Jump to content

Malware, codec and linkbucks


Recommended Posts

Um, I'm not sure how to explain.  In spyware blaster on the first page, it says spyware protection blaster.  It shows internet explorer, mozilla, chrome, etc. , and to the right of them you can click the link to enable protection.  When I clicked on Chrome, there is a part to customize the block list.  There were a bunch of miscellaneous things I didn't recognize, examples are 100 Hot, 101 webstats, 123 count, active counter, adbrite.  Etc.  Some looked like porn names.  To the right of them it said type, and they are all labeled as cookies.  I checked all of them to be added to the block list.  

Link to post
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

something just popped up. Malwarebytes said it blocked imp.premiuminstaller.com.  And something called downloadoney tried to get me to download.  It also says its lightspark player pro.    In my downloads it says player-chrome.exe is trying to download.  

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 14-April-2014

Tool run by Momma on Sat 05/17/2014 at 10:48:16.25.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Momma\Downloads\zoek.exe [scan all users]  [Checkboxes used]

 

==== System Restore Info ======================

 

5/17/2014 10:49:30 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Reset Google Chrome ======================

 

C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on Sat 05/17/2014 at 10:49:38.59 ======================

 

 

this is what I got at the end....

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014

Ran by Momma at 2014-05-17 11:18:42

Running from C:\Users\Momma\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{BE52A08B-D385-4E65-BDCB-3FCD9BB1DF63}) (Version: 20.14.2217.13144 - Alcor Micro Corp.)

Alcor Micro USB Card Reader Driver  (x32 Version: 20.14.2217.13144 - Alcor Micro Corp.) Hidden

Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden

HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.12 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden

Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden

WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )

Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

03-05-2014 08:00:39 Windows Update

05-05-2014 17:55:23 ComboFix created restore point

07-05-2014 08:00:52 Windows Update

14-05-2014 13:30:47 Scheduled Checkpoint

15-05-2014 08:00:42 Windows Update

17-05-2014 15:49:15 zoek.exe restore point

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2014-05-05 12:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05C0DFB8-55EE-4589-B1D3-D4674C23836F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {092977C2-C9A3-426A-B033-E0AA528D2826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {0A40C6E2-1481-4961-8176-17DBA822CFAD} - System32\Tasks\HPCeeScheduleForMomma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {33070F93-3619-4DA9-95F7-B2E62C9526B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {8C3229E6-0C9E-4F0C-9CF2-66EB2B32EA15} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)

Task: {A07FEC64-4175-4B79-A1A4-E4D52CF0AC1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {F2044FD2-4DA3-4BF3-978A-6DBE6F139FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMomma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-04-04 21:46 - 2012-04-04 21:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-12-13 22:32 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

2014-02-21 16:59 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

2014-01-06 11:52 - 2014-01-06 11:52 - 03244032 _____ () C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll

2014-05-07 12:34 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Basic Wireless USB Adapter

Description: Basic Wireless USB Adapter

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5086

 

 

System errors:

=============

Error: (05/15/2014 10:34:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/15/2014 07:12:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/15/2014 03:21:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/11/2014 10:36:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/09/2014 07:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/08/2014 08:15:27 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

 

Error: (05/08/2014 06:55:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 00:01:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 00:01:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 03:19:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5086

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-05 12:59:06.079

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:06.051

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:06.022

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:05.993

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-24 09:05:33.296

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-24 09:05:33.265

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 63%

Total physical RAM: 3983.34 MB

Available physical RAM: 1438.91 MB

Total Pagefile: 7964.86 MB

Available Pagefile: 4554.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.62 GB) (Free:858.49 GB) NTFS

Drive e: (HP_RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 96059575)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

 

==================== End Of Log ============================

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014

Ran by Momma (administrator) on PANDAMONIUM on 17-05-2014 11:18:08

Running from C:\Users\Momma\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684064 2012-10-15] (PDF Complete Inc)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)

HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3598458912-3011877256-316199506-1000\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

