]
CHR Extension: (Clearly) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-03-07]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-09-07]
CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-02]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-09-07]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-02]
CHR Extension: (RSS Feed Reader) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-08-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-08]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
========================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-08] (AVAST Software)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-06] (IDT, Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-08] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-03-08] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252592 2014-03-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-03-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-08 20:47 - 2014-03-08 20:47 - 00022012 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-03-08 20:45 - 2014-03-08 20:46 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (2).exe
2014-03-08 20:43 - 2014-03-08 20:43 - 00052747 _____ () C:\Users\Matt\Desktop\FRST_march_8.txt
2014-03-08 20:40 - 2014-03-08 20:40 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (1).exe
2014-03-08 19:20 - 2014-03-08 19:30 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-03-08 17:05 - 2014-03-08 17:05 - 00100104 _____ (Kaspersky Lab) C:\Users\Matt\Downloads\kateskiller.exe
2014-03-08 07:42 - 2014-03-08 07:42 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-08 07:42 - 2014-03-08 07:42 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVAST Software
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 _____ () C:\Windows\setupact.log
2014-03-08 07:40 - 2014-03-08 07:39 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-08 07:40 - 2014-03-08 07:39 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-08 07:40 - 2014-03-08 07:39 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-08 07:40 - 2014-03-08 07:38 - 00252592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2014-03-08 07:39 - 2014-03-08 07:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-08 07:38 - 2014-03-08 07:38 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2014-03-08 07:36 - 2014-03-08 07:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-08 07:30 - 2014-03-08 07:30 - 04669416 _____ (AVAST Software) C:\Users\Matt\Downloads\avast_premier_antivirus_setup_online.exe
2014-03-08 07:30 - 2014-03-08 07:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-08 00:30 - 2014-03-08 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\iExplore.exe
2014-03-07 22:51 - 2014-03-07 22:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.Run.exe
2014-03-07 21:45 - 2014-03-07 21:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-03-07 21:45 - 2014-03-07 21:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 21:45 - 2014-03-07 21:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 21:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 20:17 - 2014-03-07 20:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-07 20:12 - 2014-03-07 20:15 - 00033553 _____ () C:\Users\Matt\Downloads\Addition.txt
2014-03-07 20:11 - 2014-03-08 20:47 - 00000000 ____D () C:\FRST
2014-03-07 20:11 - 2014-03-08 20:42 - 00052747 _____ () C:\Users\Matt\Downloads\FRST.txt
2014-03-07 20:11 - 2014-03-07 20:11 - 01145344 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2014-03-07 17:59 - 2014-03-07 17:59 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-07 17:59 - 2014-03-07 17:59 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-07 17:48 - 2014-03-07 17:48 - 36862640 _____ () C:\Users\Matt\Downloads\WD_SmartWare_Installer_2.3.0.20.zip
2014-03-07 17:38 - 2014-03-07 18:00 - 00014402 _____ () C:\Windows\DPINST.LOG
2014-03-07 17:21 - 2014-03-07 17:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 17:20 - 2014-03-07 17:20 - 00930952 _____ (CNET Download.com) C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-03-07 16:32 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-07 16:32 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-07 16:32 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-07 16:32 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-07 16:32 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-07 16:32 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-07 16:32 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-07 16:32 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-07 16:32 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-07 16:32 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-07 16:32 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-07 16:32 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-07 16:32 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-07 16:32 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-07 16:32 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-07 16:32 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-07 16:01 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-07 16:00 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-07 16:00 - 2013-10-29 21:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-03-07 16:00 - 2013-10-29 20:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-07 16:00 - 2013-10-29 19:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-07 16:00 - 2013-10-29 19:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-07 16:00 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-07 16:00 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-07 16:00 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-07 16:00 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-03-07 16:00 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-07 16:00 - 2013-10-10 19:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-03-07 16:00 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-07 16:00 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-07 16:00 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-07 16:00 - 2013-10-03 07:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-07 15:46 - 2014-03-07 15:46 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Intel Corporation
2014-03-07 15:42 - 2009-12-17 10:25 - 00433176 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-03-07 15:41 - 2014-03-07 15:41 - 10607056 _____ (Hewlett-Packard ) C:\Users\Matt\Downloads\sp47845.exe
2014-03-07 15:39 - 2014-03-07 15:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic.diagcab
2014-03-07 15:39 - 2014-03-07 15:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-07 15:34 - 2014-03-07 15:35 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86 (1).msu
2014-03-07 15:25 - 2014-03-07 15:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2014-03-06 20:58 - 2014-03-06 20:58 - 00100432 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 20:56 - 2014-03-08 11:06 - 00017648 _____ () C:\Windows\PFRO.log
2014-03-06 20:56 - 2014-03-07 17:03 - 00371512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 14:10 - 2014-03-08 19:30 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-06 14:10 - 2014-03-08 00:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-06 14:10 - 2014-03-06 20:57 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-06 14:10 - 2014-03-06 20:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-06 14:10 - 2014-03-06 14:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-06 14:10 - 2014-03-06 14:10 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-06 14:10 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-03-06 14:08 - 2014-03-06 14:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.2.exe
2014-03-06 13:53 - 2014-03-06 14:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 13:51 - 2014-03-06 13:51 - 00000104 _____ () C:\Users\Matt\Desktop\Recycle Bin - Shortcut.lnk
2014-03-06 13:46 - 2014-03-06 14:06 - 00000000 ____D () C:\Users\Matt\Desktop\mbar
2014-03-06 13:43 - 2014-03-06 13:43 - 00380416 _____ () C:\Users\Matt\Downloads\8z5w3dui.exe
2014-03-06 12:00 - 2014-03-06 12:00 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-06 11:59 - 2014-03-08 07:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-06 11:59 - 2014-03-06 11:59 - 00000000 ____D () C:\Program Files\Adobe
2014-03-06 11:45 - 2014-03-06 11:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.exe
2014-03-06 11:43 - 2014-03-06 11:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.com
2014-03-06 10:36 - 2014-03-06 10:36 - 00008560 _____ () C:\Users\Matt\Desktop\Attach_Malwarebytes.txt
2014-03-06 10:22 - 2014-03-06 10:23 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.com
2014-03-05 18:02 - 2014-03-05 18:02 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-03-05 18:02 - 2014-03-05 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 18:01 - 2014-03-05 18:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-05 17:17 - 2014-03-05 17:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-consumer.exe
2014-03-05 16:48 - 2014-03-05 16:49 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds (1).scr
2014-03-05 16:44 - 2014-03-05 16:44 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.scr
2014-03-05 15:42 - 2014-03-05 15:42 - 00021232 _____ () C:\Users\Matt\Downloads\Fix WU.zip
2014-03-05 15:42 - 2014-03-05 15:42 - 00000000 ____D () C:\Users\Matt\Downloads\Fix WU
2014-03-05 15:30 - 2014-03-05 15:30 - 00000044 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2014-03-05 15:29 - 2014-03-05 15:30 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-05 15:28 - 2014-03-05 15:28 - 00668048 _____ ( ) C:\Users\Matt\Downloads\ZipOpenerSetup.exe
2014-03-03 22:34 - 2014-03-08 19:36 - 01854796 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 00:05 - 2014-03-01 00:11 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\WiseUpdate
2014-02-27 21:20 - 2014-02-27 21:20 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-27 21:19 - 2014-02-27 21:20 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 21:19 - 2014-02-27 21:20 - 00000000 ____D () C:\Program Files\iTunes
2014-02-27 21:19 - 2014-02-27 21:19 - 00000000 ____D () C:\Program Files\iPod
2014-02-27 21:13 - 2014-02-27 21:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\ProgramData\Sun
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-25 09:52 - 2014-02-25 09:51 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-25 09:51 - 2014-02-25 09:51 - 00000000 ____D () C:\Program Files\Java
2014-02-25 09:50 - 2014-02-25 09:50 - 00921000 _____ (Oracle Corporation) C:\Users\Matt\Downloads\chromeinstall-7u51.exe
2014-02-24 23:11 - 2014-02-24 23:12 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86.msu
2014-02-15 10:59 - 2014-02-15 11:00 - 168036333 _____ () C:\Users\Matt\Downloads\De-La-Soul-Is-Dead (1).zip
2014-02-15 10:58 - 2014-02-15 10:59 - 160849169 _____ () C:\Users\Matt\Downloads\Stakes-Is-High.zip
2014-02-15 00:11 - 2014-02-15 00:13 - 159346091 _____ () C:\Users\Matt\Downloads\3-Feet-High.zip
2014-02-15 00:11 - 2014-02-15 00:13 - 114367391 _____ () C:\Users\Matt\Downloads\Buhloone-Mindstate.zip
2014-02-14 23:57 - 2014-02-14 23:57 - 00000215 _____ () C:\Users\Matt\Downloads\Valentine's_Day_Promo.vcf
2014-02-14 14:00 - 2014-02-14 14:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1.tif
2014-02-14 14:00 - 2014-02-14 14:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1 (1).tif
 
