Jump to content

Malware, codec and linkbucks


Recommended Posts

Codec log

 

ComboFix 14-04-20.01 - Momma 04/24/2014   9:02.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3983.2635 [GMT -5:00]
Running from: c:\users\Momma\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Momma\Documents\~WRL1111.tmp
c:\users\Momma\Documents\~WRL2072.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-24 to 2014-04-24  )))))))))))))))))))))))))))))))
.
.
2014-04-24 13:31 . 2014-04-24 13:31 -------- d-----w- c:\windows\system32\appmgmt
2014-04-16 12:16 . 2014-04-24 13:34 -------- d-----w- C:\FRST
2014-04-16 12:07 . 2014-04-16 12:11 -------- d-----w- C:\AdwCleaner
2014-04-01 02:27 . 2014-04-18 17:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-01 02:27 . 2014-04-05 19:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-01 02:27 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-01 02:27 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-01 02:27 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 02:27 . 2014-04-01 02:27 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-09 17:01 . 2014-03-09 17:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-04 09:17 . 2014-04-09 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-25 09:14 . 2014-02-25 09:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-02-25 09:14 . 2014-02-25 09:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-25 09:14 . 2014-02-25 09:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-02-25 09:14 . 2014-02-25 09:14 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-02-25 09:14 . 2014-02-25 09:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-02-25 09:14 . 2014-02-25 09:14 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-02-25 09:14 . 2014-02-25 09:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-02-25 09:14 . 2014-02-25 09:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-02-25 09:14 . 2014-02-25 09:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-02-25 09:14 . 2014-02-25 09:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-25 09:14 . 2014-02-25 09:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-25 09:14 . 2014-02-25 09:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-02-25 09:14 . 2014-02-25 09:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-02-25 09:14 . 2014-02-25 09:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-02-25 09:14 . 2014-02-25 09:14 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-25 09:14 . 2014-02-25 09:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-25 09:14 . 2014-02-25 09:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-02-25 09:14 . 2014-02-25 09:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-25 09:14 . 2014-02-25 09:14 247808 ----a-w- c:\windows\system32\msls31.dll
2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-02-25 09:14 . 2014-02-25 09:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-25 09:14 . 2014-02-25 09:14 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-25 09:14 . 2014-02-25 09:14 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-02-25 09:14 . 2014-02-25 09:14 81408 ----a-w- c:\windows\system32\icardie.dll
2014-02-25 09:14 . 2014-02-25 09:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-02-25 09:14 . 2014-02-25 09:14 413696 ----a-w- c:\windows\system32\html.iec
2014-02-25 09:14 . 2014-02-25 09:14 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-25 09:14 . 2014-02-25 09:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-02-25 09:14 . 2014-02-25 09:14 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-02-25 09:14 . 2014-02-25 09:14 235520 ----a-w- c:\windows\system32\url.dll
2014-02-25 09:14 . 2014-02-25 09:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-02-25 09:14 . 2014-02-25 09:14 143872 ----a-w- c:\windows\system32\wextract.exe
2014-02-25 09:14 . 2014-02-25 09:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-25 09:14 . 2014-02-25 09:14 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-02-25 09:14 . 2014-02-25 09:14 147968 ----a-w- c:\windows\system32\occache.dll
2014-02-25 09:14 . 2014-02-25 09:14 13824 ----a-w- c:\windows\system32\mshta.exe
2014-02-25 09:14 . 2014-02-25 09:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-02-25 09:14 . 2014-02-25 09:14 774144 ----a-w- c:\windows\system32\jscript.dll
2014-02-25 09:14 . 2014-02-25 09:14 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-02-25 09:14 . 2014-02-25 09:14 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-02-25 09:00 . 2014-02-25 09:00 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-02-24 14:28 . 2013-12-14 03:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-24 14:28 . 2013-12-14 03:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-14 17:00 . 2014-02-21 21:59 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-02-14 17:00 . 2014-02-21 21:59 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-02-14 17:00 . 2014-02-21 21:59 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-02-07 01:23 . 2014-03-12 01:05 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 01:02 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 01:02 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 01:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 01:02 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 01:05 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 01:05 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 01:05 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-10-16 684064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 180304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 RalinkCountryRegion;RalinkCountryRegion;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 22:45 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]
.
2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]
.
2014-04-22 c:\windows\Tasks\HPCeeScheduleForMomma.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-04-24  09:08:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-24 14:08
.
Pre-Run: 920,301,490,176 bytes free
Post-Run: 920,288,616,448 bytes free
.
- - End Of File - - 21738543DFD473E61B572943CACB5ACB
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/24/2014
Scan Time: 9:28:17 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.24.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Momma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250773
Time Elapsed: 9 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?ctid=CT3324314&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9DC96844-5E63-468A-9D63-C8DB100B36B7&SSPV=",), ,[d156a38b0c6f96a0252a0a50d62e57a9]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
When I click a link in a page, the new tab is still opening
 with some kind of spam or offer side or the codec thing.  
Link to post
Share on other sites
  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