HKU\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

HKU\S-1-5-21-3598458912-3011877256-316199506-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Google+ Auto Backup] => C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM13/19

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM13/19

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()

FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Check4Change - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\check4change-owner@mozdev.org.xpi [2014-02-24]

FF Extension: Random Agent Spoofer - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-02-24]

FF Extension: TinyURL Generator - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-02-24]

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]

CHR Extension: (Google Drive) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]

CHR Extension: (YouTube) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21]

CHR Extension: (Google Search) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21]

CHR Extension: (Google Wallet) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]

CHR Extension: (Gmail) - C:\Users\Momma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-14] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135136 2012-10-15] (PDF Complete Inc)

R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.)

S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink)

 

==================== Drivers (Whitelisted) ====================

 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-17 11:06 - 2014-05-17 11:06 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (2).exe

2014-05-17 10:58 - 2014-05-17 10:58 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (1).exe

2014-05-17 10:49 - 2014-05-17 10:49 - 00000829 _____ () C:\zoek-results.log

2014-05-17 10:48 - 2014-05-17 10:48 - 00000000 ____D () C:\zoek_backup

2014-05-17 10:47 - 2014-05-17 10:47 - 01285120 _____ () C:\Users\Momma\Downloads\zoek.exe

2014-05-16 17:09 - 2014-05-16 17:09 - 00220456 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome.exe

2014-05-15 03:02 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-15 03:02 - 2014-05-05 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-15 03:02 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-15 03:02 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-15 03:02 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-15 03:02 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 08:34 - 2014-05-09 01:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-14 08:34 - 2014-05-09 01:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-14 08:34 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 08:34 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 08:34 - 2014-04-11 21:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 08:34 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 08:34 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 08:34 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 08:34 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-14 08:34 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-05-14 08:34 - 2014-04-11 21:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-14 08:34 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 08:34 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-14 08:34 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 08:34 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 08:34 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 08:34 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 08:34 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 08:34 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-05-14 08:34 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-05-14 08:34 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll

2014-05-14 08:34 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-14 08:34 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-05-11 10:44 - 2014-05-11 10:43 - 00405910 _____ () C:\Users\Momma\Downloads\jewel0510.jpeg

2014-05-10 13:11 - 2014-05-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 03:18 - 2014-05-15 03:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-06 15:19 - 2014-05-06 10:28 - 00843566 _____ () C:\Users\Momma\Downloads\pepes recap.tiff

2014-05-05 13:55 - 2014-05-05 13:55 - 09005415 _____ () C:\Users\Momma\Downloads\2014-05-01.zip

2014-05-05 13:55 - 2014-05-05 13:55 - 00000000 ____D () C:\Users\Momma\AppData\Local\WinZip

2014-05-05 13:23 - 2014-05-05 13:23 - 00016220 _____ () C:\ComboFix.txt

2014-05-05 12:57 - 2014-05-05 12:58 - 00000000 ____D () C:\Users\Momma\Downloads\Demo and Promo paperwork

2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC.exe

2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC (1).exe

2014-05-01 07:45 - 2014-05-01 07:45 - 00028160 _____ () C:\Users\Momma\Downloads\WARRANTY REQUEST FORM.XLS

2014-04-29 21:38 - 2014-05-17 11:18 - 00013144 _____ () C:\Users\Momma\Downloads\FRST.txt

2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt

2014-04-29 21:34 - 2014-04-29 21:38 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine

2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:22 - 2014-05-15 22:19 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe

2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses

2014-04-28 11:17 - 2014-05-15 03:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe

2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-28 11:15 - 2014-04-28 11:16 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java

2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle

2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip

2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe

2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe

2014-04-24 10:39 - 2014-04-24 10:40 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe

2014-04-24 09:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-04-24 09:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-04-24 09:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-04-24 09:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-04-24 08:35 - 2014-05-05 13:23 - 00000000 ____D () C:\Qoobox

2014-04-24 08:35 - 2014-04-24 09:08 - 00000000 ____D () C:\Windows\erdnt

2014-04-24 08:34 - 2014-05-05 12:54 - 05199940 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe

2014-04-24 08:31 - 2014-04-28 11:01 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-04-23 03:01 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-04-23 03:01 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-23 03:01 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-04-23 03:01 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-04-23 03:01 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-23 03:01 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-23 03:01 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-23 03:01 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-04-23 03:01 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-04-23 03:01 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-04-23 03:01 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-04-23 03:01 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-04-23 03:01 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-23 03:01 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-04-23 03:01 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-23 03:01 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-04-23 03:01 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-23 03:01 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-04-23 03:01 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-04-23 03:01 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-23 03:01 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-23 03:01 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-23 03:01 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-23 03:01 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-23 03:01 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-04-23 03:01 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-04-23 03:01 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-04-23 03:01 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-04-23 03:01 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-04-23 03:01 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-23 03:01 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-04-23 03:01 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-04-23 03:01 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-23 03:01 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-04-23 03:01 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-23 03:01 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-23 03:01 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-04-23 03:01 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-23 03:01 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-23 03:01 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-23 03:01 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-04-23 03:01 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-04-23 03:01 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-23 03:01 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-17 15:21 - 2014-05-17 11:18 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion

 

==================== One Month Modified Files and Folders =======

 

2014-05-17 11:18 - 2014-04-29 21:38 - 00013144 _____ () C:\Users\Momma\Downloads\FRST.txt

2014-05-17 11:18 - 2014-04-17 15:21 - 00000000 ____D () C:\Users\Momma\Downloads\FRST-OlderVersion

2014-05-17 11:18 - 2014-04-16 07:16 - 00000000 ____D () C:\FRST

2014-05-17 11:18 - 2014-04-16 07:15 - 02067456 _____ (Farbar) C:\Users\Momma\Downloads\FRST64.exe

2014-05-17 11:07 - 2014-02-21 11:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-17 11:06 - 2014-05-17 11:06 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (2).exe

2014-05-17 10:58 - 2014-05-17 10:58 - 00223528 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome (1).exe

2014-05-17 10:49 - 2014-05-17 10:49 - 00000829 _____ () C:\zoek-results.log

2014-05-17 10:48 - 2014-05-17 10:48 - 00000000 ____D () C:\zoek_backup

2014-05-17 10:47 - 2014-05-17 10:47 - 01285120 _____ () C:\Users\Momma\Downloads\zoek.exe

2014-05-17 10:26 - 2014-02-21 11:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5921F90-8BCB-4952-A404-05C8490B2F2E}

2014-05-17 10:24 - 2014-02-23 09:58 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-17 10:23 - 2014-02-23 09:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-17 10:23 - 2014-02-21 10:59 - 01503631 _____ () C:\Windows\WindowsUpdate.log

2014-05-17 10:23 - 2013-12-13 22:37 - 00000000 ____D () C:\ProgramData\PDFC

2014-05-16 20:50 - 2014-03-31 21:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 18:28 - 2009-07-13 23:51 - 00035592 _____ () C:\Windows\setupact.log

2014-05-16 17:09 - 2014-05-16 17:09 - 00220456 _____ (Premium Installer ) C:\Users\Momma\Downloads\Player-Chrome.exe

2014-05-16 16:14 - 2014-02-21 11:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-16 09:11 - 2014-02-21 11:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMomma

2014-05-16 09:11 - 2014-02-21 11:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForMomma.job

2014-05-15 22:41 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-15 22:41 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-15 22:34 - 2010-11-20 22:47 - 00943668 _____ () C:\Windows\PFRO.log

2014-05-15 22:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-15 22:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI

2014-05-15 22:19 - 2014-04-28 11:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-05-15 14:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-05-15 08:10 - 2014-02-21 11:16 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-15 07:12 - 2014-02-21 11:04 - 00000000 ___RD () C:\Users\Momma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-15 07:12 - 2014-02-21 11:04 - 00000000 ___RD () C:\Users\Momma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-15 03:20 - 2014-04-28 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-15 03:19 - 2014-05-07 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-15 03:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-12 10:59 - 2014-02-21 16:57 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk

