Jump to content

Windows Explorer has stopped working - black screen

07abd

By 07abd
in Resolved Malware Removal Logs

 Share

Recommended Posts

07abd

07abd

Posted
Posted

Hi,

 

Thanks in advance for any help you can provide.

 

My older (2008?) Toshiba running on Windows Vista Home Edition restarted out of nowhere yesterday (it acted like it was shutting down/restarting properly, but I did not initiate it) while I was working on it, and when it rebooted and I logged in, I then received an error that Windows Exlorer has stopped working, and the screen is black.  I cannot see my desktop, icons, taskbar, etc.  I have only been able to run things from the Task Manager, which I open with Ctrl+Alt+Del.  I could see my icons and the taskbar, Start menu, etc. in safe mode.

 

I since downloaded AVG (my McAfee had recently expired, but I use this computer infrequently) and ran that, as well as Malwarebytes.  I also ran Ad-Aware which I already had on my PC.  All of them found problems during some scans, but after restarting and running them additional times, they are not currently finding problems.  I tried System Restore to two different restore points, as well.  It says the restores were successful, but the Windows Explorer problem did not go away.  I also tried to remove my old McAfee and replaced an old version of Java.

 

I saw someone else on this forum had had this problem in the past and was able to get it solved, so I hope the same can be done in this case! 

 

The log from the FRST scan is copied below and the Addition log is attached.

 

Thank you -

Alison

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014
Ran by Alison (administrator) on ALISON-PC on 29-04-2014 18:12:36
Running from C:\Users\Alison\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
( ) C:\Windows\system32\lxeacoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() c:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxeamon.exe] => C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe [770728 2010-05-05] ()
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [iTSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark S300-S400 Series\ezprint.exe [148280 2010-05-05] ()
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2009-04-10] (Chicony)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-04-14] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [sVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-23] (TOSHIBA)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [430080 2008-07-04] (TOSHIBA)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-12-28] (Google Inc.)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [Google Update] => C:\Users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-09-20] (Google Inc.)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [spotify Web Helper] => C:\Users\Alison\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-20] (Spotify Ltd)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\RunOnce: [shockwave Updater] - C:\Windows\System32\Adobe\Shockwave 12\SwHelper_1211151.exe [1308360 2014-04-15] (Adobe Systems, Inc.)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\MountPoints2: {3e2c434a-8f7d-11df-b4a4-001eec35098a} - G:\PMBP_Win.exe
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\MountPoints2: {7dbc2d21-6295-11dd-b051-001eec35098a} - F:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [143360 2008-02-18] (Google)
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM - DefaultScope {9F5FABF6-B0DE-4FA0-8DB2-9ACA7C6179CD} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM - {9F5FABF6-B0DE-4FA0-8DB2-9ACA7C6179CD} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131013124331.dll (McAfee, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.18/uploader2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.159.64.23 24.247.24.53

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nbc.com/DirectPlayer - C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Alison\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Alison\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2011-01-12]

Chrome:
=======
CHR HomePage: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2
CHR StartupUrls: "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2"
CHR Extension: (Google Docs) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-15]
CHR Extension: (Google Drive) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-15]
CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-15]
CHR Extension: (Google Search) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-15]
CHR Extension: (Pin It Button) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-04-15]
CHR Extension: (Google Wallet) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-15]
CHR Extension: (Gmail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-15]
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-04-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [559120 2014-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-18] (Google)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-01-07] ( )
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-14] (AVG Secure Search)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

R1 ATMhelpr; C:\Windows\system32\Drivers\ATMhelpr.sys [4064 1997-06-17] (Adobe Systems Incorporated)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-14] (AVG Technologies)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-15] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-06-10] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2010-02-17] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-11-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26888 2009-05-26] ()
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-29 18:12 - 2014-04-29 18:13 - 00023396 _____ () C:\Users\Alison\Desktop\FRST.txt
2014-04-29 18:12 - 2014-04-29 18:12 - 00000000 ____D () C:\FRST
2014-04-29 18:11 - 2014-04-29 18:12 - 01049600 _____ (Farbar) C:\Users\Alison\Desktop\FRST.exe
2014-04-29 17:31 - 2014-04-29 17:31 - 00001635 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 17:31 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 17:30 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 17:30 - 2014-04-29 17:31 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 17:30 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-29 17:16 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-29 16:55 - 2014-04-29 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-29 16:49 - 2014-04-29 16:49 - 00000807 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-04-29 16:48 - 2014-04-29 16:49 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 16:47 - 2014-04-29 16:49 - 00000000 ____D () C:\Users\Alison\AppData\Local\AvgSetupLog
2014-04-29 16:47 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg
2014-04-29 15:24 - 2014-04-29 15:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:23 - 2014-04-29 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 15:23 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 15:23 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 15:23 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 14:33 - 2014-04-29 15:33 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-04-29 11:19 - 2014-04-29 11:19 - 04981160 _____ (Adobe Systems Inc.) C:\Users\Alison\Downloads\Shockwave_Installer_Slim.exe
2014-04-29 11:08 - 2014-04-29 11:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-29 11:06 - 2014-04-29 11:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 10:59 - 2014-04-29 11:11 - 00000680 _____ () C:\Users\Alison\AppData\Local\d3d9caps.dat
2014-04-28 22:33 - 2014-04-28 22:33 - 00008618 _____ () C:\Users\Alison\Desktop\4-28-2-custom-OTL.Txt
2014-04-28 22:12 - 2014-04-28 22:12 - 00047854 _____ () C:\Users\Alison\Desktop\4-28-1-Extras.Txt
2014-04-28 22:08 - 2014-04-28 22:08 - 00100156 _____ () C:\Users\Alison\Desktop\4-28-1-OTL.Txt
2014-04-28 22:06 - 2014-04-28 22:06 - 00047854 _____ () C:\Users\Alison\Desktop\Extras.Txt
2014-04-28 21:58 - 2014-04-28 22:32 - 00008618 _____ () C:\Users\Alison\Desktop\OTL.Txt
2014-04-28 19:18 - 2014-04-29 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-28 19:18 - 2014-04-28 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 16:25 - 2014-04-28 16:25 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\AVG2014
2014-04-28 16:24 - 2014-04-28 16:24 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\TuneUp Software
2014-04-28 16:21 - 2014-04-29 16:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ___HD () C:\$AVG
2014-04-28 16:20 - 2014-04-29 16:49 - 00000000 ____D () C:\Program Files\AVG
2014-04-28 16:16 - 2014-04-29 17:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-28 16:16 - 2014-04-28 16:28 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg2014
2014-04-28 16:16 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\MFAData
2014-04-28 11:26 - 2014-04-28 14:40 - 00064512 _____ () C:\Users\Alison\Desktop\bundle-zip_PAI_Metadata.xls
2014-04-27 14:51 - 2014-04-27 14:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search(202)
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-17 18:44 - 2014-04-17 18:44 - 00029184 _____ () C:\Users\Alison\Downloads\Hourlypaytemplate_2014_ADavies.xls
2014-04-15 13:56 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-15 13:56 - 2014-04-15 13:56 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-15 13:46 - 2014-04-29 10:46 - 00000000 ____D () C:\Users\Alison\AppData\Local\Skype
2014-04-15 13:45 - 2014-04-29 10:46 - 00000000 ___RD () C:\Program Files\Skype
2014-04-15 13:45 - 2014-04-29 10:46 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-15 13:44 - 2014-04-29 10:45 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 03:33 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-15 03:33 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 03:33 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 03:33 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 03:33 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 03:33 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 03:33 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-15 03:33 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 03:33 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-15 03:33 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 03:33 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 03:33 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 03:33 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 03:33 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-15 03:33 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-15 03:33 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 12:37 - 2014-04-25 20:10 - 00000000 ____D () C:\Users\Alison\Desktop\TFAll
2014-04-14 11:33 - 2014-02-07 06:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-14 11:33 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-14 11:33 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-14 11:32 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-14 11:31 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-14 11:28 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-14 10:26 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Alison\AppData\Local\AVG Secure Search
2014-04-14 10:03 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-14 10:02 - 2014-04-29 10:47 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys

==================== One Month Modified Files and Folders =======

2014-04-29 18:14 - 2013-06-10 16:14 - 00000290 _____ () C:\Windows\Tasks\DSite.job
2014-04-29 18:13 - 2014-04-29 18:12 - 00023396 _____ () C:\Users\Alison\Desktop\FRST.txt
2014-04-29 18:13 - 2008-04-07 11:21 - 01070570 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 18:12 - 2014-04-29 18:12 - 00000000 ____D () C:\FRST
2014-04-29 18:12 - 2014-04-29 18:11 - 01049600 _____ (Farbar) C:\Users\Alison\Desktop\FRST.exe
2014-04-29 17:57 - 2014-04-28 16:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-29 17:53 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-29 17:48 - 2010-11-22 20:54 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-29 17:47 - 2010-04-14 04:11 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 17:47 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 17:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 17:40 - 2006-11-02 09:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 17:35 - 2010-04-14 04:11 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 17:35 - 2009-09-20 11:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000UA.job
2014-04-29 17:33 - 2013-06-09 14:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 17:31 - 2014-04-29 17:31 - 00001635 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 17:31 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 17:31 - 2014-04-29 17:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 17:31 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 17:30 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 17:30 - 2008-07-04 23:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 17:22 - 2008-06-29 15:35 - 00000000 ____D () C:\Users\Alison
2014-04-29 17:20 - 2008-07-04 23:08 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-29 17:17 - 2014-04-29 17:16 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-29 16:55 - 2014-04-29 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-29 16:53 - 2014-04-28 16:21 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-29 16:49 - 2014-04-29 16:49 - 00000807 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-04-29 16:49 - 2014-04-29 16:48 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 16:49 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\AvgSetupLog
2014-04-29 16:49 - 2014-04-28 16:20 - 00000000 ____D () C:\Program Files\AVG
2014-04-29 16:47 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg
2014-04-29 16:30 - 2013-09-15 14:20 - 00001708 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-29 15:58 - 2014-04-29 15:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:33 - 2014-04-29 14:33 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-04-29 15:33 - 2013-06-09 14:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 15:33 - 2011-07-29 13:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 15:23 - 2014-04-29 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 15:23 - 2014-04-28 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 14:26 - 2008-12-31 22:05 - 00000410 _____ () C:\Windows\brwmark.ini
2014-04-29 14:24 - 2010-04-05 23:29 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-04-29 14:24 - 2008-06-29 16:34 - 00000000 ____D () C:\Program Files\McAfee
2014-04-29 14:24 - 2008-06-29 16:33 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-29 14:23 - 2013-09-13 18:03 - 00092262 _____ () C:\Windows\PFRO.log
2014-04-29 11:19 - 2014-04-29 11:19 - 04981160 _____ (Adobe Systems Inc.) C:\Users\Alison\Downloads\Shockwave_Installer_Slim.exe
2014-04-29 11:19 - 2009-03-15 11:03 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-29 11:15 - 2008-06-29 15:35 - 00000000 ____D () C:\Users\Alison\AppData\Local\Google
2014-04-29 11:11 - 2014-04-29 10:59 - 00000680 _____ () C:\Users\Alison\AppData\Local\d3d9caps.dat
2014-04-29 11:08 - 2014-04-29 11:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-29 11:07 - 2014-04-29 11:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 10:52 - 2013-09-15 14:20 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2014-04-29 10:51 - 2006-11-02 06:22 - 54525952 _____ () C:\Windows\system32\config\software_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 35651584 _____ () C:\Windows\system32\config\components_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 25427968 _____ () C:\Windows\system32\config\system_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-29 10:47 - 2014-04-15 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-29 10:47 - 2014-04-14 10:03 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-29 10:47 - 2014-04-14 10:02 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-04-29 10:47 - 2013-09-15 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-04-29 10:47 - 2013-06-10 16:15 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Zip Opener Packages
2014-04-29 10:47 - 2013-06-10 16:15 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-04-29 10:47 - 2013-06-03 12:45 - 00000000 ____D () C:\Program Files\LastPass
2014-04-29 10:47 - 2011-10-24 12:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 10:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-29 10:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-29 10:46 - 2014-04-15 13:46 - 00000000 ____D () C:\Users\Alison\AppData\Local\Skype
2014-04-29 10:46 - 2014-04-15 13:45 - 00000000 ___RD () C:\Program Files\Skype
2014-04-29 10:46 - 2014-04-15 13:45 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Skype
2014-04-29 10:46 - 2013-09-12 21:15 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\GlarySoft
2014-04-29 10:46 - 2013-09-12 14:25 - 00000000 ____D () C:\AI_CS2_IE_NonRet
2014-04-29 10:46 - 2013-09-11 19:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe Systems Shared
2014-04-29 10:46 - 2013-09-11 15:17 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-04-29 10:46 - 2013-06-28 19:20 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-29 10:46 - 2013-06-04 15:37 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Spotify
2014-04-29 10:46 - 2010-12-07 21:41 - 00000000 ____D () C:\Program Files\Lexmark Toolbar
2014-04-29 10:46 - 2010-12-07 21:41 - 00000000 ____D () C:\Program Files\Lexmark
2014-04-29 10:46 - 2010-12-07 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2014-04-29 10:46 - 2010-12-07 21:28 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-04-29 10:46 - 2010-11-13 15:03 - 00000000 ____D () C:\ProgramData\Lexmark S300-S400 Series
2014-04-29 10:46 - 2010-10-09 12:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-29 10:46 - 2010-10-03 13:13 - 00000000 ____D () C:\Program Files\Lexmark Printable Web
2014-04-29 10:46 - 2008-06-29 19:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-29 10:46 - 2008-02-18 23:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-29 10:46 - 2008-02-18 23:02 - 00000000 ____D () C:\Program Files\Adobe
2014-04-29 10:46 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\twain_32
2014-04-29 10:46 - 2006-11-02 07:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:46 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-04-29 10:46 - 2005-01-02 02:49 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-29 10:45 - 2014-04-15 13:44 - 00000000 ____D () C:\ProgramData\Skype
2014-04-29 10:45 - 2013-09-15 14:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-29 10:45 - 2013-09-13 13:36 - 00000000 ____D () C:\Users\Alison\AppData\Local\Seven Zip
2014-04-29 10:45 - 2013-06-28 14:33 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-29 10:45 - 2013-06-10 16:15 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-04-29 10:45 - 2011-07-29 13:39 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Program Files\Shutterfly
2014-04-29 10:45 - 2010-08-06 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson
2014-04-29 10:45 - 2010-08-06 14:02 - 00000000 ____D () C:\Program Files\ABBYY FineReader 6.0 Sprint
2014-04-29 10:45 - 2010-08-06 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
2014-04-29 10:45 - 2010-08-06 13:56 - 00000000 ____D () C:\Program Files\epson
2014-04-29 10:45 - 2010-05-27 13:57 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Microsoft Corporation
2014-04-29 10:45 - 2010-04-14 22:07 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-29 10:45 - 2010-04-14 22:07 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-29 10:45 - 2010-02-24 15:25 - 00000000 ____D () C:\Program Files\DIFX
2014-04-29 10:45 - 2010-02-14 02:55 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Mozilla
2014-04-29 10:45 - 2010-02-02 01:49 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\McAfee
2014-04-29 10:45 - 2009-11-27 21:49 - 00000000 ____D () C:\ProgramData\Real
2014-04-29 10:45 - 2009-10-16 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-29 10:45 - 2009-10-16 23:19 - 00000000 ____D () C:\Program Files\Acro Software
2014-04-29 10:45 - 2009-09-18 13:00 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-04-29 10:45 - 2009-07-23 00:14 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Sprint
2014-04-29 10:45 - 2009-05-30 14:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-29 10:45 - 2008-11-08 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-04-29 10:45 - 2008-11-08 22:10 - 00000000 ____D () C:\Program Files\VSO
2014-04-29 10:45 - 2008-09-02 21:44 - 00000000 ____D () C:\Users\Public\Downloads\Floppy Disk Folder
2014-04-29 10:45 - 2008-09-02 21:44 - 00000000 ____D () C:\Users\Public\Downloads\EGP Manual
2014-04-29 10:45 - 2008-08-26 20:33 - 00000000 ____D () C:\Program Files\Western Digital Technologies
2014-04-29 10:45 - 2008-07-05 19:23 - 00000000 ____D () C:\Users\Alison\AppData\Local\Microsoft Games
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\Program Files\PhotoDeluxe HE 3.0
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\KPCMS