If it's Chrome:

First make sure you have the latest version of Chrome:

Open up Chrome > Click on the 3 bars in the upper right hand corner

Click on About Google Chrome

If there's an update available it will automatically update

Next:

Go to Tools > Clear Browser Data

Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
Click "Clear Browsing Data"

-------------------------------

Next:

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------

Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

-----------------------------

You can always reset Chrome if needed:

https://support.google.com/chrome/answer/3296214?hl=en <---reset

Let me know.....MrC

Link to post
Share on other sites

I played around and disabled native client and chrome remote desktop viewer. 

 

I don't know why I didn't mention this or think about it before.  I knew the two were connected, but my phone is picking up spam type stuff too.  I'm sure I should have said that.  Sorry.

 

So far I clicked on a 20 links to open up in new tabs, and I haven't gotten the codec.  I hope disabling both of those worked.  It *seems* to have so far.  I guess working with my computer over the next day or so should give me a definitive answer.  

Link to post
Share on other sites

OK, if it's alright..before you go:

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.82  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Avira Desktop   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 51  

 Java version out of Date! 

  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  

 Google Chrome 33.0.1750.154  

 Google Chrome 34.0.1847.116  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avguard.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

I donated via paypal just now. 

 

Hopefully this solves everything.  Can I ask you a question before I go?  hint...I'm asking...lol

 

Do you recommend I add anything to my computer for extra security.  As I stated before, I know how to use a computer, but I don't really understand the computer.    Right now I have the free Malware, and free Avira.  Should I have more?

Link to post
Share on other sites

Do you recommend I add anything to my computer for extra security. As I stated before, I know how to use a computer, but I don't really understand the computer. Right now I have the free Malware, and free Avira. Should I have more?

Yes, you would need more than that for the best protection.
With todays malware you would need an anti-malware program with real-time protection (Malwarebytes Pro), an anti-virus program (Avira is fine, you can also use Avast or MSE). If you don't want to purchase Malwarebytes Pro, I would suggest using Microsoft Security Essentials....it actually covers both as best as possible.

After this post, I'll post My Preventive Maintenance for a complete tutorial on computer security. If you have any questions...please post back.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Java 7 Update 51 <----please update, should be Update 55

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------------------------------

Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Flash Player:
Check for an update if available
Downloads are at the top of the page. (don't install the McAfee toolbar)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

My Preventive Maintenance:  Now that the system is clean.

------------------------


Delete your system restore files and create a new restore point: (you may have already done this)


Create new system restore point for Vista and W7

Create new system restore point for Windows XP

Clear old system restore points except for the last one

------------------------

If you have used ComboFix and have the XP Recovery Console installed I suggest you keep it on your XP system.
Here's a Tweak so the computer boots up faster with it.
If you would like to uninstall the Recovery Console, please let me know and I'll give you instructions to do so.

-------------------

Install all critical Windows Updates:

Visit Windows Update and install all the lastest critical updates.

--------------------

Optional programs you may need:

Please note:  DON'T download and install any scanner listed on THIS LIST.
They're scanners that are blacklisted because of their questionable reputation.

Note: Please only install one anti-virus program, one firewall and one anti-malware program that provides real-time protection.

I see a lot of people leave Windows Defender enabled even though they have another anti-virus program installed and running on the system.
Having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.
How to Disable Defender
Dangers of running 2 anti-virus programs

A good security plan:

An anti-virus program, a firewall (For XP) - (Vista and Windows 7 firewalls are OK), an anti-malware program that provides realtime protection, keep the registry backed up (mainly for XP), and install the Windows XP Recovery Console.

What do I use and recommend: (I'm using XP pro)
Malwarebytes Anti-Malware Pro (provides realtime protection)
Microsoft Security Essentials (anti-virus)
PC Tools firewall (for XP)... (Vista and W7 firewalls are OK)
SpywareBlaster
Google Chrome
Keep the registry backed up
XP Recovery Console
WOT
OpenDNS
Malwarebytes Anti-Exploit
HitmanPro's CryptoGuard

Links below:

Anti-Virus (free):
Avast Free
AntiVir
Microsoft Security Essentials
Ad-Aware

Anti-malware with "real-time protection" (free):
Microsoft Security Essentials
Ad-Aware
SuperAntiSpyware Pro and Malwarebytes Pro Anti-Malware
will provide "real time protection" only if you purchase the upgraded version.