2014-05-12 10:59 - 2014-02-21 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-05-12 10:59 - 2014-02-21 16:57 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-05-12 10:59 - 2013-12-13 22:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-05-12 09:10 - 2014-02-21 11:00 - 00000000 ____D () C:\Users\Momma

2014-05-11 10:43 - 2014-05-11 10:44 - 00405910 _____ () C:\Users\Momma\Downloads\jewel0510.jpeg

2014-05-10 13:11 - 2014-05-10 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-09 13:02 - 2014-02-21 11:10 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-09 13:02 - 2014-02-21 11:10 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-09 01:14 - 2014-05-14 08:34 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 01:11 - 2014-05-14 08:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-06 10:28 - 2014-05-06 15:19 - 00843566 _____ () C:\Users\Momma\Downloads\pepes recap.tiff

2014-05-05 23:40 - 2014-05-15 03:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-05 23:17 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-05 22:25 - 2014-05-15 03:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-05 22:07 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-05 22:00 - 2014-05-15 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-05 21:10 - 2014-05-15 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-05 13:59 - 2014-02-23 10:10 - 00000762 ____H () C:\Users\Momma\Downloads\.picasa.ini

2014-05-05 13:55 - 2014-05-05 13:55 - 09005415 _____ () C:\Users\Momma\Downloads\2014-05-01.zip

2014-05-05 13:55 - 2014-05-05 13:55 - 00000000 ____D () C:\Users\Momma\AppData\Local\WinZip

2014-05-05 13:55 - 2013-12-13 22:37 - 00000000 ____D () C:\ProgramData\WinZip

2014-05-05 13:31 - 2014-04-16 07:16 - 00022635 _____ () C:\Users\Momma\Downloads\Addition.txt

2014-05-05 13:23 - 2014-05-05 13:23 - 00016220 _____ () C:\ComboFix.txt

2014-05-05 13:23 - 2014-04-24 08:35 - 00000000 ____D () C:\Qoobox

2014-05-05 13:21 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-05-05 12:58 - 2014-05-05 12:57 - 00000000 ____D () C:\Users\Momma\Downloads\Demo and Promo paperwork

2014-05-05 12:54 - 2014-04-24 08:34 - 05199940 ____R (Swearware) C:\Users\Momma\Downloads\ComboFix.exe

2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC.exe

2014-05-05 12:49 - 2014-05-05 12:49 - 00448512 _____ (OldTimer Tools) C:\Users\Momma\Downloads\TFC (1).exe

2014-05-01 07:45 - 2014-05-01 07:45 - 00028160 _____ () C:\Users\Momma\Downloads\WARRANTY REQUEST FORM.XLS

2014-04-29 21:38 - 2014-04-29 21:34 - 00000000 ____D () C:\Users\Momma\Desktop\RK_Quarantine

2014-04-29 21:36 - 2014-04-29 21:36 - 00002914 _____ () C:\Users\Momma\Desktop\RKreport[0]_S_04292014_213655.txt

2014-04-28 12:28 - 2014-02-24 09:18 - 00000000 ____D () C:\Users\Momma\AppData\Local\Adobe

2014-04-28 11:25 - 2014-04-28 11:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-28 11:25 - 2014-04-28 11:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:22 - 2014-04-28 11:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Momma\Downloads\spywareblastersetup50.exe

2014-04-28 11:22 - 2014-04-28 11:22 - 00001081 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-04-28 11:22 - 2014-04-28 11:22 - 00000000 ____D () C:\ProgramData\Licenses

2014-04-28 11:17 - 2014-04-28 11:17 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-04-28 11:17 - 2014-04-28 11:17 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00282880 _____ (Mozilla) C:\Users\Momma\Downloads\Firefox Setup Stub 28.0.exe

2014-04-28 11:16 - 2014-04-28 11:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-04-28 11:16 - 2014-04-28 11:16 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-04-28 11:16 - 2014-04-28 11:15 - 00000000 ____D () C:\ProgramData\Adobe