2014-04-29 10:45 - 2008-07-02 15:46 - 00000000 ____D () C:\Users\Public\Downloads\Eudora
2014-04-29 10:45 - 2008-07-02 15:21 - 00000000 ____D () C:\Program Files\Qualcomm
2014-04-29 10:45 - 2008-06-29 19:21 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-04-29 10:45 - 2008-06-29 17:45 - 00000000 ____D () C:\Program Files\Common Files\L&H
2014-04-29 10:45 - 2008-06-29 17:44 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-04-29 10:45 - 2008-06-29 17:24 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 10:45 - 2008-06-29 15:43 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Adobe
2014-04-29 10:45 - 2008-04-07 11:50 - 00000000 ____D () C:\Program Files\Camera Assistant Software for Toshiba
2014-04-29 10:45 - 2008-04-07 11:49 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 10:45 - 2008-04-07 11:43 - 00000000 ____D () C:\Program Files\Apoint2K
2014-04-29 10:45 - 2008-04-07 11:25 - 00000000 ____D () C:\Windows\system32\Lang
2014-04-29 10:45 - 2008-02-18 23:32 - 00000000 ____D () C:\ProgramData\Google
2014-04-29 10:45 - 2008-02-18 23:30 - 00000000 ____D () C:\Program Files\Google
2014-04-29 10:45 - 2008-02-18 23:22 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-29 10:45 - 2008-02-18 23:05 - 00000000 ____D () C:\Program Files\Java
2014-04-29 10:45 - 2008-02-18 23:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-29 10:45 - 2008-02-18 22:36 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-04-29 10:45 - 2008-02-18 22:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-29 10:45 - 2008-02-18 22:27 - 00000000 ____D () C:\Program Files\Realtek
2014-04-29 10:45 - 2008-02-18 22:19 - 00000000 ____D () C:\Program Files\Toshiba
2014-04-29 10:45 - 2008-02-18 22:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\winrm
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\WCN
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\slmgr
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-04-29 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Web
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Speech
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\SMI
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\RemInst
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\networklist
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\MUI
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\licensing
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\IME
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-29 10:45 - 2005-01-02 03:04 - 00000000 ____D () C:\Windows\sold.old
2014-04-29 10:45 - 2005-01-02 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-29 10:45 - 2005-01-02 02:54 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-04-29 10:45 - 2005-01-02 02:47 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-04-29 10:44 - 2008-06-29 15:35 - 00000000 ___RD () C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2008-02-20 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2014-04-29 10:44 - 2008-02-20 15:16 - 00000000 ____D () C:\Program Files\InterVideo
2014-04-29 10:44 - 2008-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\Program Files\Ulead Systems
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-04-29 10:44 - 2008-02-18 23:22 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-04-29 10:44 - 2008-02-18 23:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-29 10:44 - 2008-02-18 22:54 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-29 10:44 - 2008-02-18 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-04-29 10:44 - 2008-02-18 22:18 - 00000000 ____D () C:\Toshiba
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\Performance
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Users\Public\Recorded TV
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\com
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Speech
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\security
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Resources
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Provisioning
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\PLA
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\MSAgent
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\IME
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Help
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Branding
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-04-28 22:33 - 2014-04-28 22:33 - 00008618 _____ () C:\Users\Alison\Desktop\4-28-2-custom-OTL.Txt
2014-04-28 22:32 - 2014-04-28 21:58 - 00008618 _____ () C:\Users\Alison\Desktop\OTL.Txt
2014-04-28 22:12 - 2014-04-28 22:12 - 00047854 _____ () C:\Users\Alison\Desktop\4-28-1-Extras.Txt
2014-04-28 22:08 - 2014-04-28 22:08 - 00100156 _____ () C:\Users\Alison\Desktop\4-28-1-OTL.Txt
2014-04-28 22:06 - 2014-04-28 22:06 - 00047854 _____ () C:\Users\Alison\Desktop\Extras.Txt
2014-04-28 19:18 - 2014-04-28 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 18:57 - 2013-06-04 21:03 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-04-28 16:28 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg2014
2014-04-28 16:25 - 2014-04-28 16:25 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\AVG2014
2014-04-28 16:24 - 2014-04-28 16:24 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\TuneUp Software
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ___HD () C:\$AVG
2014-04-28 16:16 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\MFAData
2014-04-28 14:40 - 2014-04-28 11:26 - 00064512 _____ () C:\Users\Alison\Desktop\bundle-zip_PAI_Metadata.xls
2014-04-28 10:35 - 2010-08-11 10:25 - 00028515 _____ () C:\ProgramData\lxeascan.log
2014-04-27 18:54 - 2014-04-14 10:26 - 00000000 ____D () C:\Users\Alison\AppData\Local\AVG Secure Search
2014-04-27 14:53 - 2012-07-08 18:36 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Ad-Aware Antivirus
2014-04-27 14:52 - 2014-04-27 14:51 - 00000000 ____D () C:\ProgramData\AVG Secure Search(202)
2014-04-25 20:10 - 2014-04-14 12:37 - 00000000 ____D () C:\Users\Alison\Desktop\TFAll
2014-04-21 10:35 - 2009-09-20 11:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000Core.job
2014-04-20 18:55 - 2013-06-04 15:39 - 00000000 ____D () C:\Users\Alison\AppData\Local\Spotify
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-17 20:00 - 2013-09-14 12:04 - 00000370 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2014-04-17 18:44 - 2014-04-17 18:44 - 00029184 _____ () C:\Users\Alison\Downloads\Hourlypaytemplate_2014_ADavies.xls
2014-04-17 10:11 - 2013-09-16 21:53 - 00000843 _____ () C:\Windows\setupact.log
2014-04-15 13:56 - 2014-04-15 13:56 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-15 13:45 - 2014-04-15 13:45 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-15 03:56 - 2006-11-02 08:47 - 00535952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 03:37 - 2006-11-02 06:23 - 00000240 _____ () C:\Windows\win.ini
2014-04-15 03:14 - 2013-09-14 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 03:07 - 2010-06-07 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-14 10:03 - 2008-02-20 15:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-04-14 10:02 - 2013-06-10 16:15 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-04-03 09:51 - 2014-04-29 15:23 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 15:23 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 15:23 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-03-31 03:51 - 2006-11-02 06:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Alison\AppData\Local\Temp\04528900-eed7-4341-8d28-be517460d3e2.exe
C:\Users\Alison\AppData\Local\Temp\07e2fe54-3e0d-47da-99ee-339bf6703ed7.exe
C:\Users\Alison\AppData\Local\Temp\0e93d5a5-169d-4483-a990-200531109b63.exe
C:\Users\Alison\AppData\Local\Temp\22d7f9cc-a697-4244-9187-969ce46cd847.exe
C:\Users\Alison\AppData\Local\Temp\234060ac-fa31-471a-bc53-ff3994ea6e51.exe
C:\Users\Alison\AppData\Local\Temp\290d0439-513b-473f-8bc6-2c13c9c383c6.exe
C:\Users\Alison\AppData\Local\Temp\29144c83-8d9c-4aa4-a56e-a01d180735b0.exe
C:\Users\Alison\AppData\Local\Temp\2bee61bf-fdf8-424b-b33c-33f7c9f16567.exe
C:\Users\Alison\AppData\Local\Temp\4d1a10ab-31fe-4feb-aac6-cf5a61816302.exe
C:\Users\Alison\AppData\Local\Temp\66b704f0-b9df-4411-961d-77ced6545c01.exe
C:\Users\Alison\AppData\Local\Temp\6e61f0da-45cd-4f00-9eb0-2b302d00229e.exe
C:\Users\Alison\AppData\Local\Temp\960f28a5-eff5-4fec-ba65-7a3719ab8c9b.exe
C:\Users\Alison\AppData\Local\Temp\98dedec9-82c1-4303-b788-5c14e3113fd8.exe
C:\Users\Alison\AppData\Local\Temp\a73523e3-a106-4069-9539-542bdf03811e.exe
C:\Users\Alison\AppData\Local\Temp\b7375e59-c295-4039-b889-4dee2d70c8e7.exe
C:\Users\Alison\AppData\Local\Temp\cc2b81a5-28f4-486a-be9b-4f0d17aa7ce3.exe
C:\Users\Alison\AppData\Local\Temp\contentDATs.exe
C:\Users\Alison\AppData\Local\Temp\corphome_13910_en-us_12m_r1.exe
C:\Users\Alison\AppData\Local\Temp\dcec87d6-9acf-4e5f-95e2-2bae83459508.exe
C:\Users\Alison\AppData\Local\Temp\deb3ba94-a545-4692-a229-21cc08b39d68.exe
C:\Users\Alison\AppData\Local\Temp\e64eb319-8181-49b0-bb8c-9bc6f3aa1e4b.exe
C:\Users\Alison\AppData\Local\Temp\f91d2c51-12b3-4cd1-b611-189f47439f08.exe
C:\Users\Alison\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Alison\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Alison\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Alison\AppData\Local\Temp\lbuh89ct.dll
C:\Users\Alison\AppData\Local\Temp\mssinstaller.exe
C:\Users\Alison\AppData\Local\Temp\oi_{92024FD4-6EB5-41E0-B062-DBCD6B78A071}.exe
C:\Users\Alison\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Alison\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Alison\AppData\Local\Temp\{00BE6F27-4C43-4A2E-B17E-F37D9304093A}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 17:53