I highly recommend that you purchase MalwareBytes Anti-Malware, it's a one time fee, provides excellent protection and you won't regret it.          Read more HERE

Firewalls:
PC Tools Firewall Plus
Comodo Free Firewall w/anti-virus
ZoneAlarm*free

Free malware removal programs:
Malwarebytes' Anti-Malware
SUPERAntiSpyware (free edition)
Dr.Web CureIt!® Utility (Free)
VIPRE Rescue Program
Microsoft Security Essentials
SUPERAntiSpyware Portable Scanner
Free ESET Online Scanner
Microsoft Safety Scanner

Malwarebytes Anti-Exploit
It protects all major browsers (IE, Firefox, Chrome, Opera) and all browser components such as Java, Adobe Reader, Flash, and Shockwave. It blocks standard exploit kits like Blackhole, Sakura, Phoenix, Incognito without requiring signature updates.

HitmanPro's CryptoGuard is a universal solution against crypto ransomware. This type of ransomware encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files. Read more....

CryptoPrevent Tool
Protect Your Computer From CryptoLocker Ransomware
This malware will lock up your computer and hold it for ransom.....use the tool

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.  

SpywareBlaster Prevent the installation of spyware and other potentially unwanted software! Simple, effective, trusted.

Windows XP Recovery Console:
If a Windows XP-based computer does not start correctly or if it does not start at all, you may be able to use the Windows XP Recovery Console to help you recover the system software.
Recovery Console Tweak if you do have it installed

Back-up the registry: (everyday > important on XP)
ERUNT tutorial

Keep those temp files off your system:
CCleaner (free) (Stay away from the registry cleaner and any registry cleaner as they do no good!)
CCleaner tutorial

Sun Java:
Keep your Sun Java up-to-date  JRE Version **
Older versions are vulnerable to malware!
Delete ALL old versions from add/remove programs if listed first!
Most people have older versions installed on their system, once you get them cleared off > install the newest version and from then on all you have to do is go to Java in your control panel and click on update or just set Java to automatically check for updates.
Check HERE for all the information on the process.

Please consider using Foxit Reader instead of  Adobe Reader. Foxit Reader is less vulnerable to malware.

Latest versions of Java, Adobe Flash Player and Adobe Reader

Please consider using Google Chrome or FireFox  instead of Internet Explorer. They're more secure browsers!

Use OpenDNS, a very valuable feature that gives your PC the benefit of extra safety and increased browser speed.
OpenDNS – What is OpenDNS and Why You Absolutely Need It
Switching to a Better DNS Provider
Easy set-up Here
Confirm you're using OpenDNS

Install WOT (Web of Trust)
The WOT add-on shows you which websites you can trust based on millions of users' experiences.
Our safe surfing browser tool is easy-to-use, fast and completely free. Install it now!

Blocking Unwanted Parasites with a Hosts File "MVPS HOSTS"

Do Not Track Plus
Blocks tracking cookies

Removes those tracking cookies > Cookienator, run it once a week.

Panda USB and AutoRun Vaccine

All the tutorials you'll ever need

Useful information:

F.B. Purity - Clean Up and Customize Facebook

How to Avoid Toolbars, Unwanted Software and Other Installer Tricks

Reduce Online Fraud

Slow Computer - Check Here
and HERE

Is your hard drive running a well as it should?

Startuplite  provides a safe, easy, and efficient way to eliminate unnecessary applications that start when you turn on your computer.

Microsoft Fix it Center Fix those annoying Windows problems

How to Prevent the Online Invasion of Spyware and Adware

Miekiemoes Prevention Tips

Simple and easy ways to keep your computer safe and secure on the Internet

Three more sites to check: How did I get infected??
G2G
BleepingComputer
Tony Klein

Some of  My Tips:
Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful.
Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Don't download any  kind of Video Codec when prompted to while watching a movie...it's most likely malware.
Watch your surfing habits, don't click on or download anything you're not sure of.
Don't install a program that hasn't been recommended by a reputable organization.
Don't install toolbars.
If you suddenly get a pop-up or notice that you need to update a program > don't believe it > it may be malware attempting to gain access to your computer. If you what to check for an update , use the program itself > there should be an update tab or button to click on.

Peer-to-peer programs/cracks/keygens/warez warning:
Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way computers get infected.
They are a security risk which can make your computer susceptible to a variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

Malware Fighter:
If you would like to become a malware fighter, there are schools offering free training and you are welcome to sign up. (it's not easy though!)
WhatTheTech Classroom
BleepingComputer
Malware Removal University
GeeksToGo University
Also Check Here
----------------------


Good luck and thanks for using the forum -  MrC

Link to post
Share on other sites

What browsers are affected???