2014-04-28 11:14 - 2009-07-14 00:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-28 11:13 - 2014-04-28 11:13 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-04-28 11:13 - 2014-04-28 11:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-04-28 11:13 - 2014-04-28 11:13 - 00000000 ____D () C:\Program Files\Java

2014-04-28 11:12 - 2014-04-28 11:12 - 30818216 _____ (Oracle Corporation) C:\Users\Momma\Downloads\jre-7u55-windows-x64.exe

2014-04-28 11:01 - 2014-04-24 08:31 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Windows\Sun

2014-04-28 11:00 - 2014-04-28 11:00 - 00000000 ____D () C:\Users\Momma\AppData\Roaming\Oracle

2014-04-27 21:03 - 2014-04-27 21:03 - 01261518 _____ () C:\Users\Momma\Downloads\Photos.zip

2014-04-27 20:55 - 2011-02-11 15:29 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-04-25 20:57 - 2014-03-31 21:27 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-25 20:57 - 2014-03-31 21:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-25 20:56 - 2014-04-25 20:56 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Momma\Downloads\mbam_premium.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 01016261 _____ (Thisisu) C:\Users\Momma\Downloads\JRT.exe

2014-04-24 16:58 - 2014-04-24 16:58 - 00000000 ____D () C:\Windows\ERUNT

2014-04-24 16:55 - 2014-04-16 07:07 - 00000000 ____D () C:\AdwCleaner

2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools

2014-04-24 16:54 - 2013-12-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Cyberlink

2014-04-24 16:54 - 2013-12-13 22:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-24 12:04 - 2014-04-24 12:04 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck (1).exe

2014-04-24 12:03 - 2014-04-24 12:03 - 00854355 _____ () C:\Users\Momma\Downloads\SecurityCheck.exe

2014-04-24 10:40 - 2014-04-24 10:39 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Momma\Downloads\CatalinaSavingsPrinter.exe

2014-04-24 09:08 - 2014-04-24 08:35 - 00000000 ____D () C:\Windows\erdnt

2014-04-24 09:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

 

Some content of TEMP:

====================

C:\Users\Momma\AppData\Local\Temp\avgnt.exe

C:\Users\Momma\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe

[2014-05-14 08:34] - [2014-03-04 04:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

 

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-10 10:25

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last:

Update and run a scan with Malwarebytes.

MrC

Link to post
Share on other sites


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014

Ran by Momma at 2014-05-17 11:18:42

Running from C:\Users\Momma\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{5C804EBB-475F-4555-A225-1D6573F158BD}) (Version: 11.2.202.222 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{BE52A08B-D385-4E65-BDCB-3FCD9BB1DF63}) (Version: 20.14.2217.13144 - Alcor Micro Corp.)

Alcor Micro USB Card Reader Driver  (x32 Version: 20.14.2217.13144 - Alcor Micro Corp.) Hidden

Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)

Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden

HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)

Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.12 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6207 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden

Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)

Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden

WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )

Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

03-05-2014 08:00:39 Windows Update

05-05-2014 17:55:23 ComboFix created restore point

07-05-2014 08:00:52 Windows Update

14-05-2014 13:30:47 Scheduled Checkpoint

15-05-2014 08:00:42 Windows Update

17-05-2014 15:49:15 zoek.exe restore point

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2014-05-05 12:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05C0DFB8-55EE-4589-B1D3-D4674C23836F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {092977C2-C9A3-426A-B033-E0AA528D2826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {0A40C6E2-1481-4961-8176-17DBA822CFAD} - System32\Tasks\HPCeeScheduleForMomma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {33070F93-3619-4DA9-95F7-B2E62C9526B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)

Task: {8C3229E6-0C9E-4F0C-9CF2-66EB2B32EA15} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)

Task: {A07FEC64-4175-4B79-A1A4-E4D52CF0AC1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

Task: {F2044FD2-4DA3-4BF3-978A-6DBE6F139FC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMomma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-04-04 21:46 - 2012-04-04 21:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-12-13 22:32 - 2009-07-02 17:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe

2014-02-21 16:59 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

2014-01-06 11:52 - 2014-01-06 11:52 - 03244032 _____ () C:\Users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll

2014-05-07 12:34 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Momma\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

2014-05-15 08:09 - 2014-05-07 18:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Momma\Downloads\jewel0510.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\Momma\Downloads\pepes recap.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Basic Wireless USB Adapter

Description: Basic Wireless USB Adapter

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5086

 

 

System errors:

=============

Error: (05/15/2014 10:34:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/15/2014 07:12:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/15/2014 03:21:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/11/2014 10:36:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/09/2014 07:13:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

Error: (05/08/2014 08:15:27 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

 

Error: (05/08/2014 06:55:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 00:01:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 00:01:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (05/07/2014 03:19:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8097

 

Error: (05/16/2014 09:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7083

 

Error: (05/16/2014 09:13:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6084

 

Error: (05/16/2014 09:13:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/16/2014 09:13:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5086

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-05-05 12:59:06.079

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:06.051

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:06.022

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-05-05 12:59:05.993

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-24 09:05:33.296

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-04-24 09:05:33.265

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 63%

Total physical RAM: 3983.34 MB

Available physical RAM: 1438.91 MB

Total Pagefile: 7964.86 MB

Available Pagefile: 4554.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.62 GB) (Free:858.49 GB) NTFS

Drive e: (HP_RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 96059575)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

 

==================== End Of Log ============================

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014

Ran by Momma at 2014-05-18 19:15:03 Run:4

Running from C:\Users\Momma\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Extension: Random Agent Spoofer - C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi [2014-02-24]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 

*****************

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.

"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.

HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.

C:\Users\Momma\AppData\Roaming\Mozilla\Firefox\Profiles\gfqhdg5g.default\Extensions\jid1-AVgCeF1zoVzMjA@jetpack.xpi => Moved successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

 

==== End of Fixlog ====


 

 


 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x64

Ran by Momma on Mon 05/19/2014 at 11:07:12.94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Momma\AppData\Roaming\mozilla\firefox\profiles\gfqhdg5g.default\minidumps [1 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 05/19/2014 at 11:10:44.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/19/2014

Scan Time: 11:19:50 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.19.08

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Momma

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 261183

Time Elapsed: 6 min, 3 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 2

PUP.Optional.OptimumInstaller.A, C:\Users\Momma\Downloads\Player-Chrome (1).exe, , [76cee172d4a7d363b1ce8ebf53ae768a], 

PUP.Optional.OptimumInstaller.A, C:\Users\Momma\Downloads\Player-Chrome (2).exe, , [083ce66df7840630f58ac6877c852fd1], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Did you run ComboFix???

 

For Chrome...........

First make sure you have the latest version of Chrome:

Open up Chrome > Click on the 3 bars in the upper right hand corner

Click on About Google Chrome

If there's an update available it will automatically update

Next:

Go to Tools > Clear Browser Data

Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
Click "Clear Browsing Data"

-------------------------------

Next:

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------

MrC

Link to post
Share on other sites

I did run combo fix. 

 

Chrome is up to date

 

Google is my default search engine.  There are no suspicious ones.  

 

no unfamiliar pages, or any pages for that matter, under start up

 

did the home button thing.

 

 

 

What is wrong with this stupid computer?    I'm about to let the junkyard magnet take it!!!!

Link to post
Share on other sites

I ran it again because I couldn't find the log from the last time. 

 

 

 

ComboFix 14-05-19.01 - Momma 05/22/2014   9:44.4.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3983.2507 [GMT -5:00]

Running from: c:\users\Momma\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-22 to 2014-05-22  )))))))))))))))))))))))))))))))

.

.