==================== One Month Modified Files and Folders =======
 
2014-03-08 20:47 - 2014-03-08 20:47 - 00022012 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-03-08 20:47 - 2014-03-07 20:11 - 00000000 ____D () C:\FRST
2014-03-08 20:46 - 2014-03-08 20:45 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (2).exe
2014-03-08 20:43 - 2014-03-08 20:43 - 00052747 _____ () C:\Users\Matt\Desktop\FRST_march_8.txt
2014-03-08 20:42 - 2014-03-07 20:11 - 00052747 _____ () C:\Users\Matt\Downloads\FRST.txt
2014-03-08 20:40 - 2014-03-08 20:40 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (1).exe
2014-03-08 19:58 - 2012-09-21 08:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 19:58 - 2012-09-21 08:06 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 19:36 - 2014-03-03 22:34 - 01854796 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 19:30 - 2014-03-08 19:20 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-03-08 19:30 - 2014-03-06 14:10 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-08 19:29 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 19:29 - 2006-11-02 07:45 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 19:29 - 2006-11-02 07:45 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 19:28 - 2006-11-02 07:58 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-08 18:57 - 2012-12-03 15:52 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2621633412-1475908225-2326514310-1000UA.job
2014-03-08 17:05 - 2014-03-08 17:05 - 00100104 _____ (Kaspersky Lab) C:\Users\Matt\Downloads\kateskiller.exe
2014-03-08 11:06 - 2014-03-06 20:56 - 00017648 _____ () C:\Windows\PFRO.log
2014-03-08 07:49 - 2014-03-06 11:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-08 07:42 - 2014-03-08 07:42 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-08 07:42 - 2014-03-08 07:42 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVAST Software
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 07:42 - 2014-03-08 07:42 - 00000000 _____ () C:\Windows\setupact.log
2014-03-08 07:41 - 2012-09-19 13:33 - 00000000 ____D () C:\Users\Matt
2014-03-08 07:39 - 2014-03-08 07:40 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-08 07:39 - 2014-03-08 07:40 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-08 07:39 - 2014-03-08 07:40 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-08 07:39 - 2014-03-08 07:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-08 07:38 - 2014-03-08 07:40 - 00252592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2014-03-08 07:38 - 2014-03-08 07:38 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2014-03-08 07:36 - 2014-03-08 07:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-08 07:30 - 2014-03-08 07:30 - 04669416 _____ (AVAST Software) C:\Users\Matt\Downloads\avast_premier_antivirus_setup_online.exe
2014-03-08 07:30 - 2014-03-08 07:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-08 00:30 - 2014-03-08 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\iExplore.exe
2014-03-08 00:29 - 2014-03-06 14:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 00:23 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-08 00:00 - 2006-11-02 05:22 - 46137344 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-08 00:00 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-08 00:00 - 2006-11-02 05:22 - 00053248 _____ () C:\Windows\system32\config\SAM.bak
2014-03-08 00:00 - 2006-11-02 05:22 - 00020480 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-07 23:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-07 23:19 - 2006-11-02 05:33 - 00752486 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 22:51 - 2014-03-07 22:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.Run.exe
2014-03-07 21:45 - 2014-03-07 21:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-03-07 21:45 - 2014-03-07 21:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 21:45 - 2014-03-07 21:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 21:33 - 2013-09-05 22:54 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Wise Disk Cleaner
2014-03-07 20:17 - 2014-03-07 20:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-07 20:15 - 2014-03-07 20:12 - 00033553 _____ () C:\Users\Matt\Downloads\Addition.txt
2014-03-07 20:11 - 2014-03-07 20:11 - 01145344 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2014-03-07 18:08 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-03-07 18:00 - 2014-03-07 17:38 - 00014402 _____ () C:\Windows\DPINST.LOG
2014-03-07 17:59 - 2014-03-07 17:59 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-07 17:59 - 2014-03-07 17:59 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-07 17:58 - 2012-09-23 20:07 - 00000000 ____D () C:\ProgramData\Western Digital
2014-03-07 17:51 - 2013-04-29 14:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-07 17:48 - 2014-03-07 17:48 - 36862640 _____ () C:\Users\Matt\Downloads\WD_SmartWare_Installer_2.3.0.20.zip
2014-03-07 17:27 - 2014-03-07 17:21 - 00000000 ____D () C:\AdwCleaner
2014-03-07 17:20 - 2014-03-07 17:20 - 00930952 _____ (CNET Download.com) C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-03-07 17:03 - 2014-03-06 20:56 - 00371512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 16:55 - 2012-09-20 13:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-07 16:53 - 2013-07-15 11:07 - 00000000 ___RD () C:\Program Files\Skype
2014-03-07 16:53 - 2013-07-15 11:07 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 16:51 - 2012-09-21 08:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-07 16:51 - 2012-09-21 08:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-07 16:44 - 2013-07-11 09:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-07 15:57 - 2012-12-03 15:52 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2621633412-1475908225-2326514310-1000Core.job
2014-03-07 15:46 - 2014-03-07 15:46 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Intel Corporation
2014-03-07 15:46 - 2012-09-20 13:58 - 00000000 ____D () C:\Intel
2014-03-07 15:45 - 2012-09-20 13:59 - 00000000 ____D () C:\Program Files\Intel
2014-03-07 15:41 - 2014-03-07 15:41 - 10607056 _____ (Hewlett-Packard ) C:\Users\Matt\Downloads\sp47845.exe
2014-03-07 15:39 - 2014-03-07 15:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic.diagcab