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

Next:


Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the Addition Box is checked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Momma [Admin rights]

Mode : Scan -- Date : 04/29/2014 21:36:55

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] Google+ Auto Backup.exe -- C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google+ Auto Backup ("C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3598458912-3011877256-316199506-1000\[...]\Run : Google+ Auto Backup ("C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\[...]\Run : Google+ Auto Backup ("C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [7]) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-1CH162 ATA Device +++++

--- User ---

[MBR] cfe1e2dcfd161b86dc9593e2efcaa021

[bSP] 165bf400cf8ba5de835eecf10aea5887 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 938614 MB

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1922488320 | Size: 15053 MB

3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1953316864 | Size: 100 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_04292014_213655.txt >>

 

 

 

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014

Ran by Momma (administrator) on PANDAMONIUM on 29-04-2014 21:38:57

Running from C:\Users\Momma\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Momma\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-15] (PDF Complete Inc)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3598458912-3011877256-316199506-1000\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

HKU\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {CF022B4C-9078-4592-A67C-EB6BAE829A2B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\staged [2014-04-28]

FF Extension: Check4Change - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\check4change-owner@mozdev.org.xpi [2014-02-24]

FF Extension: Random Agent Spoofer - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-02-24]

FF Extension: TinyURL Generator - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-02-24]

 

Chrome: 

=======



CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll No File

CHR Extension: (Google Docs) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]

CHR Extension: (Google Drive) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]

CHR Extension: (YouTube) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21]

CHR Extension: (Google Search) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21]

CHR Extension: (Google Wallet) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]

CHR Extension: (Gmail) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc)

R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.)

S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink)

 

==================== Drivers (Whitelisted) ====================

 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-29 21:38 - 2014-04-29 21:39 - 00013888 _____ () C:\Users\Momma\Downloads\FRST.txt

2014-04-29 21:38 - 2014-04-29 21:38 - 02061824 _____ (Farbar) C:\Users\Momma\Downloads\FRST64 (1).exe

2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt

2014-04-29 21:35 - 2014-04-29 21:35 - 00612992 _____ () C:\Users\Momma\Downloads\Setup.exe

2014-04-29 21:34 - 2014-04-29 21:38 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine

2014-04-29 21:33 - 2014-04-29 21:33 - 03972608 _____ () C:\Users\Momma\Downloads\RogueKiller (1).exe

2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:22 - 2014-04-28 11:24 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe

2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses

2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-28 11:17 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe

2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-28 11:15 - 2014-04-28 11:16 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java

2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle

2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip

2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe

2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe

2014-04-24 10:39 - 2014-04-24 10:40 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe

2014-04-24 09:08 - 2014-04-24 09:08 - 00018361 _____ () C:\ComboFix.txt

2014-04-24 09:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-24 09:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-24 09:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-24 08:35 - 2014-04-24 09:08 - 00000000 ____D () C:\Windows\erdnt

2014-04-24 08:35 - 2014-04-24 09:08 - 00000000 ____D () C:\Qoobox

2014-04-24 08:34 - 2014-04-24 09:01 - 05196870 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe

2014-04-24 08:31 - 2014-04-28 11:01 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-04-23 03:01 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-23 03:01 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-23 03:01 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-23 03:01 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-23 03:01 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-23 03:01 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-23 03:01 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-23 03:01 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-23 03:01 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-23 03:01 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-23 03:01 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-23 03:01 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-23 03:01 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-23 03:01 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-23 03:01 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-23 03:01 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-23 03:01 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-23 03:01 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-23 03:01 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-23 03:01 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-23 03:01 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-23 03:01 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-23 03:01 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-23 03:01 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-23 03:01 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-23 03:01 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-23 03:01 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-23 03:01 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-23 03:01 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-23 03:01 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-23 03:01 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-23 03:01 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-23 03:01 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-23 03:01 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-23 03:01 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-23 03:01 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-23 03:01 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-23 03:01 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-23 03:01 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-23 03:01 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-23 03:01 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-23 03:01 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-23 03:01 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-23 03:01 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-23 03:01 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-23 03:01 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-23 03:01 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-23 03:01 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-17 15:21 - 2014-04-24 08:34 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion

2014-04-16 07:16 - 2014-04-29 21:38 - 00000000 ____D () C:\FRST

2014-04-16 07:16 - 2014-04-18 14:26 - 00020646 _____ () C:\Users\Momma\Downloads\Addition.txt

2014-04-16 07:15 - 2014-04-24 08:34 - 02061824 _____ (Farbar) C:\Users\Momma\Downloads\FRST64.exe

2014-04-16 07:07 - 2014-04-24 16:55 - 00000000 ____D () C:\AdwCleaner

2014-04-16 07:07 - 2014-04-16 07:07 - 01426178 _____ () C:\Users\Momma\Downloads\AdwCleaner.exe