2014-05-22 14:48 . 2014-05-22 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-05-22 14:38 . 2014-05-22 14:38 -------- d-----w- c:\users\Momma\AppData\Roaming\AVAST Software

2014-05-22 14:37 . 2014-05-22 14:38 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-05-22 14:37 . 2014-05-22 14:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-05-22 14:37 . 2014-05-22 14:38 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-05-22 14:37 . 2014-05-22 14:38 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys

2014-05-22 14:37 . 2014-05-22 14:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-05-22 14:37 . 2014-05-22 14:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-05-22 14:37 . 2014-05-22 14:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-05-22 14:37 . 2014-05-22 14:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-05-22 14:37 . 2014-05-22 14:37 334648 ----a-w- c:\windows\system32\aswBoot.exe

2014-05-22 14:37 . 2014-05-22 14:37 43152 ----a-w- c:\windows\avastSS.scr

2014-05-22 14:37 . 2014-05-22 14:37 -------- d-----w- c:\program files\AVAST Software

2014-05-22 14:36 . 2014-05-22 14:36 -------- d-----w- c:\programdata\AVAST Software

2014-05-19 16:06 . 2014-05-19 16:07 -------- d-----w- c:\windows\system32\MRT

2014-05-17 15:48 . 2014-05-17 15:48 -------- d-----w- C:\zoek_backup

2014-05-15 08:02 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll

2014-05-15 08:02 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll

2014-05-15 08:02 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-15 08:02 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-05-07 08:18 . 2014-05-15 08:19 -------- d-s---w- c:\windows\system32\CompatTel

2014-05-05 18:55 . 2014-05-05 18:55 -------- d-----w- c:\users\Momma\AppData\Local\WinZip

2014-04-28 16:25 . 2014-04-28 16:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-28 16:25 . 2014-04-28 16:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-04-28 16:22 . 2014-04-28 16:22 -------- d-----w- c:\programdata\Licenses

2014-04-28 16:22 . 2014-05-16 03:19 -------- d-----w- c:\program files (x86)\SpywareBlaster

2014-04-28 16:16 . 2014-04-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-04-28 16:13 . 2014-04-28 16:13 313256 ----a-w- c:\windows\system32\javaws.exe

2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\javaw.exe

2014-04-28 16:13 . 2014-04-28 16:13 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2014-04-28 16:13 . 2014-04-28 16:13 189352 ----a-w- c:\windows\system32\java.exe

2014-04-28 16:13 . 2014-04-28 16:13 -------- d-----w- c:\program files\Java

2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\users\Momma\AppData\Roaming\Oracle

2014-04-28 16:00 . 2014-04-28 16:00 -------- d-----w- c:\windows\Sun

2014-04-24 21:58 . 2014-04-24 21:58 -------- d-----w- c:\windows\ERUNT

2014-04-24 21:55 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-04-24 13:31 . 2014-04-28 16:01 -------- d-----w- c:\windows\system32\appmgmt

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-22 14:35 . 2014-04-01 02:27 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-04-03 15:47 . 2014-04-01 02:27 63192 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-04-03 15:47 . 2014-04-01 02:27 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-04-03 15:47 . 2014-04-01 02:27 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-04 09:44 . 2014-04-09 12:01 362496 ----a-w- c:\windows\system32\wow64win.dll

2014-03-04 09:44 . 2014-04-09 12:01 243712 ----a-w- c:\windows\system32\wow64.dll

2014-03-04 09:44 . 2014-04-09 12:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2014-03-04 09:44 . 2014-04-09 12:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2014-03-04 09:44 . 2014-04-09 12:01 1163264 ----a-w- c:\windows\system32\kernel32.dll

2014-03-04 09:17 . 2014-04-09 12:01 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2014-03-04 09:17 . 2014-04-09 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-03-04 09:16 . 2014-04-09 12:01 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2014-03-04 09:16 . 2014-04-09 12:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2014-03-04 08:09 . 2014-04-09 12:01 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2014-03-04 08:09 . 2014-04-09 12:01 2048 ----a-w- c:\windows\SysWow64\user.exe