2014-03-07 15:39 - 2014-03-07 15:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-07 15:35 - 2014-03-07 15:34 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86 (1).msu
2014-03-07 15:30 - 2012-09-22 17:53 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Spotify
2014-03-07 15:25 - 2014-03-07 15:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2014-03-07 14:22 - 2013-03-02 13:24 - 00000000 ____D () C:\ProgramData\DellUpdate
2014-03-06 20:58 - 2014-03-06 20:58 - 00100432 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 20:57 - 2014-03-06 14:10 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-06 20:57 - 2014-03-06 14:10 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-06 14:12 - 2014-03-06 14:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-06 14:10 - 2014-03-06 14:10 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-06 14:08 - 2014-03-06 14:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.2.exe
2014-03-06 14:06 - 2014-03-06 13:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 14:06 - 2014-03-06 13:46 - 00000000 ____D () C:\Users\Matt\Desktop\mbar
2014-03-06 13:51 - 2014-03-06 13:51 - 00000104 _____ () C:\Users\Matt\Desktop\Recycle Bin - Shortcut.lnk
2014-03-06 13:43 - 2014-03-06 13:43 - 00380416 _____ () C:\Users\Matt\Downloads\8z5w3dui.exe
2014-03-06 12:02 - 2012-09-24 15:25 - 00000000 ____D () C:\Users\Matt\AppData\Local\Adobe
2014-03-06 12:00 - 2014-03-06 12:00 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-06 11:59 - 2014-03-06 11:59 - 00000000 ____D () C:\Program Files\Adobe
2014-03-06 11:59 - 2012-09-21 08:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-06 11:46 - 2014-03-06 11:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.exe
2014-03-06 11:43 - 2014-03-06 11:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.com
2014-03-06 10:36 - 2014-03-06 10:36 - 00008560 _____ () C:\Users\Matt\Desktop\Attach_Malwarebytes.txt
2014-03-06 10:23 - 2014-03-06 10:22 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.com
2014-03-05 18:02 - 2014-03-05 18:02 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-03-05 18:02 - 2014-03-05 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 18:01 - 2014-03-05 18:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-05 17:17 - 2014-03-05 17:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-consumer.exe
2014-03-05 16:49 - 2014-03-05 16:48 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds (1).scr
2014-03-05 16:44 - 2014-03-05 16:44 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.scr
2014-03-05 15:42 - 2014-03-05 15:42 - 00021232 _____ () C:\Users\Matt\Downloads\Fix WU.zip
2014-03-05 15:42 - 2014-03-05 15:42 - 00000000 ____D () C:\Users\Matt\Downloads\Fix WU
2014-03-05 15:30 - 2014-03-05 15:30 - 00000044 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2014-03-05 15:30 - 2014-03-05 15:29 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-05 15:28 - 2014-03-05 15:28 - 00668048 _____ ( ) C:\Users\Matt\Downloads\ZipOpenerSetup.exe
2014-03-05 14:57 - 2013-03-02 13:32 - 00000000 ____D () C:\ProgramData\ABBYY
2014-03-05 12:55 - 2012-09-19 13:33 - 00000000 ___RD () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-05 11:47 - 2012-09-21 17:50 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Apple Computer
2014-03-05 11:17 - 2014-01-23 10:10 - 00000000 ____D () C:\Users\Matt\AppData\Local\FBCBC565-3E66-4F6D-84D1-685CEEF89A4E.aplzod
2014-03-03 15:56 - 2013-10-22 13:10 - 00000428 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2014-03-03 15:01 - 2012-09-22 17:54 - 00000000 ____D () C:\Users\Matt\AppData\Local\Spotify
2014-03-03 14:10 - 2013-09-13 16:35 - 00000440 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2014-03-01 00:11 - 2014-03-01 00:05 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\WiseUpdate
2014-02-27 21:20 - 2014-02-27 21:20 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-27 21:20 - 2014-02-27 21:19 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 21:20 - 2014-02-27 21:19 - 00000000 ____D () C:\Program Files\iTunes
2014-02-27 21:19 - 2014-02-27 21:19 - 00000000 ____D () C:\Program Files\iPod
2014-02-27 21:19 - 2012-09-21 17:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-27 21:13 - 2014-02-27 21:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-27 09:14 - 2012-09-20 15:56 - 00000000 ____D () C:\Users\Matt\Documents\Dissertation
2014-02-27 08:40 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\IME
2014-02-26 09:30 - 2012-09-21 18:05 - 00000000 ____D () C:\Program Files\CrashPlan
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\ProgramData\Sun
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-25 09:52 - 2014-02-25 09:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-25 09:51 - 2014-02-25 09:52 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-25 09:51 - 2014-02-25 09:51 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-25 09:51 - 2014-02-25 09:51 - 00000000 ____D () C:\Program Files\Java
2014-02-25 09:50 - 2014-02-25 09:50 - 00921000 _____ (Oracle Corporation) C:\Users\Matt\Downloads\chromeinstall-7u51.exe
2014-02-24 23:12 - 2014-02-24 23:11 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86.msu
2014-02-19 23:00 - 2013-09-03 18:57 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 11:00 - 2014-02-15 10:59 - 168036333 _____ () C:\Users\Matt\Downloads\De-La-Soul-Is-Dead (1).zip
2014-02-15 10:59 - 2014-02-15 10:58 - 160849169 _____ () C:\Users\Matt\Downloads\Stakes-Is-High.zip
2014-02-15 00:13 - 2014-02-15 00:11 - 159346091 _____ () C:\Users\Matt\Downloads\3-Feet-High.zip
2014-02-15 00:13 - 2014-02-15 00:11 - 114367391 _____ () C:\Users\Matt\Downloads\Buhloone-Mindstate.zip
2014-02-14 23:57 - 2014-02-14 23:57 - 00000215 _____ () C:\Users\Matt\Downloads\Valentine's_Day_Promo.vcf
2014-02-14 14:00 - 2014-02-14 14:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1.tif
2014-02-14 14:00 - 2014-02-14 14:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1 (1).tif
2014-02-11 09:22 - 2013-01-09 09:32 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Dropbox
2014-02-11 09:14 - 2013-01-09 09:42 - 00000000 ___RD () C:\Users\Matt\Dropbox
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-08 19:37
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Staff

Please run the following;

Download the attached fixlist.txt file and save it to the Desktop.