2014-04-15 09:08 - 2014-04-15 09:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-04-09 07:01 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 07:01 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 07:01 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 07:01 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 07:01 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 07:01 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 07:01 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 07:01 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 07:01 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 07:01 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 07:01 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 07:01 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 07:01 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 07:01 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 07:01 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 07:01 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 07:01 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-05 14:07 - 2014-04-05 14:07 - 04527616 _____ () C:\Users\Momma\Downloads\RogueKillerX64.exe

2014-04-04 16:34 - 2014-04-04 16:35 - 03972608 _____ () C:\Users\Momma\Downloads\RogueKiller.exe

2014-04-04 08:08 - 2014-04-04 08:08 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (4).exe

2014-04-04 08:07 - 2014-04-04 08:07 - 00688992 ____R (Swearware) C:\Users\Momma\Downloads\dds.scr

2014-04-04 08:06 - 2014-04-04 08:06 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (3).exe

2014-04-03 14:23 - 2014-04-03 14:23 - 02025816 _____ (Furst Person ) C:\Users\Momma\Downloads\ComputerRequirements.exe

2014-03-31 21:27 - 2014-04-29 21:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-31 21:27 - 2014-04-25 20:57 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-31 21:27 - 2014-04-25 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-03-31 21:27 - 2014-04-25 20:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-31 21:27 - 2014-04-03 10:47 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-31 21:27 - 2014-04-03 10:47 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-31 21:27 - 2014-04-03 10:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 21:27 - 2014-03-31 21:27 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (2).exe

2014-03-31 21:27 - 2014-03-31 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 21:25 - 2014-03-31 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 21:25 - 2014-03-31 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (1).exe

 

==================== One Month Modified Files and Folders =======

 

2014-04-29 21:39 - 2014-04-29 21:38 - 00013888 _____ () C:\Users\Momma\Downloads\FRST.txt

2014-04-29 21:38 - 2014-04-29 21:38 - 02061824 _____ (Farbar) C:\Users\Momma\Downloads\FRST64 (1).exe

2014-04-29 21:38 - 2014-04-29 21:34 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine

2014-04-29 21:38 - 2014-04-16 07:16 - 00000000 ____D () C:\FRST

2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt

2014-04-29 21:35 - 2014-04-29 21:35 - 00612992 _____ () C:\Users\Momma\Downloads\Setup.exe

2014-04-29 21:33 - 2014-04-29 21:33 - 03972608 _____ () C:\Users\Momma\Downloads\RogueKiller (1).exe

2014-04-29 21:33 - 2014-02-21 11:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5921F90-8BCB-4952-A404-05C8490B2F2E}

2014-04-29 21:32 - 2014-03-31 21:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-29 21:32 - 2014-02-21 11:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-29 21:32 - 2014-02-21 10:59 - 01815466 _____ () C:\Windows\WindowsUpdate.log

2014-04-29 17:23 - 2014-02-21 11:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-29 17:22 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-29 17:22 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-28 12:28 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Momma\AppData\Local\Adobe

2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:24 - 2014-04-28 11:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe

2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses

2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-28 11:17 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe

2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-28 11:16 - 2014-04-28 11:15 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-28 11:14 - 2009-07-14 00:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java

2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe

2014-04-28 11:09 - 2013-12-13 22:37 - 00000000 ____D () C:\ProgramData\PDFC

2014-04-28 11:08 - 2010-11-20 22:47 - 00942148 _____ () C:\Windows\PFRO.log

2014-04-28 11:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-28 11:08 - 2009-07-13 23:51 - 00034222 _____ () C:\Windows\setupact.log

2014-04-28 11:01 - 2014-04-24 08:31 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle

2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip

2014-04-27 20:55 - 2011-02-11 15:29 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-04-26 21:16 - 2014-02-21 11:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMomma

2014-04-26 21:16 - 2014-02-21 11:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForMomma.job

2014-04-26 12:06 - 2014-02-23 09:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-04-26 12:06 - 2014-02-23 09:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-04-25 20:57 - 2014-03-31 21:27 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 16:55 - 2014-04-16 07:07 - 00000000 ____D () C:\AdwCleaner

2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Cyberlink

2014-04-24 16:54 - 2013-12-13 22:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe

2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe

2014-04-24 10:40 - 2014-04-24 10:39 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe

2014-04-24 09:08 - 2014-04-24 09:08 - 00018361 _____ () C:\ComboFix.txt

2014-04-24 09:08 - 2014-04-24 08:35 - 00000000 ____D () C:\Windows\erdnt

2014-04-24 09:08 - 2014-04-24 08:35 - 00000000 ____D () C:\Qoobox

2014-04-24 09:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-04-24 09:07 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-04-24 09:01 - 2014-04-24 08:34 - 05196870 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe

2014-04-24 08:34 - 2014-04-17 15:21 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion

2014-04-24 08:34 - 2014-04-16 07:15 - 02061824 _____ (Farbar) C:\Users\Momma\Downloads\FRST64.exe

2014-04-23 13:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-04-23 03:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-04-18 14:26 - 2014-04-16 07:16 - 00020646 _____ () C:\Users\Momma\Downloads\Addition.txt

2014-04-17 12:37 - 2014-02-21 16:57 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk

2014-04-17 12:37 - 2014-02-21 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-04-17 12:37 - 2014-02-21 16:57 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-04-17 12:37 - 2013-12-13 22:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-16 07:07 - 2014-04-16 07:07 - 01426178 _____ () C:\Users\Momma\Downloads\AdwCleaner.exe

2014-04-15 09:08 - 2014-04-15 09:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-04-11 11:16 - 2014-02-23 10:11 - 00000000 ___HD () C:\Users\Momma\Downloads\.picasaoriginals

2014-04-11 11:16 - 2014-02-23 10:10 - 00000463 ____H () C:\Users\Momma\Downloads\.picasa.ini

2014-04-10 17:48 - 2014-02-21 11:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-04-10 07:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-05 14:07 - 2014-04-05 14:07 - 04527616 _____ () C:\Users\Momma\Downloads\RogueKillerX64.exe

2014-04-04 16:35 - 2014-04-04 16:34 - 03972608 _____ () C:\Users\Momma\Downloads\RogueKiller.exe

2014-04-04 08:08 - 2014-04-04 08:08 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (4).exe

2014-04-04 08:07 - 2014-04-04 08:07 - 00688992 ____R (Swearware) C:\Users\Momma\Downloads\dds.scr

2014-04-04 08:06 - 2014-04-04 08:06 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (3).exe

2014-04-03 14:23 - 2014-04-03 14:23 - 02025816 _____ (Furst Person ) C:\Users\Momma\Downloads\ComputerRequirements.exe

2014-04-03 10:47 - 2014-03-31 21:27 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 10:47 - 2014-03-31 21:27 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 10:47 - 2014-03-31 21:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 21:27 - 2014-03-31 21:27 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (2).exe

2014-03-31 21:27 - 2014-03-31 21:27 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 21:25 - 2014-03-31 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 21:25 - 2014-03-31 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam-setup-2.0.0.1000 (1).exe

 

Some content of TEMP:

====================

C:\Users\Momma\AppData\Local\Temp\avgnt.exe

C:\Users\Momma\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Momma\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-29 08:26

 

==================== End Of Log ============================

 

 


l scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014

Ran by Momma at 2014-04-29 21:39:15

Running from C:\Users\Momma\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{BE52A08B-D385-4E65-BDCB-3FCD9BB1DF63}) (Version: 20.14.2217.13144 - Alcor Micro Corp.)

Alcor Micro USB Card Reader Driver  (x32 Version: 20.14.2217.13144 - Alcor Micro Corp.) Hidden

Avira (HKLM-x32\...\{c13d72f9-bcdd-4c16-a942-7373a528171e}) (Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden

HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.12 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden

Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden

WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )

Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

10-04-2014 08:00:35 Windows Update

17-04-2014 20:09:25 Scheduled Checkpoint

23-04-2014 08:00:34 Windows Update

24-04-2014 21:50:55 Configured LabelPrint

28-04-2014 16:01:11 Removed Java 7 Update 51

28-04-2014 16:02:20 Removed Adobe Flash Player 11 ActiveX (x64).

28-04-2014 16:13:17 Installed Java 7 Update 55 (64-bit)

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2014-04-24 09:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05C0DFB8-55EE-4589-B1D3-D4674C23836F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {092977C2-C9A3-426A-B033-E0AA528D2826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {33070F93-3619-4DA9-95F7-B2E62C9526B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {8C3229E6-0C9E-4F0C-9CF2-66EB2B32EA15} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)

Task: {A07FEC64-4175-4B79-A1A4-E4D52CF0AC1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {A3CD8BEC-3B06-4DD4-82D6-C1020C9622F1} - System32\Tasks\HPCeeScheduleForMomma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {A69D3AA2-093A-4C5F-8E55-47DA5D71BB9A} - \HPCeeScheduleForPANDAMONIUM$ No Task File <==== ATTENTION

Task: {F2044FD2-4DA3-4BF3-978A-6DBE6F139FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMomma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-04-04 21:46 - 2012-04-04 21:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-12-13 22:32 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

2014-02-21 16:59 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2014-04-15 18:34 - 2014-04-15 18:34 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-04-15 18:33 - 2014-04-15 18:33 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