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

See if you're able to run ComboFix:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted

Hi,

 

This appeared to fix the problem.  As soon as the log was saved I could see my start menu, background, and icons again.  I disabled my antivirus programs and ran ComboFix from the desktop. When it was done I was not able to access the internet, so I rebooted as the ComboFix guide instructed.  During the reboot I got the blue screen 'dump' and it cited "Bad_Pool_Caller".  Then it kept logging in, asked me what mode since it was in error recovery (I did normal mode), and then it seemed to load normally and here we are.

 

The log is below.  Thank you for your help!

Alison

 

ComboFix 14-04-30.01 - Alison 04/30/2014  15:20:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1946 [GMT -4:00]
Running from: c:\users\Alison\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-28 to 2014-04-30  )))))))))))))))))))))))))))))))
.
.
2014-04-30 19:39 . 2014-04-30 19:40 -------- d-----w- c:\users\Alison\AppData\Local\temp
2014-04-30 19:39 . 2014-04-30 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-29 22:12 . 2014-04-29 22:17 -------- d-----w- C:\FRST
2014-04-29 21:30 . 2014-04-29 21:30 -------- d-----w- c:\program files\iPod
2014-04-29 21:30 . 2014-04-29 21:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 21:30 . 2014-04-29 21:31 -------- d-----w- c:\program files\iTunes
2014-04-29 21:17 . 2014-04-29 21:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-04-29 21:17 . 2014-04-29 21:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-04-29 21:17 . 2014-04-29 21:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-04-29 21:17 . 2014-04-29 21:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-04-29 21:17 . 2014-04-29 21:17 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-04-29 21:16 . 2014-04-29 21:17 -------- d-----w- c:\program files\QuickTime
2014-04-29 20:48 . 2014-04-29 20:49 -------- d-----w- c:\programdata\Avg
2014-04-29 20:47 . 2014-04-29 20:47 -------- d-----w- c:\users\Alison\AppData\Local\Avg
2014-04-29 19:24 . 2014-04-30 19:07 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 19:23 . 2014-04-03 13:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-29 19:23 . 2014-04-03 13:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 19:23 . 2014-04-03 13:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-29 18:33 . 2014-04-29 19:33 17931952 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-04-28 23:18 . 2014-04-29 19:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-28 23:18 . 2014-04-28 23:18 -------- d-----w- c:\programdata\Malwarebytes
2014-04-28 20:25 . 2014-04-28 20:25 -------- d-----w- c:\users\Alison\AppData\Roaming\AVG2014
2014-04-28 20:24 . 2014-04-28 20:24 -------- d-----w- c:\users\Alison\AppData\Roaming\TuneUp Software
2014-04-28 20:21 . 2014-04-29 20:53 -------- d-----w- c:\programdata\AVG2014
2014-04-28 20:21 . 2014-04-28 20:21 -------- d-----w- C:\$AVG
2014-04-28 20:20 . 2014-04-29 20:49 -------- d-----w- c:\program files\AVG
2014-04-28 20:16 . 2014-04-30 18:30 -------- d-----w- c:\programdata\MFAData
2014-04-28 20:16 . 2014-04-28 20:16 -------- d-----w- c:\users\Alison\AppData\Local\MFAData
2014-04-18 19:02 . 2014-04-18 19:02 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-04-18 07:08 . 2014-04-29 14:46 -------- d-----w- c:\windows\Migration
2014-04-15 17:46 . 2014-04-29 14:46 -------- d-----w- c:\users\Alison\AppData\Local\Skype
2014-04-15 17:45 . 2014-04-29 14:46 -------- d-----w- c:\users\Alison\AppData\Roaming\Skype
2014-04-15 17:45 . 2014-04-15 17:45 -------- d-----w- c:\program files\Common Files\Skype
2014-04-15 17:45 . 2014-04-29 14:46 -------- d-----r- c:\program files\Skype
2014-04-15 17:44 . 2014-04-29 14:45 -------- d-----w- c:\programdata\Skype
2014-04-14 15:33 . 2014-02-07 10:38 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-04-14 15:33 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-04-14 15:33 . 2014-02-03 10:37 505344 ----a-w- c:\windows\system32\qedit.dll
2014-04-14 15:31 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll
2014-04-14 15:28 . 2013-11-13 00:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-04-14 14:26 . 2014-04-27 22:54 -------- d-----w- c:\users\Alison\AppData\Local\AVG Secure Search
2014-04-14 14:03 . 2014-04-29 14:47 -------- d-----w- c:\programdata\AVG Secure Search
2014-04-14 14:02 . 2014-04-29 14:47 -------- d-----w- c:\program files\AVG Secure Search
2014-03-31 20:11 . 2014-03-31 20:11 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 20:11 . 2014-03-31 20:11 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 19:33 . 2013-06-09 18:18 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 19:33 . 2011-07-29 17:04 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-14 14:02 . 2013-06-10 20:15 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-28 02:15 . 2014-03-28 02:15 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 02:14 . 2014-03-28 02:14 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 02:04 . 2014-03-28 02:04 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 02:04 . 2014-03-28 02:04 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 02:03 . 2014-03-28 02:03 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 02:03 . 2014-03-28 02:03 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-16 22:43 . 2013-06-03 16:47 11668480 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-04-14 14:02 3486232 ----a-w- c:\program files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll" [2014-04-14 3486232]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Alison\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-07-04 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 39408]
"Spotify Web Helper"="c:\users\Alison\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-20 1171000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-11 417792]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-04-14 2544664]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"NDSTray.exe"="NDSTray.exe" [bU]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
"AvgUi"="c:\program files\AVG\Framework\Common\avguix.exe" [2014-04-11 1164304]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-04-07 5180432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - c:\windows\System32\cmd.exe /c del "c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk" [2008-1-20 318976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-06-13 1236336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-30 18:36 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-09 19:33]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 08:11]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-14 08:11]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000Core.job
- c:\users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-20 15:50]
.
2014-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000UA.job
- c:\users\Alison\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-20 15:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DSite - c:\users\Alison\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-Zip Opener Packages - c:\users\Alison\AppData\Roaming\Zip Opener Packages\uninstaller.exe
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\Alison\AppData\Local\{F4D3592D-AC52-4517-8995-C7F411F9086E}\NBCDirectInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-30 15:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-04-30  15:44:39
ComboFix-quarantined-files.txt  2014-04-30 19:44
.
Pre-Run: 37,052,887,040 bytes free
Post-Run: 42,268,803,072 bytes free
.
- - End Of File - - 6BA67804BA0B86FCFE93DCEB24225771
5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good!