FixList.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Link to post
Share on other sites

Okay, so here is the FRST notepad result, followed by the Fixlog.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2014 01
Ran by Matt (administrator) on MATT-PC on 09-03-2014 17:52:04
Running from C:\Users\Matt\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\Dell V520 Series\DKADGmon.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [278528 2010-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295072 2012-12-26] (RealNetworks, Inc.)
HKLM\...\Run: [DKADGmon] - C:\Program Files\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] - C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-06] (IDT, Inc.)
HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-08] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [spotify Web Helper] - C:\Users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-12] (Spotify Ltd)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [DKADGmon] - C:\Program Files\Dell V520 Series\DKADGmon.exe [951656 2012-11-07] ()
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [Amazon Cloud Player] - C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Run: [spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2621633412-1475908225-2326514310-1000\...\MountPoints2: {4fe22fb4-0580-11e2-9303-002564579899} - E:\unlock.exe autoplay=true
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Facebook Desktop) - C:\Users\Matt\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-02]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-02]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-02]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj [2013-09-07]
CHR Extension: (AdBlock) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-07]
CHR Extension: (avast! Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08]
CHR Extension: (Clearly) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-03-07]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-09-07]
CHR Extension: (Skype Click to Call) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-02]
CHR Extension: (No Name) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-09-07]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-02]
CHR Extension: (RSS Feed Reader) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2013-08-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-08]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
========================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-08] (AVAST Software)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [152576 2012-08-16] (CrashPlan)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-06] (IDT, Inc.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-03-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-03-08] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-03-08] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [252592 2014-03-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-03-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-03-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-03-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-03-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-03-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-03-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-08] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Users\Matt\Desktop\FRST-OlderVersion
2014-03-09 17:50 - 2014-03-09 17:50 - 00002086 _____ () C:\Users\Matt\Desktop\FixList.txt
2014-03-09 17:49 - 2014-03-09 17:49 - 00002086 _____ () C:\Users\Matt\Downloads\FixList.txt
2014-03-08 22:55 - 2014-03-08 22:59 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-08 21:47 - 2014-03-09 17:52 - 00022151 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-03-08 21:45 - 2014-03-08 21:46 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (2).exe
2014-03-08 21:40 - 2014-03-08 21:40 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (1).exe
2014-03-08 20:20 - 2014-03-09 17:27 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-03-08 18:05 - 2014-03-08 18:05 - 00100104 _____ (Kaspersky Lab) C:\Users\Matt\Downloads\kateskiller.exe
2014-03-08 08:42 - 2014-03-08 08:42 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-08 08:42 - 2014-03-08 08:42 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVAST Software
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 _____ () C:\Windows\setupact.log
2014-03-08 08:40 - 2014-03-08 08:39 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-08 08:40 - 2014-03-08 08:39 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-08 08:40 - 2014-03-08 08:39 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-08 08:40 - 2014-03-08 08:38 - 00252592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2014-03-08 08:39 - 2014-03-08 08:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-08 08:38 - 2014-03-08 08:38 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2014-03-08 08:36 - 2014-03-08 08:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-08 08:30 - 2014-03-08 08:30 - 04669416 _____ (AVAST Software) C:\Users\Matt\Downloads\avast_premier_antivirus_setup_online.exe
2014-03-08 08:30 - 2014-03-08 08:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-08 01:30 - 2014-03-08 01:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\iExplore.exe
2014-03-07 23:51 - 2014-03-07 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.Run.exe
2014-03-07 22:45 - 2014-03-07 22:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-03-07 22:45 - 2014-03-07 22:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 22:45 - 2014-03-07 22:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 22:45 - 2013-04-04 15:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 21:17 - 2014-03-07 21:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-07 21:12 - 2014-03-07 21:15 - 00033553 _____ () C:\Users\Matt\Downloads\Addition.txt
2014-03-07 21:11 - 2014-03-09 17:52 - 00000000 ____D () C:\FRST
2014-03-07 21:11 - 2014-03-09 17:51 - 01145856 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2014-03-07 21:11 - 2014-03-08 21:42 - 00052747 _____ () C:\Users\Matt\Downloads\FRST.txt
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-07 18:48 - 2014-03-07 18:48 - 36862640 _____ () C:\Users\Matt\Downloads\WD_SmartWare_Installer_2.3.0.20.zip
2014-03-07 18:38 - 2014-03-07 19:00 - 00014402 _____ () C:\Windows\DPINST.LOG
2014-03-07 18:21 - 2014-03-07 18:27 - 00000000 ____D () C:\AdwCleaner