2014-04-24 16:57 - 2014-04-15 18:33 - 00049744 _____ () C:\Users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-04-10 17:47 - 2014-04-01 20:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

2014-04-10 17:47 - 2014-04-01 20:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

2014-04-10 17:47 - 2014-04-01 20:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

2014-04-10 17:47 - 2014-04-01 20:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

2014-04-10 17:47 - 2014-04-01 20:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

2014-04-10 17:47 - 2014-04-01 20:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Basic Wireless USB Adapter

Description: Basic Wireless USB Adapter

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13197

 

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13197

 

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12199

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12199

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11185

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11185

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:33 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10187

 

 

System errors:

=============

Error: (04/28/2014 11:09:23 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (04/27/2014 09:30:10 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (04/26/2014 09:16:27 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (04/25/2014 07:39:07 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (04/24/2014 05:52:34 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13197

 

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13197

 

Error: (04/29/2014 06:43:36 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12199

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12199

 

Error: (04/29/2014 06:43:35 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 11185

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 11185

 

Error: (04/29/2014 06:43:34 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/29/2014 06:43:33 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10187

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-24 09:05:33.296

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-24 09:05:33.265

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 35%

Total physical RAM: 3983.34 MB

Available physical RAM: 2585.88 MB

Total Pagefile: 7964.86 MB

Available Pagefile: 5755.04 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.62 GB) (Free:858.06 GB) NTFS

Drive e: (HP_RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 96059575)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

 

==================== End Of Log ============================


 

 

Link to post
Share on other sites

What browsers are affected??????

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-------------------------------

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

---------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.
 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
I am using mostly Chrome. I notice that my iphone is allowing some bs garbage at times too, not codec but redirecting of pages.

 

 

ComboFix 14-05-05.01 - Momma 05/05/2014  12:56:06.2.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3983.2419 [GMT -5:00]

Running from: c:\users\Momma\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-05 to 2014-05-05  )))))))))))))))))))))))))))))))

.

.

2014-05-05 17:59 . 2014-05-05 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-05-03 08:01 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll

2014-05-03 08:01 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-03 08:01 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-04-28 16:25 . 2014-04-28 16:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-28 16:25 . 2014-04-28 16:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-04-28 16:22 . 2014-04-28 16:22 -------- d-----w- c:\programdata\Licenses

2014-04-28 16:22 . 2014-04-28 16:24 -------- d-----w- c:\program files (x86)\SpywareBlaster

2014-04-28 16:17 . 2014-04-28 16:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2014-04-28 16:16 . 2014-04-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-04-28 16:13 . 2014-04-28 16:13 313256 ----a-w- c:\windows\system32\javaws.exe

2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\javaw.exe

2014-04-28 16:13 . 2014-04-28 16:13 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\java.exe

2014-04-28 16:13 . 2014-04-28 16:13 -------- d-----w- c:\program files\Java

2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\users\Momma\AppData\Roaming\Oracle

2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\windows\Sun

2014-04-24 21:58 . 2014-04-24 21:58 -------- d-----w- c:\windows\ERUNT

2014-04-24 21:55 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-04-24 13:31 . 2014-04-28 16:01 -------- d-----w- c:\windows\system32\appmgmt

2014-04-16 12:16 . 2014-04-30 02:39 -------- d-----w- C:\FRST

2014-04-16 12:07 . 2014-04-24 21:55 -------- d-----w- C:\AdwCleaner

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-05 18:21 . 2014-04-01 02:27 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-03 15:47 . 2014-04-01 02:27 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-03 15:47 . 2014-04-01 02:27 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-03 15:47 . 2014-04-01 02:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-04 09:17 . 2014-04-09 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-02-25 09:14 . 2014-02-25 09:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-02-25 09:14 . 2014-02-25 09:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-02-25 09:14 . 2014-02-25 09:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-02-25 09:14 . 2014-02-25 09:14 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-02-25 09:14 . 2014-02-25 09:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-02-25 09:14 . 2014-02-25 09:14 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-02-25 09:14 . 2014-02-25 09:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-02-25 09:14 . 2014-02-25 09:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-02-25 09:14 . 2014-02-25 09:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-02-25 09:14 . 2014-02-25 09:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-02-25 09:14 . 2014-02-25 09:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-02-25 09:14 . 2014-02-25 09:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-02-25 09:14 . 2014-02-25 09:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-02-25 09:14 . 2014-02-25 09:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-02-25 09:14 . 2014-02-25 09:14 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-02-25 09:14 . 2014-02-25 09:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-02-25 09:14 . 2014-02-25 09:14 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-02-25 09:14 . 2014-02-25 09:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-02-25 09:14 . 2014-02-25 09:14 247808 ----a-w- c:\windows\system32\msls31.dll