Lets clear up all these AVs you have on the system first:

You have AVG, Ad-Aware and some McAfee:
 

AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

You can't have 2 AVs on the system.
What do you want to keep?? AVG??

Please uninstall the rest (not Defender)

You can run the McAfee Consumer Product Removal Tool to clean up any McAfee leftovers:

http://www.bleepingcomputer.com/download/mcafee-consumer-products-removal-tool/dl/51/

When done.....run another scan with FRST.exe and please make sure the Addition Box is checked.

MrC

Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted

Thanks for that. The McAfee leftovers were pesky.  I kept AVG, got rid of AdAware.

 

FRST log below, Addition attached.

 

Thank you -

Alison

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-04-2014 03
Ran by Alison (administrator) on ALISON-PC on 30-04-2014 17:10:13
Running from C:\Users\Alison\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
( ) C:\Windows\System32\lxeacoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Toshiba\IVP\ISM\pinger.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
() C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\Alison\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [lxeamon.exe] => C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe [770728 2010-05-05] ()
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [iTSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-28] ( TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-11-01] (TOSHIBA Corporation)
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark S300-S400 Series\ezprint.exe [148280 2010-05-05] ()
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2009-04-10] (Chicony)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-04-14] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [sVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-23] (TOSHIBA)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1164304 2014-04-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [430080 2008-07-04] (TOSHIBA)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2008-12-28] (Google Inc.)
HKU\S-1-5-21-2393571190-2996653842-2028706402-1000\...\Run: [spotify Web Helper] => C:\Users\Alison\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-20] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [143360 2008-02-18] (Google)
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {9F5FABF6-B0DE-4FA0-8DB2-9ACA7C6179CD} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM - {9F5FABF6-B0DE-4FA0-8DB2-9ACA7C6179CD} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.18/uploader2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} http://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 66.189.0.100 24.159.64.23 24.247.24.53
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nbc.com/DirectPlayer - C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Alison\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Alison\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Alison\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alison\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-15]
CHR Extension: (Google Drive) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-15]
CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-15]
CHR Extension: (Google Search) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-15]
CHR Extension: (Pin It Button) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-04-15]
CHR Extension: (Google Wallet) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-15]
CHR Extension: (Gmail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-15]
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-04-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1473280 2014-04-03] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [559120 2014-04-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2008-02-18] (Google)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [598696 2010-01-07] ( )
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-14] (AVG Secure Search)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 ATMhelpr; C:\Windows\system32\Drivers\ATMhelpr.sys [4064 1997-06-17] (Adobe Systems Incorporated)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-14] (AVG Technologies)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions)
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-15] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-06-10] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-11-24] (Printing Communications Assoc., Inc. (PCAUSA))
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26888 2009-05-26] ()
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2009-04-10] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Alison\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Nmea; system32\DRIVERS\pctnullport.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-30 17:09 - 2014-04-30 17:09 - 00000000 ____D () C:\Users\Alison\Desktop\FRST-OlderVersion
2014-04-30 16:39 - 2014-04-30 16:39 - 03218352 _____ (McAfee, Inc.) C:\Users\Alison\Downloads\MCPR.exe
2014-04-30 16:04 - 2014-04-30 16:59 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-30 16:04 - 2014-04-30 16:04 - 00143376 _____ () C:\Windows\Minidump\Mini043014-01.dmp
2014-04-30 15:44 - 2014-04-30 15:44 - 00016323 _____ () C:\ComboFix.txt
2014-04-30 15:16 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-30 15:16 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-30 15:16 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-30 15:16 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-30 15:16 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-30 15:16 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-30 15:16 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-30 15:16 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-30 14:52 - 2014-04-30 14:52 - 05197895 ____R (Swearware) C:\Users\Alison\Desktop\ComboFix.exe
2014-04-30 14:44 - 2014-04-30 15:44 - 00000000 ____D () C:\Qoobox
2014-04-30 14:44 - 2014-04-30 14:45 - 05197895 _____ (Swearware) C:\Users\Alison\Downloads\ComboFix (1).exe
2014-04-30 14:43 - 2014-04-30 15:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-30 14:43 - 2014-04-30 14:43 - 05197895 ____R (Swearware) C:\Users\Alison\Downloads\ComboFix.exe
2014-04-29 18:15 - 2014-04-29 18:17 - 00033688 _____ () C:\Users\Alison\Desktop\Addition.txt
2014-04-29 18:12 - 2014-04-30 17:11 - 00020586 _____ () C:\Users\Alison\Desktop\FRST.txt
2014-04-29 18:12 - 2014-04-30 17:10 - 00000000 ____D () C:\FRST
2014-04-29 18:11 - 2014-04-30 17:09 - 01050624 _____ (Farbar) C:\Users\Alison\Desktop\FRST.exe
2014-04-29 17:31 - 2014-04-29 17:31 - 00001635 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 17:31 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 17:30 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 17:30 - 2014-04-29 17:31 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 17:30 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-29 17:16 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-29 16:55 - 2014-04-29 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-29 16:49 - 2014-04-29 16:49 - 00000807 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-04-29 16:48 - 2014-04-29 16:49 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 16:47 - 2014-04-29 16:49 - 00000000 ____D () C:\Users\Alison\AppData\Local\AvgSetupLog
2014-04-29 16:47 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg
2014-04-29 15:24 - 2014-04-30 15:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 15:23 - 2014-04-29 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 15:23 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 15:23 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 15:23 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 14:33 - 2014-04-29 15:33 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-04-29 11:19 - 2014-04-29 11:19 - 04981160 _____ (Adobe Systems Inc.) C:\Users\Alison\Downloads\Shockwave_Installer_Slim.exe
2014-04-29 11:08 - 2014-04-29 11:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-29 11:06 - 2014-04-29 11:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 10:59 - 2014-04-29 11:11 - 00000680 _____ () C:\Users\Alison\AppData\Local\d3d9caps.dat
2014-04-28 22:33 - 2014-04-28 22:33 - 00008618 _____ () C:\Users\Alison\Desktop\4-28-2-custom-OTL.Txt
2014-04-28 22:12 - 2014-04-28 22:12 - 00047854 _____ () C:\Users\Alison\Desktop\4-28-1-Extras.Txt
2014-04-28 22:08 - 2014-04-28 22:08 - 00100156 _____ () C:\Users\Alison\Desktop\4-28-1-OTL.Txt
2014-04-28 22:06 - 2014-04-28 22:06 - 00047854 _____ () C:\Users\Alison\Desktop\Extras.Txt
2014-04-28 21:58 - 2014-04-28 22:32 - 00008618 _____ () C:\Users\Alison\Desktop\OTL.Txt
2014-04-28 19:18 - 2014-04-29 15:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-28 19:18 - 2014-04-28 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 16:25 - 2014-04-28 16:25 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\AVG2014
2014-04-28 16:24 - 2014-04-28 16:24 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\TuneUp Software
2014-04-28 16:21 - 2014-04-29 16:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ____D () C:\$AVG
2014-04-28 16:20 - 2014-04-29 16:49 - 00000000 ____D () C:\Program Files\AVG
2014-04-28 16:16 - 2014-04-30 16:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-28 16:16 - 2014-04-28 16:28 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg2014
2014-04-28 16:16 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\MFAData
2014-04-28 11:26 - 2014-04-28 14:40 - 00064512 _____ () C:\Users\Alison\Desktop\bundle-zip_PAI_Metadata.xls
2014-04-27 14:51 - 2014-04-27 14:52 - 00000000 ____D () C:\ProgramData\AVG Secure Search(202)
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-17 18:44 - 2014-04-17 18:44 - 00029184 _____ () C:\Users\Alison\Downloads\Hourlypaytemplate_2014_ADavies.xls
2014-04-15 13:56 - 2014-04-30 14:38 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-15 13:56 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-15 13:46 - 2014-04-29 10:46 - 00000000 ____D () C:\Users\Alison\AppData\Local\Skype
2014-04-15 13:45 - 2014-04-29 10:46 - 00000000 ___RD () C:\Program Files\Skype