2014-03-07 18:20 - 2014-03-07 18:20 - 00930952 _____ (CNET Download.com) C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-03-07 17:32 - 2014-02-05 04:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-07 17:32 - 2014-02-05 04:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-07 17:32 - 2014-02-05 04:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-07 17:32 - 2014-02-05 04:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-07 17:32 - 2014-02-05 04:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-07 17:32 - 2014-02-05 04:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-07 17:32 - 2014-02-05 04:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-07 17:32 - 2014-02-05 04:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-07 17:32 - 2014-02-05 04:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-07 17:32 - 2014-02-05 04:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-07 17:32 - 2014-02-05 04:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-07 17:32 - 2014-02-05 04:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-07 17:32 - 2014-02-05 04:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-07 17:32 - 2014-02-05 04:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-07 17:32 - 2014-02-05 04:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-07 17:32 - 2014-02-05 04:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-07 17:01 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-07 17:00 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-07 17:00 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-03-07 17:00 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-07 17:00 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-07 17:00 - 2013-10-29 20:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-07 17:00 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-07 17:00 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-07 17:00 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-07 17:00 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2014-03-07 17:00 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-07 17:00 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-03-07 17:00 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-07 17:00 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-07 17:00 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-07 17:00 - 2013-10-03 08:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-07 16:46 - 2014-03-07 16:46 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Intel Corporation
2014-03-07 16:42 - 2009-12-17 11:25 - 00433176 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-03-07 16:41 - 2014-03-07 16:41 - 10607056 _____ (Hewlett-Packard ) C:\Users\Matt\Downloads\sp47845.exe
2014-03-07 16:39 - 2014-03-07 16:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic.diagcab
2014-03-07 16:39 - 2014-03-07 16:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-07 16:34 - 2014-03-07 16:35 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86 (1).msu
2014-03-07 16:25 - 2014-03-07 16:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2014-03-06 21:58 - 2014-03-06 21:58 - 00100432 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 21:56 - 2014-03-08 12:06 - 00017648 _____ () C:\Windows\PFRO.log
2014-03-06 21:56 - 2014-03-07 18:03 - 00371512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 15:10 - 2014-03-09 17:26 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-06 15:10 - 2014-03-08 01:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-06 15:10 - 2014-03-06 21:57 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-06 15:10 - 2014-03-06 21:57 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-06 15:10 - 2014-03-06 15:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-06 15:10 - 2014-03-06 15:10 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-06 15:10 - 2013-09-20 11:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-03-06 15:08 - 2014-03-06 15:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.2.exe
2014-03-06 14:53 - 2014-03-06 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 14:51 - 2014-03-06 14:51 - 00000104 _____ () C:\Users\Matt\Desktop\Recycle Bin - Shortcut.lnk
2014-03-06 14:46 - 2014-03-06 15:06 - 00000000 ____D () C:\Users\Matt\Desktop\mbar
2014-03-06 14:43 - 2014-03-06 14:43 - 00380416 _____ () C:\Users\Matt\Downloads\8z5w3dui.exe
2014-03-06 13:00 - 2014-03-06 13:00 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-06 12:59 - 2014-03-08 08:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-06 12:59 - 2014-03-06 12:59 - 00000000 ____D () C:\Program Files\Adobe
2014-03-06 12:45 - 2014-03-06 12:46 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.exe
2014-03-06 12:43 - 2014-03-06 12:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.com
2014-03-06 11:36 - 2014-03-06 11:36 - 00008560 _____ () C:\Users\Matt\Desktop\Attach_Malwarebytes.txt
2014-03-06 11:22 - 2014-03-06 11:23 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.com
2014-03-05 19:02 - 2014-03-05 19:02 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-03-05 19:02 - 2014-03-05 19:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 19:01 - 2014-03-05 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-05 18:17 - 2014-03-05 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-consumer.exe
2014-03-05 17:48 - 2014-03-05 17:49 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds (1).scr
2014-03-05 17:44 - 2014-03-05 17:44 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.scr
2014-03-05 16:42 - 2014-03-05 16:42 - 00021232 _____ () C:\Users\Matt\Downloads\Fix WU.zip
2014-03-05 16:42 - 2014-03-05 16:42 - 00000000 ____D () C:\Users\Matt\Downloads\Fix WU
2014-03-05 16:30 - 2014-03-05 16:30 - 00000044 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2014-03-05 16:29 - 2014-03-05 16:30 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-05 16:28 - 2014-03-05 16:28 - 00668048 _____ ( ) C:\Users\Matt\Downloads\ZipOpenerSetup.exe
2014-03-03 23:34 - 2014-03-09 17:35 - 01876949 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 01:05 - 2014-03-01 01:11 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\WiseUpdate
2014-02-27 22:20 - 2014-02-27 22:20 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-27 22:19 - 2014-02-27 22:20 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 22:19 - 2014-02-27 22:20 - 00000000 ____D () C:\Program Files\iTunes
2014-02-27 22:19 - 2014-02-27 22:19 - 00000000 ____D () C:\Program Files\iPod
2014-02-27 22:13 - 2014-02-27 22:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\ProgramData\Sun
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-25 10:52 - 2014-02-25 10:51 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-25 10:51 - 2014-02-25 10:51 - 00000000 ____D () C:\Program Files\Java
2014-02-25 10:50 - 2014-02-25 10:50 - 00921000 _____ (Oracle Corporation) C:\Users\Matt\Downloads\chromeinstall-7u51.exe
2014-02-25 00:11 - 2014-02-25 00:12 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86.msu
2014-02-15 11:59 - 2014-02-15 12:00 - 168036333 _____ () C:\Users\Matt\Downloads\De-La-Soul-Is-Dead (1).zip
2014-02-15 11:58 - 2014-02-15 11:59 - 160849169 _____ () C:\Users\Matt\Downloads\Stakes-Is-High.zip
2014-02-15 01:11 - 2014-02-15 01:13 - 159346091 _____ () C:\Users\Matt\Downloads\3-Feet-High.zip
2014-02-15 01:11 - 2014-02-15 01:13 - 114367391 _____ () C:\Users\Matt\Downloads\Buhloone-Mindstate.zip
2014-02-15 00:57 - 2014-02-15 00:57 - 00000215 _____ () C:\Users\Matt\Downloads\Valentine's_Day_Promo.vcf
2014-02-14 15:00 - 2014-02-14 15:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1.tif
2014-02-14 15:00 - 2014-02-14 15:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1 (1).tif
 