2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-02-25 09:14 . 2014-02-25 09:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-02-25 09:14 . 2014-02-25 09:14 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-02-25 09:14 . 2014-02-25 09:14 84992 ----a-w- c:\windows\system32\mshtmled.dll

2014-02-25 09:14 . 2014-02-25 09:14 81408 ----a-w- c:\windows\system32\icardie.dll

2014-02-25 09:14 . 2014-02-25 09:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-02-25 09:14 . 2014-02-25 09:14 413696 ----a-w- c:\windows\system32\html.iec

2014-02-25 09:14 . 2014-02-25 09:14 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-02-25 09:14 . 2014-02-25 09:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2014-02-25 09:14 . 2014-02-25 09:14 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-02-25 09:14 . 2014-02-25 09:14 235520 ----a-w- c:\windows\system32\url.dll

2014-02-25 09:14 . 2014-02-25 09:14 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-02-25 09:14 . 2014-02-25 09:14 143872 ----a-w- c:\windows\system32\wextract.exe

2014-02-25 09:14 . 2014-02-25 09:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-02-25 09:14 . 2014-02-25 09:14 101376 ----a-w- c:\windows\system32\inseng.dll

2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-02-25 09:14 . 2014-02-25 09:14 147968 ----a-w- c:\windows\system32\occache.dll

2014-02-25 09:14 . 2014-02-25 09:14 13824 ----a-w- c:\windows\system32\mshta.exe

2014-02-25 09:14 . 2014-02-25 09:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-02-25 09:14 . 2014-02-25 09:14 774144 ----a-w- c:\windows\system32\jscript.dll

2014-02-25 09:14 . 2014-02-25 09:14 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-02-25 09:14 . 2014-02-25 09:14 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-02-25 09:00 . 2014-02-25 09:00 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2014-02-14 17:00 . 2014-02-21 21:59 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2014-02-14 17:00 . 2014-02-21 21:59 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys

2014-02-14 17:00 . 2014-02-21 21:59 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2014-02-07 01:23 . 2014-03-12 01:05 3156480 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google+ Auto Backup"="c:\users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-10-16 684064]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-14 689744]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-16 182352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RalinkCountryRegion;RalinkCountryRegion;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe [x]

S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MBAMWEBACCESSCONTROL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-04-30 04:02 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]

.

2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]

.

2014-05-05 c:\windows\Tasks\HPCeeScheduleForMomma.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm



IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Ralink\Common\RaRegistry.exe

c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

.

**************************************************************************

.

Completion time: 2014-05-05  13:23:39 - machine was rebooted

ComboFix-quarantined-files.txt  2014-05-05 18:23

ComboFix2.txt  2014-04-24 14:08

.

Pre-Run: 920,746,860,544 bytes free

Post-Run: 920,299,872,256 bytes free

.

- - End Of File - - 284680CA808B42406298DD497D3E4296

A36C5E4F47E84449FF07ED3517B43A31

 

 



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-05-2014 01

Ran by Momma at 2014-05-05 13:32:50 Run:3

Running from C:\Users\Momma\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {CF022B4C-9078-4592-A67C-EB6BAE829A2B} URL = http://www.amazon.co...field-keywords={searchTerms}

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Extension: No Name - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\staged [2014-04-28]

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 

C:\Users\Momma\AppData\Local\Temp\avgnt.exe

C:\Users\Momma\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Momma\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

Task: {A69D3AA2-093A-4C5F-8E55-47DA5D71BB9A} - \HPCeeScheduleForPANDAMONIUM$ No Task File 

 

 

 

*****************

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF022B4C-9078-4592-A67C-EB6BAE829A2B} => Key deleted successfully.

HKCR\CLSID\{CF022B4C-9078-4592-A67C-EB6BAE829A2B} => Key not found.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\staged not found.

C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.

C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

"C:\Users\Momma\AppData\Local\Temp\avgnt.exe" => File/Directory not found.

"C:\Users\Momma\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.

"C:\Users\Momma\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A69D3AA2-093A-4C5F-8E55-47DA5D71BB9A} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69D3AA2-093A-4C5F-8E55-47DA5D71BB9A} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForPANDAMONIUM$ => Key deleted successfully.

 

==== End of Fixlog ====

 

 


Link to post
Share on other sites

It was actually acting okay for about 3-4 days.  Now, it's acting foolish again.  

 

I noticed that when I looked at spyware, a bunch of boxes were unchecked.  It said I could check mark any that I wanted protection against.  They all looked dodgy.   Does this matter?

Link to post
Share on other sites

I noticed that when I looked at spyware, a bunch of boxes were unchecked. It said I could check mark any that I wanted protection against. They all looked dodgy. Does this matter?

What does this mean?????

MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.