2014-04-15 13:45 - 2014-04-29 10:46 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-15 13:44 - 2014-04-29 10:45 - 00000000 ____D () C:\ProgramData\Skype
2014-04-15 03:33 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-15 03:33 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 03:33 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 03:33 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 03:33 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 03:33 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 03:33 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-15 03:33 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 03:33 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-15 03:33 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 03:33 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 03:33 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 03:33 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 03:33 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-15 03:33 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-15 03:33 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 12:37 - 2014-04-25 20:10 - 00000000 ____D () C:\Users\Alison\Desktop\TFAll
2014-04-14 11:33 - 2014-02-07 06:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-14 11:33 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-14 11:33 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-14 11:32 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-14 11:31 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-14 11:28 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-14 10:26 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Alison\AppData\Local\AVG Secure Search
2014-04-14 10:03 - 2014-04-29 10:47 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-14 10:02 - 2014-04-29 10:47 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-30 17:11 - 2014-04-29 18:12 - 00020586 _____ () C:\Users\Alison\Desktop\FRST.txt
2014-04-30 17:10 - 2014-04-29 18:12 - 00000000 ____D () C:\FRST
2014-04-30 17:09 - 2014-04-30 17:09 - 00000000 ____D () C:\Users\Alison\Desktop\FRST-OlderVersion
2014-04-30 17:09 - 2014-04-29 18:11 - 01050624 _____ (Farbar) C:\Users\Alison\Desktop\FRST.exe
2014-04-30 17:05 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 17:04 - 2008-04-07 11:21 - 01226605 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 17:00 - 2010-08-11 10:25 - 00028845 _____ () C:\ProgramData\lxeascan.log
2014-04-30 16:59 - 2014-04-30 16:04 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-30 16:59 - 2010-04-14 04:11 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 16:58 - 2013-09-13 18:03 - 00095374 _____ () C:\Windows\PFRO.log
2014-04-30 16:58 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-30 16:58 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:58 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:56 - 2006-11-02 09:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 16:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-04-30 16:39 - 2014-04-30 16:39 - 03218352 _____ (McAfee, Inc.) C:\Users\Alison\Downloads\MCPR.exe
2014-04-30 16:35 - 2010-04-14 04:11 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 16:35 - 2009-09-20 11:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000UA.job
2014-04-30 16:33 - 2013-06-09 14:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 16:10 - 2014-04-28 16:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-30 16:04 - 2014-04-30 16:04 - 00143376 _____ () C:\Windows\Minidump\Mini043014-01.dmp
2014-04-30 16:04 - 2008-07-18 20:22 - 367062149 _____ () C:\Windows\MEMORY.DMP
2014-04-30 16:04 - 2008-07-18 20:22 - 00000000 ____D () C:\Windows\Minidump
2014-04-30 15:44 - 2014-04-30 15:44 - 00016323 _____ () C:\ComboFix.txt
2014-04-30 15:44 - 2014-04-30 14:44 - 00000000 ____D () C:\Qoobox
2014-04-30 15:44 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-04-30 15:44 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-04-30 15:42 - 2014-04-30 14:43 - 00000000 ____D () C:\Windows\erdnt
2014-04-30 15:40 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 15:07 - 2014-04-29 15:24 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 14:52 - 2014-04-30 14:52 - 05197895 ____R (Swearware) C:\Users\Alison\Desktop\ComboFix.exe
2014-04-30 14:45 - 2014-04-30 14:44 - 05197895 _____ (Swearware) C:\Users\Alison\Downloads\ComboFix (1).exe
2014-04-30 14:43 - 2014-04-30 14:43 - 05197895 ____R (Swearware) C:\Users\Alison\Downloads\ComboFix.exe
2014-04-30 14:38 - 2014-04-15 13:56 - 00001942 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 18:17 - 2014-04-29 18:15 - 00033688 _____ () C:\Users\Alison\Desktop\Addition.txt
2014-04-29 17:31 - 2014-04-29 17:31 - 00001635 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-29 17:31 - 2014-04-29 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-29 17:31 - 2014-04-29 17:30 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-04-29 17:31 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iTunes
2014-04-29 17:30 - 2014-04-29 17:30 - 00000000 ____D () C:\Program Files\iPod
2014-04-29 17:30 - 2008-07-04 23:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-04-29 17:22 - 2008-06-29 15:35 - 00000000 ____D () C:\Users\Alison
2014-04-29 17:20 - 2008-07-04 23:08 - 00000000 ____D () C:\ProgramData\Apple
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-04-29 17:17 - 2014-04-29 17:16 - 00000000 ____D () C:\Program Files\QuickTime
2014-04-29 16:55 - 2014-04-29 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-29 16:53 - 2014-04-28 16:21 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-29 16:49 - 2014-04-29 16:49 - 00000807 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-04-29 16:49 - 2014-04-29 16:48 - 00000000 ____D () C:\ProgramData\Avg
2014-04-29 16:49 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\AvgSetupLog
2014-04-29 16:49 - 2014-04-28 16:20 - 00000000 ____D () C:\Program Files\AVG
2014-04-29 16:47 - 2014-04-29 16:47 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg
2014-04-29 15:33 - 2014-04-29 14:33 - 17931952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-04-29 15:33 - 2013-06-09 14:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 15:33 - 2011-07-29 13:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 15:23 - 2014-04-29 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 15:23 - 2014-04-28 19:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 14:26 - 2008-12-31 22:05 - 00000410 _____ () C:\Windows\brwmark.ini
2014-04-29 11:19 - 2014-04-29 11:19 - 04981160 _____ (Adobe Systems Inc.) C:\Users\Alison\Downloads\Shockwave_Installer_Slim.exe
2014-04-29 11:19 - 2009-03-15 11:03 - 00000000 ____D () C:\Windows\system32\Adobe
2014-04-29 11:15 - 2008-06-29 15:35 - 00000000 ____D () C:\Users\Alison\AppData\Local\Google
2014-04-29 11:11 - 2014-04-29 10:59 - 00000680 _____ () C:\Users\Alison\AppData\Local\d3d9caps.dat
2014-04-29 11:08 - 2014-04-29 11:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-04-29 11:07 - 2014-04-29 11:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alison\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-29 10:51 - 2006-11-02 06:22 - 54525952 _____ () C:\Windows\system32\config\software_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 35651584 _____ () C:\Windows\system32\config\components_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 25427968 _____ () C:\Windows\system32\config\system_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-29 10:51 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-04-29 10:47 - 2014-04-15 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-29 10:47 - 2014-04-14 10:03 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-29 10:47 - 2014-04-14 10:02 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-04-29 10:47 - 2013-06-10 16:15 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Zip Opener Packages
2014-04-29 10:47 - 2013-06-10 16:15 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-04-29 10:47 - 2011-10-24 12:24 - 00000000 ____D () C:\Program Files\Bonjour
2014-04-29 10:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-04-29 10:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-29 10:46 - 2014-04-15 13:46 - 00000000 ____D () C:\Users\Alison\AppData\Local\Skype
2014-04-29 10:46 - 2014-04-15 13:45 - 00000000 ___RD () C:\Program Files\Skype
2014-04-29 10:46 - 2014-04-15 13:45 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Skype
2014-04-29 10:46 - 2013-09-12 21:15 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\GlarySoft
2014-04-29 10:46 - 2013-09-12 14:25 - 00000000 ____D () C:\AI_CS2_IE_NonRet
2014-04-29 10:46 - 2013-09-11 19:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe Systems Shared
2014-04-29 10:46 - 2013-09-11 15:17 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-04-29 10:46 - 2013-06-28 19:20 - 00000000 ____D () C:\Program Files\Dropbox
2014-04-29 10:46 - 2013-06-04 15:37 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Spotify
2014-04-29 10:46 - 2010-12-07 21:41 - 00000000 ____D () C:\Program Files\Lexmark Toolbar
2014-04-29 10:46 - 2010-12-07 21:41 - 00000000 ____D () C:\Program Files\Lexmark
2014-04-29 10:46 - 2010-12-07 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2014-04-29 10:46 - 2010-12-07 21:28 - 00000000 ____D () C:\Program Files\Lexmark S300-S400 Series
2014-04-29 10:46 - 2010-11-13 15:03 - 00000000 ____D () C:\ProgramData\Lexmark S300-S400 Series
2014-04-29 10:46 - 2010-10-09 12:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-29 10:46 - 2010-10-03 13:13 - 00000000 ____D () C:\Program Files\Lexmark Printable Web
2014-04-29 10:46 - 2008-06-29 19:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-29 10:46 - 2008-02-18 23:02 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-29 10:46 - 2008-02-18 23:02 - 00000000 ____D () C:\Program Files\Adobe
2014-04-29 10:46 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\twain_32
2014-04-29 10:46 - 2006-11-02 07:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:46 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-04-29 10:46 - 2005-01-02 02:49 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-29 10:45 - 2014-04-15 13:44 - 00000000 ____D () C:\ProgramData\Skype
2014-04-29 10:45 - 2013-09-15 14:19 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-29 10:45 - 2013-09-13 13:36 - 00000000 ____D () C:\Users\Alison\AppData\Local\Seven Zip