==================== One Month Modified Files and Folders =======
 
2014-03-09 17:52 - 2014-03-08 21:47 - 00022151 _____ () C:\Users\Matt\Desktop\FRST.txt
2014-03-09 17:52 - 2014-03-07 21:11 - 00000000 ____D () C:\FRST
2014-03-09 17:51 - 2014-03-09 17:51 - 00000000 ____D () C:\Users\Matt\Desktop\FRST-OlderVersion
2014-03-09 17:51 - 2014-03-07 21:11 - 01145856 _____ (Farbar) C:\Users\Matt\Desktop\FRST.exe
2014-03-09 17:50 - 2014-03-09 17:50 - 00002086 _____ () C:\Users\Matt\Desktop\FixList.txt
2014-03-09 17:49 - 2014-03-09 17:49 - 00002086 _____ () C:\Users\Matt\Downloads\FixList.txt
2014-03-09 17:35 - 2014-03-03 23:34 - 01876949 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 17:32 - 2006-11-02 06:33 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-09 17:27 - 2014-03-08 20:20 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2014-03-09 17:26 - 2014-03-06 15:10 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-09 17:24 - 2012-09-21 09:06 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 17:24 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 17:24 - 2006-11-02 08:45 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 17:24 - 2006-11-02 08:45 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 13:26 - 2006-11-02 08:58 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-09 12:58 - 2012-09-21 09:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-09 12:57 - 2012-12-03 16:52 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2621633412-1475908225-2326514310-1000UA.job
2014-03-08 22:59 - 2014-03-08 22:55 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-03-08 21:46 - 2014-03-08 21:45 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (2).exe
2014-03-08 21:42 - 2014-03-07 21:11 - 00052747 _____ () C:\Users\Matt\Downloads\FRST.txt
2014-03-08 21:40 - 2014-03-08 21:40 - 01145344 _____ (Farbar) C:\Users\Matt\Downloads\FRST (1).exe
2014-03-08 18:05 - 2014-03-08 18:05 - 00100104 _____ (Kaspersky Lab) C:\Users\Matt\Downloads\kateskiller.exe
2014-03-08 12:06 - 2014-03-06 21:56 - 00017648 _____ () C:\Windows\PFRO.log
2014-03-08 08:49 - 2014-03-06 12:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-08 08:42 - 2014-03-08 08:42 - 00001919 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-08 08:42 - 2014-03-08 08:42 - 00001859 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AVAST Software
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-08 08:42 - 2014-03-08 08:42 - 00000000 _____ () C:\Windows\setupact.log
2014-03-08 08:41 - 2012-09-19 14:33 - 00000000 ____D () C:\Users\Matt
2014-03-08 08:39 - 2014-03-08 08:40 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-08 08:39 - 2014-03-08 08:40 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-08 08:39 - 2014-03-08 08:40 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-08 08:39 - 2014-03-08 08:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-08 08:38 - 2014-03-08 08:40 - 00252592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2014-03-08 08:38 - 2014-03-08 08:38 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2014-03-08 08:36 - 2014-03-08 08:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-08 08:30 - 2014-03-08 08:30 - 04669416 _____ (AVAST Software) C:\Users\Matt\Downloads\avast_premier_antivirus_setup_online.exe
2014-03-08 08:30 - 2014-03-08 08:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-08 01:30 - 2014-03-08 01:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\iExplore.exe
2014-03-08 01:29 - 2014-03-06 15:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-08 01:23 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-08 01:00 - 2006-11-02 06:22 - 46137344 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-08 01:00 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-08 01:00 - 2006-11-02 06:22 - 00053248 _____ () C:\Windows\system32\config\SAM.bak
2014-03-08 01:00 - 2006-11-02 06:22 - 00020480 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-08 00:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-07 23:51 - 2014-03-07 23:51 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.Run.exe
2014-03-07 22:45 - 2014-03-07 22:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-03-07 22:45 - 2014-03-07 22:45 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 22:45 - 2014-03-07 22:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 22:33 - 2013-09-05 23:54 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Wise Disk Cleaner
2014-03-07 21:17 - 2014-03-07 21:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Matt\Downloads\mbam-clean-1.60.2.0003.exe
2014-03-07 21:15 - 2014-03-07 21:12 - 00033553 _____ () C:\Users\Matt\Downloads\Addition.txt
2014-03-07 19:08 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-03-07 19:00 - 2014-03-07 18:38 - 00014402 _____ () C:\Windows\DPINST.LOG
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files\Western Digital
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-03-07 18:58 - 2012-09-23 21:07 - 00000000 ____D () C:\ProgramData\Western Digital
2014-03-07 18:51 - 2013-04-29 15:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-07 18:48 - 2014-03-07 18:48 - 36862640 _____ () C:\Users\Matt\Downloads\WD_SmartWare_Installer_2.3.0.20.zip
2014-03-07 18:27 - 2014-03-07 18:21 - 00000000 ____D () C:\AdwCleaner
2014-03-07 18:20 - 2014-03-07 18:20 - 00930952 _____ (CNET Download.com) C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe
2014-03-07 18:03 - 2014-03-06 21:56 - 00371512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 17:55 - 2012-09-20 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-07 17:53 - 2013-07-15 12:07 - 00000000 ___RD () C:\Program Files\Skype
2014-03-07 17:53 - 2013-07-15 12:07 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 17:51 - 2012-09-21 09:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-07 17:51 - 2012-09-21 09:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-07 17:44 - 2013-07-11 10:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-07 16:57 - 2012-12-03 16:52 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2621633412-1475908225-2326514310-1000Core.job
2014-03-07 16:46 - 2014-03-07 16:46 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Intel Corporation
2014-03-07 16:46 - 2012-09-20 14:58 - 00000000 ____D () C:\Intel
2014-03-07 16:45 - 2012-09-20 14:59 - 00000000 ____D () C:\Program Files\Intel
2014-03-07 16:41 - 2014-03-07 16:41 - 10607056 _____ (Hewlett-Packard ) C:\Users\Matt\Downloads\sp47845.exe