2014-02-25 09:14 . 2014-02-25 09:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-02-25 09:14 . 2014-02-25 09:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-02-25 09:14 . 2014-02-25 09:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-02-25 09:14 . 2014-02-25 09:14 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-02-25 09:14 . 2014-02-25 09:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-02-25 09:14 . 2014-02-25 09:14 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-02-25 09:14 . 2014-02-25 09:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-02-25 09:14 . 2014-02-25 09:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-02-25 09:14 . 2014-02-25 09:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-02-25 09:14 . 2014-02-25 09:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-02-25 09:14 . 2014-02-25 09:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-02-25 09:14 . 2014-02-25 09:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-02-25 09:14 . 2014-02-25 09:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-02-25 09:14 . 2014-02-25 09:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-02-25 09:14 . 2014-02-25 09:14 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-02-25 09:14 . 2014-02-25 09:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-02-25 09:14 . 2014-02-25 09:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-02-25 09:14 . 2014-02-25 09:14 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-02-25 09:14 . 2014-02-25 09:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-02-25 09:14 . 2014-02-25 09:14 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-02-25 09:14 . 2014-02-25 09:14 247808 ----a-w- c:\windows\system32\msls31.dll

2014-02-25 09:14 . 2014-02-25 09:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-02-25 09:14 . 2014-02-25 09:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-02-25 09:14 . 2014-02-25 09:14 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-02-25 09:14 . 2014-02-25 09:14 81408 ----a-w- c:\windows\system32\icardie.dll

2014-02-25 09:14 . 2014-02-25 09:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-02-25 09:14 . 2014-02-25 09:14 413696 ----a-w- c:\windows\system32\html.iec

2014-02-25 09:14 . 2014-02-25 09:14 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-02-25 09:14 . 2014-02-25 09:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2014-02-25 09:14 . 2014-02-25 09:14 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-02-25 09:14 . 2014-02-25 09:14 235520 ----a-w- c:\windows\system32\url.dll

2014-02-25 09:14 . 2014-02-25 09:14 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-02-25 09:14 . 2014-02-25 09:14 143872 ----a-w- c:\windows\system32\wextract.exe

2014-02-25 09:14 . 2014-02-25 09:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-02-25 09:14 . 2014-02-25 09:14 101376 ----a-w- c:\windows\system32\inseng.dll

2014-02-25 09:14 . 2014-02-25 09:14 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-02-25 09:14 . 2014-02-25 09:14 147968 ----a-w- c:\windows\system32\occache.dll

2014-02-25 09:14 . 2014-02-25 09:14 13824 ----a-w- c:\windows\system32\mshta.exe

2014-02-25 09:14 . 2014-02-25 09:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-02-25 09:14 . 2014-02-25 09:14 774144 ----a-w- c:\windows\system32\jscript.dll

2014-02-25 09:14 . 2014-02-25 09:14 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-02-25 09:14 . 2014-02-25 09:14 135680 ----a-w- c:\windows\system32\iepeers.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google+ Auto Backup"="c:\users\Momma\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-10-16 684064]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-22 3873704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RalinkCountryRegion;RalinkCountryRegion;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe;c:\program files (x86)\Ralink\Common\RaCountryRegion.exe [x]

S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]

S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]

S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWHWID

*NewlyCreated* - ASWMONFLT

*NewlyCreated* - ASWRDR

*NewlyCreated* - ASWSNX

*NewlyCreated* - ASWSTM

*NewlyCreated* - ASWVMM

*NewlyCreated* - GSLHPYVO

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - MBAMWebAccessControl

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-21 20:28 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]

.

2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21 16:10]

.

2014-05-20 c:\windows\Tasks\HPCeeScheduleForMomma.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-05-22 14:37 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-05-22  09:49:27

ComboFix-quarantined-files.txt  2014-05-22 14:49

ComboFix2.txt  2014-05-19 00:31

ComboFix3.txt  2014-05-05 18:23

ComboFix4.txt  2014-04-24 14:08

.

Pre-Run: 920,716,259,328 bytes free

Post-Run: 920,671,006,720 bytes free

.

- - End Of File - - 657076D2809CA68B3A66D9DA745553FC

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.