2014-04-29 10:45 - 2013-06-28 14:33 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-29 10:45 - 2013-06-10 16:15 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-04-29 10:45 - 2011-07-29 13:39 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-29 10:45 - 2010-11-16 20:15 - 00000000 ____D () C:\Program Files\Shutterfly
2014-04-29 10:45 - 2010-08-06 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson
2014-04-29 10:45 - 2010-08-06 14:02 - 00000000 ____D () C:\Program Files\ABBYY FineReader 6.0 Sprint
2014-04-29 10:45 - 2010-08-06 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
2014-04-29 10:45 - 2010-08-06 13:56 - 00000000 ____D () C:\Program Files\epson
2014-04-29 10:45 - 2010-05-27 13:57 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Microsoft Corporation
2014-04-29 10:45 - 2010-04-14 22:07 - 00000000 ____D () C:\Program Files\Windows Live
2014-04-29 10:45 - 2010-04-14 22:07 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-29 10:45 - 2010-02-24 15:25 - 00000000 ____D () C:\Program Files\DIFX
2014-04-29 10:45 - 2010-02-14 02:55 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Mozilla
2014-04-29 10:45 - 2010-02-02 01:49 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\McAfee
2014-04-29 10:45 - 2009-11-27 21:49 - 00000000 ____D () C:\ProgramData\Real
2014-04-29 10:45 - 2009-10-16 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-04-29 10:45 - 2009-10-16 23:19 - 00000000 ____D () C:\Program Files\Acro Software
2014-04-29 10:45 - 2009-09-18 13:00 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-04-29 10:45 - 2009-07-23 00:14 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Sprint
2014-04-29 10:45 - 2009-05-30 14:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-29 10:45 - 2008-11-08 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-04-29 10:45 - 2008-11-08 22:10 - 00000000 ____D () C:\Program Files\VSO
2014-04-29 10:45 - 2008-09-02 21:44 - 00000000 ____D () C:\Users\Public\Downloads\Floppy Disk Folder
2014-04-29 10:45 - 2008-09-02 21:44 - 00000000 ____D () C:\Users\Public\Downloads\EGP Manual
2014-04-29 10:45 - 2008-08-26 20:33 - 00000000 ____D () C:\Program Files\Western Digital Technologies
2014-04-29 10:45 - 2008-07-05 19:23 - 00000000 ____D () C:\Users\Alison\AppData\Local\Microsoft Games
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\Program Files\PhotoDeluxe HE 3.0
2014-04-29 10:45 - 2008-07-05 12:14 - 00000000 ____D () C:\KPCMS
2014-04-29 10:45 - 2008-07-02 15:46 - 00000000 ____D () C:\Users\Public\Downloads\Eudora
2014-04-29 10:45 - 2008-07-02 15:21 - 00000000 ____D () C:\Program Files\Qualcomm
2014-04-29 10:45 - 2008-06-29 19:21 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-04-29 10:45 - 2008-06-29 17:45 - 00000000 ____D () C:\Program Files\Common Files\L&H
2014-04-29 10:45 - 2008-06-29 17:44 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-04-29 10:45 - 2008-06-29 17:24 - 00000000 ____D () C:\Program Files\Synaptics
2014-04-29 10:45 - 2008-06-29 15:43 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\Adobe
2014-04-29 10:45 - 2008-04-07 11:50 - 00000000 ____D () C:\Program Files\Camera Assistant Software for Toshiba
2014-04-29 10:45 - 2008-04-07 11:49 - 00000000 ____D () C:\ProgramData\Intel
2014-04-29 10:45 - 2008-04-07 11:43 - 00000000 ____D () C:\Program Files\Apoint2K
2014-04-29 10:45 - 2008-04-07 11:25 - 00000000 ____D () C:\Windows\system32\Lang
2014-04-29 10:45 - 2008-02-18 23:32 - 00000000 ____D () C:\ProgramData\Google
2014-04-29 10:45 - 2008-02-18 23:30 - 00000000 ____D () C:\Program Files\Google
2014-04-29 10:45 - 2008-02-18 23:22 - 00000000 ____D () C:\ProgramData\WildTangent
2014-04-29 10:45 - 2008-02-18 23:05 - 00000000 ____D () C:\Program Files\Java
2014-04-29 10:45 - 2008-02-18 23:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-29 10:45 - 2008-02-18 22:36 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-04-29 10:45 - 2008-02-18 22:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-29 10:45 - 2008-02-18 22:27 - 00000000 ____D () C:\Program Files\Realtek
2014-04-29 10:45 - 2008-02-18 22:19 - 00000000 ____D () C:\Program Files\Toshiba
2014-04-29 10:45 - 2008-02-18 22:15 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\WindowsMobile
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\winrm
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\WCN
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\slmgr
2014-04-29 10:45 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-04-29 10:45 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Web
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Speech
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\SMI
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\RemInst
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\networklist
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\MUI
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\licensing
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\IME
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-29 10:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-29 10:45 - 2005-01-02 03:04 - 00000000 ____D () C:\Windows\sold.old
2014-04-29 10:45 - 2005-01-02 02:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-04-29 10:45 - 2005-01-02 02:54 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-04-29 10:45 - 2005-01-02 02:47 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-04-29 10:44 - 2008-06-29 15:35 - 00000000 ___RD () C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2008-02-20 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2014-04-29 10:44 - 2008-02-20 15:16 - 00000000 ____D () C:\Program Files\InterVideo
2014-04-29 10:44 - 2008-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD MovieFactory for TOSHIBA
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\Program Files\Ulead Systems
2014-04-29 10:44 - 2008-02-20 15:12 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-04-29 10:44 - 2008-02-18 23:22 - 00000000 ____D () C:\Program Files\TOSHIBA Games
2014-04-29 10:44 - 2008-02-18 23:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-04-29 10:44 - 2008-02-18 22:54 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-29 10:44 - 2008-02-18 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-04-29 10:44 - 2008-02-18 22:18 - 00000000 ____D () C:\Toshiba
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\Performance
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Users\Public\Recorded TV
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-04-29 10:44 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\com
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\catroot2.old
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Speech
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\security
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Resources
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Provisioning
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\PLA
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\MSAgent
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\IME
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Help
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Branding
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Windows NT
2014-04-29 10:44 - 2006-11-02 07:18 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-04-28 22:33 - 2014-04-28 22:33 - 00008618 _____ () C:\Users\Alison\Desktop\4-28-2-custom-OTL.Txt
2014-04-28 22:32 - 2014-04-28 21:58 - 00008618 _____ () C:\Users\Alison\Desktop\OTL.Txt
2014-04-28 22:12 - 2014-04-28 22:12 - 00047854 _____ () C:\Users\Alison\Desktop\4-28-1-Extras.Txt
2014-04-28 22:08 - 2014-04-28 22:08 - 00100156 _____ () C:\Users\Alison\Desktop\4-28-1-OTL.Txt
2014-04-28 22:06 - 2014-04-28 22:06 - 00047854 _____ () C:\Users\Alison\Desktop\Extras.Txt
2014-04-28 19:18 - 2014-04-28 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-28 18:57 - 2013-06-04 21:03 - 00262144 _____ () C:\Windows\system32\config\ELAM
2014-04-28 16:28 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\Avg2014
2014-04-28 16:25 - 2014-04-28 16:25 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\AVG2014
2014-04-28 16:24 - 2014-04-28 16:24 - 00000000 ____D () C:\Users\Alison\AppData\Roaming\TuneUp Software
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ____D () C:\$AVG
2014-04-28 16:16 - 2014-04-28 16:16 - 00000000 ____D () C:\Users\Alison\AppData\Local\MFAData
2014-04-28 14:40 - 2014-04-28 11:26 - 00064512 _____ () C:\Users\Alison\Desktop\bundle-zip_PAI_Metadata.xls
2014-04-27 18:54 - 2014-04-14 10:26 - 00000000 ____D () C:\Users\Alison\AppData\Local\AVG Secure Search
2014-04-27 14:52 - 2014-04-27 14:51 - 00000000 ____D () C:\ProgramData\AVG Secure Search(202)
2014-04-25 20:10 - 2014-04-14 12:37 - 00000000 ____D () C:\Users\Alison\Desktop\TFAll
2014-04-21 10:35 - 2009-09-20 11:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393571190-2996653842-2028706402-1000Core.job
2014-04-20 18:55 - 2013-06-04 15:39 - 00000000 ____D () C:\Users\Alison\AppData\Local\Spotify
2014-04-18 15:02 - 2014-04-18 15:02 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-04-17 18:44 - 2014-04-17 18:44 - 00029184 _____ () C:\Users\Alison\Downloads\Hourlypaytemplate_2014_ADavies.xls
2014-04-17 10:11 - 2013-09-16 21:53 - 00000843 _____ () C:\Windows\setupact.log
2014-04-15 13:45 - 2014-04-15 13:45 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-15 13:45 - 2014-04-15 13:45 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-15 03:56 - 2006-11-02 08:47 - 00535952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-15 03:37 - 2006-11-02 06:23 - 00000240 _____ () C:\Windows\win.ini
2014-04-15 03:14 - 2013-09-14 14:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 03:07 - 2010-06-07 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-14 10:03 - 2008-02-20 15:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-04-14 10:02 - 2013-06-10 16:15 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-04-03 09:51 - 2014-04-29 15:23 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-29 15:23 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-29 15:23 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-03-31 03:51 - 2006-11-02 06:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-30 17:04
 