2014-03-07 16:39 - 2014-03-07 16:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic.diagcab
2014-03-07 16:39 - 2014-03-07 16:39 - 00280204 _____ () C:\Users\Matt\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-07 16:35 - 2014-03-07 16:34 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86 (1).msu
2014-03-07 16:30 - 2012-09-22 18:53 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Spotify
2014-03-07 16:25 - 2014-03-07 16:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Matt\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe
2014-03-07 15:22 - 2013-03-02 14:24 - 00000000 ____D () C:\ProgramData\DellUpdate
2014-03-06 21:58 - 2014-03-06 21:58 - 00100432 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-06 21:57 - 2014-03-06 15:10 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-06 21:57 - 2014-03-06 15:10 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-06 15:12 - 2014-03-06 15:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-06 15:10 - 2014-03-06 15:10 - 00001958 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-06 15:08 - 2014-03-06 15:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.2.exe
2014-03-06 15:06 - 2014-03-06 14:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-06 15:06 - 2014-03-06 14:46 - 00000000 ____D () C:\Users\Matt\Desktop\mbar
2014-03-06 14:51 - 2014-03-06 14:51 - 00000104 _____ () C:\Users\Matt\Desktop\Recycle Bin - Shortcut.lnk
2014-03-06 14:43 - 2014-03-06 14:43 - 00380416 _____ () C:\Users\Matt\Downloads\8z5w3dui.exe
2014-03-06 13:02 - 2012-09-24 16:25 - 00000000 ____D () C:\Users\Matt\AppData\Local\Adobe
2014-03-06 13:00 - 2014-03-06 13:00 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-06 12:59 - 2014-03-06 12:59 - 00000000 ____D () C:\Program Files\Adobe
2014-03-06 12:59 - 2012-09-21 09:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-06 12:46 - 2014-03-06 12:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.exe
2014-03-06 12:43 - 2014-03-06 12:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matt\Downloads\rkill.com
2014-03-06 11:36 - 2014-03-06 11:36 - 00008560 _____ () C:\Users\Matt\Desktop\Attach_Malwarebytes.txt
2014-03-06 11:23 - 2014-03-06 11:22 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.com
2014-03-05 19:02 - 2014-03-05 19:02 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2014-03-05 19:02 - 2014-03-05 19:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-05 19:01 - 2014-03-05 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-05 18:17 - 2014-03-05 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Matt\Downloads\mbam-consumer.exe
2014-03-05 17:49 - 2014-03-05 17:48 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds (1).scr
2014-03-05 17:44 - 2014-03-05 17:44 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.scr
2014-03-05 16:42 - 2014-03-05 16:42 - 00021232 _____ () C:\Users\Matt\Downloads\Fix WU.zip
2014-03-05 16:42 - 2014-03-05 16:42 - 00000000 ____D () C:\Users\Matt\Downloads\Fix WU
2014-03-05 16:30 - 2014-03-05 16:30 - 00000044 _____ () C:\Users\Matt\AppData\Roaming\WB.CFG
2014-03-05 16:30 - 2014-03-05 16:29 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-05 16:28 - 2014-03-05 16:28 - 00668048 _____ ( ) C:\Users\Matt\Downloads\ZipOpenerSetup.exe
2014-03-05 15:57 - 2013-03-02 14:32 - 00000000 ____D () C:\ProgramData\ABBYY
2014-03-05 13:55 - 2012-09-19 14:33 - 00000000 ___RD () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-05 12:47 - 2012-09-21 18:50 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Apple Computer
2014-03-05 12:17 - 2014-01-23 11:10 - 00000000 ____D () C:\Users\Matt\AppData\Local\FBCBC565-3E66-4F6D-84D1-685CEEF89A4E.aplzod
2014-03-03 16:56 - 2013-10-22 14:10 - 00000428 _____ () C:\Windows\Tasks\Wise Disk Cleaner Schedule Task.job
2014-03-03 16:01 - 2012-09-22 18:54 - 00000000 ____D () C:\Users\Matt\AppData\Local\Spotify
2014-03-03 15:10 - 2013-09-13 17:35 - 00000440 _____ () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2014-03-01 01:11 - 2014-03-01 01:05 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\WiseUpdate
2014-02-27 22:20 - 2014-02-27 22:20 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-27 22:20 - 2014-02-27 22:19 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-27 22:20 - 2014-02-27 22:19 - 00000000 ____D () C:\Program Files\iTunes
2014-02-27 22:19 - 2014-02-27 22:19 - 00000000 ____D () C:\Program Files\iPod
2014-02-27 22:19 - 2012-09-21 18:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-27 22:13 - 2014-02-27 22:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-02-27 10:14 - 2012-09-20 16:56 - 00000000 ____D () C:\Users\Matt\Documents\Dissertation
2014-02-27 09:40 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\IME
2014-02-26 10:30 - 2012-09-21 19:05 - 00000000 ____D () C:\Program Files\CrashPlan
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\ProgramData\Sun
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-25 10:52 - 2014-02-25 10:52 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-02-25 10:51 - 2014-02-25 10:52 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-25 10:51 - 2014-02-25 10:51 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-25 10:51 - 2014-02-25 10:51 - 00000000 ____D () C:\Program Files\Java
2014-02-25 10:50 - 2014-02-25 10:50 - 00921000 _____ (Oracle Corporation) C:\Users\Matt\Downloads\chromeinstall-7u51.exe
2014-02-25 00:12 - 2014-02-25 00:11 - 150518130 _____ () C:\Users\Matt\Downloads\Windows6.0-KB947821-v33-x86.msu
2014-02-20 00:00 - 2013-09-03 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 12:00 - 2014-02-15 11:59 - 168036333 _____ () C:\Users\Matt\Downloads\De-La-Soul-Is-Dead (1).zip
2014-02-15 11:59 - 2014-02-15 11:58 - 160849169 _____ () C:\Users\Matt\Downloads\Stakes-Is-High.zip
2014-02-15 01:13 - 2014-02-15 01:11 - 159346091 _____ () C:\Users\Matt\Downloads\3-Feet-High.zip
2014-02-15 01:13 - 2014-02-15 01:11 - 114367391 _____ () C:\Users\Matt\Downloads\Buhloone-Mindstate.zip
2014-02-15 00:57 - 2014-02-15 00:57 - 00000215 _____ () C:\Users\Matt\Downloads\Valentine's_Day_Promo.vcf
2014-02-14 15:00 - 2014-02-14 15:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1.tif
2014-02-14 15:00 - 2014-02-14 15:00 - 00073946 _____ () C:\Users\Matt\Downloads\Prynne_William-A_short_demurrer_to_the_Jewes_long-Wing-P4079-1818_24a-p1 (1).tif
2014-02-11 10:22 - 2013-01-09 10:32 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Dropbox
2014-02-11 10:14 - 2013-01-09 10:42 - 00000000 ___RD () C:\Users\Matt\Dropbox
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-09 17:34
 