==================== End Of Log ============================
 
 

Addition.txt

Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted

One additional thing-  I thought I'd paused the AVG full scan that wanted to run when I restarted, but looks like it went through and it found and cleaned one thing.  Here are the details:

 

Thread: Trojan horse Patched_c.ADKY

Object name: C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.

Severity: High

State: Secured

Identified by: Scan

Date: 4/30/2014, 7:05:54 PM

 

thanks,

Alison

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please uninstall these 2 AVG toolbars:

AVG SafeGuard toolbar 
AVG Security Toolbar 

Here's why:
http://malwaretips.com/blogs/avg-safeguard-toolbar-removal/
http://www.zdnet.com/avg-security-toolbar-is-the-worst-foistware-ive-ever-seen-7000001055/

Then:

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Last:

For Malwarebytes 2.0, please run a Threat Scan
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found
Post the log

Let me know how it is, MrC

Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted
Had to use Revo to uninstall the AVG toolbars as instructed in your first link, as the method described by AVG (on the toolbar itself, in IE in my case) did nothing, and going through add/remove programs would start the uninstall but it would stop saying it didn't finish/work.
 
Logs below.
 
Alison
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-04-2014 03
Ran by Alison at 2014-04-30 21:15:15 Run:1
Running from C:\Users\Alison\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-04-15]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-04-14] (AVG Secure Search)
C:\Users\Alison\AppData\Roaming\McAfee
 
*****************
 
[4032] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe => Process closed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole => Key deleted successfully.
"C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
vToolbarUpdater18.0.5 => Service deleted successfully.
C:\Users\Alison\AppData\Roaming\McAfee => Moved successfully.
 
==== End of Fixlog ====
 
 
 
# AdwCleaner v3.205 - Report created 30/04/2014 at 21:30:03
# Updated 28/04/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Alison - ALISON-PC
# Running from : C:\Users\Alison\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.0.5
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Alison\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Alison\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Alison\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Alison\AppData\Roaming\DSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16545
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5478 octets] - [30/04/2014 21:21:31]
AdwCleaner[s0].txt - [5673 octets] - [30/04/2014 21:30:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5733 octets] ##########
 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/30/2014
Scan Time: 10:09:42 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.01.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Alison
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 249634
Time Elapsed: 20 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted

Sorry, didn't get a notification about your post for some reason.  

 

Still working great and no signs of issues returning.  No sign of the AVG toolbars being pesky, either (though I was never having the same issues with them taking over browsers as others mention online bc I disabled it early on).

 

Thank you so much for your help!  

 

Alison

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
07abd

07abd

Posted
  • Author
Posted
Here's the log. 

Alison

 

 Results of screen317's Security Check version 0.99.82  

   x86   

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

AVG Internet Security 2014   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 13.0.0.206  

 Google Chrome 34.0.1847.116  

 Google Chrome 34.0.1847.131  

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C::  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

That looks OK.....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.