==================== End Of Log ============================
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-03-2014 01
Ran by Matt at 2014-03-09 17:53:20 Run:1
Running from C:\Users\Matt\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyBzyzzzyzy0EyCyBtBtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1StN1L1G1B1V1N2Y1L1Qzu2StAtA0E0BtB0ByCtBtGyBtBtC0DtG0D0D0AtAtGtByDyByCtGtD0F0ByCzzzytDtDyB0AyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0AyE0C0BtC0BtG0EyB0AtAtG0CtC0CzztG0DtDyDzztGtCyByCyE0C0B0AzytAyCzyyB2Q&cr=1757847756&ir=
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
end
 
 
 
 
 
*****************
 
"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Staff

Please run the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
Link to post
Share on other sites

Hi. I've posted the Combofix log below, but I could not actually save the Combofix program to my desktop, as I was only getting the option of running it (or not via the screen that says "Allow" and "Deny". It did eventually run, scan and reboot, so hopefully this is what you need.

 

ComboFix 14-03-10.01 - Matt 03/10/2014  16:10:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3545.1280 [GMT -4:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna696531982106247310.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-10 to 2014-03-10  )))))))))))))))))))))))))))))))
.
.
2014-03-10 20:28 . 2014-03-10 20:33 -------- d-----w- c:\users\Matt\AppData\Local\temp
2014-03-10 20:28 . 2014-03-10 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-10 01:16 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE3C7F84-F2F9-405B-A1CD-24B793175E9F}\mpengine.dll
2014-03-10 00:59 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-09 02:55 . 2014-03-09 02:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-09 00:34 . 2014-02-17 18:30 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0224F734-8203-422A-96D7-09ABBAF450D6}\gapaengine.dll
2014-03-08 12:42 . 2014-03-08 12:42 -------- d-----w- c:\users\Matt\AppData\Roaming\AVAST Software
2014-03-08 12:40 . 2014-03-08 12:39 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-08 12:40 . 2014-03-08 12:39 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-08 12:40 . 2014-03-08 12:39 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-08 12:40 . 2014-03-08 12:39 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-08 12:40 . 2014-03-08 12:39 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-08 12:40 . 2014-03-08 12:39 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-08 12:40 . 2014-03-08 12:39 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-08 12:40 . 2014-03-08 12:39 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-08 12:40 . 2014-03-08 12:38 252592 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2014-03-08 12:40 . 2014-03-08 12:39 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-08 12:39 . 2014-03-08 12:39 43152 ----a-w- c:\windows\avastSS.scr
2014-03-08 12:38 . 2014-03-08 12:38 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2014-03-08 12:36 . 2014-03-08 12:36 -------- d-----w- c:\program files\AVAST Software
2014-03-08 12:30 . 2014-03-08 12:30 -------- d-----w- c:\programdata\AVAST Software
2014-03-08 02:45 . 2014-03-08 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-08 02:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-08 01:11 . 2014-03-09 21:53 -------- d-----w- C:\FRST
2014-03-07 22:59 . 2014-03-07 22:59 -------- d-----w- c:\program files\Common Files\Western Digital
2014-03-07 22:59 . 2014-03-07 22:59 -------- d-----w- c:\program files\Western Digital
2014-03-07 22:21 . 2014-03-07 22:27 -------- d-----w- C:\AdwCleaner
2014-03-07 22:21 . 2014-03-07 22:21 -------- d-----w- c:\windows\Migration
2014-03-07 21:01 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-07 20:46 . 2014-03-07 20:46 -------- d-----w- c:\users\Matt\AppData\Roaming\Intel Corporation
2014-03-07 20:42 . 2009-12-17 15:25 433176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2014-03-07 20:42 . 2014-03-07 20:42 -------- d-----w- C:\swsetup
2014-03-06 19:10 . 2014-03-10 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-06 19:10 . 2014-03-10 01:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-06 18:53 . 2014-03-06 19:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-06 16:59 . 2014-03-08 12:49 -------- d-----w- c:\program files\Common Files\Adobe
2014-03-05 23:02 . 2014-03-05 23:02 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2014-03-05 23:02 . 2014-03-05 23:02 -------- d-----w- c:\programdata\Malwarebytes
2014-03-01 05:05 . 2014-03-01 05:11 -------- d-----w- c:\users\Matt\AppData\Roaming\WiseUpdate
2014-02-28 02:19 . 2014-02-28 02:19 -------- d-----w- c:\program files\iPod
2014-02-28 02:19 . 2014-02-28 02:20 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-28 02:19 . 2014-02-28 02:20 -------- d-----w- c:\program files\iTunes
2014-02-28 02:13 . 2014-02-28 02:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-28 02:13 . 2014-02-28 02:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-28 02:13 . 2014-02-28 02:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-28 02:13 . 2014-02-28 02:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-28 02:13 . 2014-02-28 02:13 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-28 02:13 . 2014-02-28 02:13 -------- d-----w- c:\program files\QuickTime
2014-02-25 14:52 . 2014-02-25 14:52 -------- d-----w- c:\programdata\Oracle
2014-02-25 14:52 . 2014-02-25 14:52 -------- d-----w- c:\program files\Common Files\Java
2014-02-25 14:51 . 2014-02-25 14:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-25 14:51 . 2014-02-25 14:51 -------- d-----w- c:\program files\Java
2014-02-25 04:05 . 2014-02-25 04:05 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 18:30 . 2012-10-02 12:42 765968 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-19 07:32 . 2012-09-20 18:51 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-08 12:39 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Matt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-12 1171968]
"DKADGmon"="c:\program files\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656]
"Amazon Cloud Player"="c:\users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 278528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-12-26 295072]
"DKADGmon"="c:\program files\Dell V520 Series\DKADGmon.exe" [2012-11-08 951656]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-06 483428]
"WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2014-02-28 5545328]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-08 3767096]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-8-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-02 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:59 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-21 13:06]
.
2014-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-21 13:06]
.
2014-03-10 c:\windows\Tasks\Wise Disk Cleaner Schedule Task.job
- c:\program files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2013-09-06 22:57]
.
2014-03-10 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2013-09-13 15:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CrashPlan\CrashPlanService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-03-10  16:38:58 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-10 20:38
.
Pre-Run: 155,686,686,720 bytes free
Post-Run: 155,519,418,368 bytes free
.
- - End Of File - - B879F85A3C213C07DAEFBAAEB2E06107
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

  • Staff

Hello,

Running two antivirus programs can cause system slowdowns, conflicts and crashes so I recommend removing one of them:

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Link to post
Share on other sites

I uninstalled Avast! Here are the two reports, and thanks again for helping me.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista Home Basic x86
Ran by Matt on Tue 03/11/2014 at 10:29:00.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] qknfd 
Successfully deleted: [service] qknfd 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\wise registry cleaner schedule task.job"
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Matt\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 10:33:38.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.021 - Report created 11/03/2014 at 10:39:25
# Updated 10/03/2014 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16533
 
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3870 octets] - [07/03/2014 18:21:29]
AdwCleaner[R1].txt - [2147 octets] - [11/03/2014 10:38:20]
AdwCleaner[s0].txt - [683 octets] - [07/03/2014 18:27:42]
AdwCleaner[s1].txt - [2094 octets] - [11/03/2014 10:39:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2154 octets] ##########
 
Link to post
Share on other sites

  • Staff

looks good,

let's do a sweep for any leftovers, please do the following;

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to post
Share on other sites

Here they are.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.11.08
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT-PC [administrator]
 
Protection: Enabled
 
3/11/2014 11:51:01 AM
mbam-log-2014-03-11 (11-51-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223823
Time elapsed: 9 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_1\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_1\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_10\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_10\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_11\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_11\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_2\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_2\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_3\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_3\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_4\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_4\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_5\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_5\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_6\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_6\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_7\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_7\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_8\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_8\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_9\background.js.vir Win32/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_9\content.js.vir Win32/BrowseFox.B potentially unwanted application
C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Matt\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Matt\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.KT potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 
Link to post
Share on other sites

  • Staff

Please do the following:

Navigate to the following installer files in your downloads folder > right click and delete them:

C:\Users\Matt\Downloads\cbsidlm-cbsi183-AdwCleaner-SEO-75851221.exe

C:\Users\Matt\Downloads\Shockwave_Installer_Slim.exe

C:\Users\Matt\Downloads\ZipOpenerSetup.exe

The rest of what was detected by ESET is in quarantine already.

Please advise how the computer is running now and if there are any outstanding issues.

Link to post
Share on other sites

I deleted those three files. Does the ESET quarantine need to be emptied or deleted?

 

Otherwise, the computer is working a lot better. I've run MWB and Microsoft Essentials and there is no indication of infection. Should I delete the scan software (FRST, JST, Adware Cleaner)?

 

Thanks again.

Link to post
Share on other sites

  • Staff

Those files are in the adwCleaner quarantine which you can delete

C:\AdwCleaner\Quarantine

we just need to clean up our tools:

You can delete the DDS, FRST and JRT logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.