Jump to content

System running slow and PUP file keeps trying to run


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Marcos (administrator) on MAINBRAIN on 19-05-2014 18:14:05
Running from C:\Users\Marcos\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [etMonitor] => C:\windows\etMon.exe
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-19] (Facebook Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Extension: Ad-Aware Security Add-on - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-05-19]
FF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]
FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03]
 
Chrome: 
=======
CHR HomePage: hxxp://home.nucomm.net/
CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69"
CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]
CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]
CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]
CHR Extension: (Exchange Rewards Item Links Faster) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-05-18]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]
CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]
CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)
R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt
2014-05-19 18:14 - 2014-05-19 18:19 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt
2014-05-19 18:13 - 2014-05-19 18:14 - 00000000 ____D () C:\FRST
2014-05-19 18:11 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft
2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics
2014-05-19 12:40 - 2014-05-19 18:02 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-19 12:39 - 2014-05-19 18:05 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection
2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe
2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook
2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe
2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe
2014-05-19 06:51 - 2014-05-19 08:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-19 06:51 - 2014-05-19 06:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe
2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe
2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-05-17 15:35 - 2014-05-19 18:02 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 15:35 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-17 15:35 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-17 15:35 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe
2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk
2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe
2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt
2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt
2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt
2014-05-15 08:26 - 2014-05-18 08:31 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt
2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt
2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp4
2014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt
2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt
2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt
2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt
2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics
2014-05-04 13:16 - 2014-05-04 13:17 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video
2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt
2014-05-02 14:20 - 2014-05-02 14:46 - 00000035 _____ () C:\Users\Marcos\Documents\fv2  inventory.txt
2014-05-01 10:18 - 2014-05-12 22:23 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt
2014-04-29 17:03 - 2014-05-07 18:09 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt
2014-04-28 17:37 - 2014-05-13 08:52 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt
2014-04-28 12:33 - 2014-05-11 09:41 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt
2014-04-24 14:22 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-24 14:22 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-24 14:22 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 14:22 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-24 14:22 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-23 14:03 - 2014-05-04 15:55 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt
2014-04-22 00:50 - 2014-05-16 14:59 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt
2014-05-19 18:19 - 2014-05-19 18:14 - 00021617 _____ () C:\Users\Marcos\Desktop\FRST.txt
2014-05-19 18:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 18:14 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST
2014-05-19 18:13 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job
2014-05-19 18:09 - 2014-05-19 18:11 - 02067456 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2014-05-19 18:09 - 2014-05-19 18:09 - 02067456 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-05-19 18:08 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-19 18:05 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-19 18:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 18:02 - 2014-05-19 12:40 - 00002312 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-05-19 18:02 - 2014-05-17 15:35 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 18:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-19 18:01 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-19 18:01 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection
2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 17:45 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job
2014-05-19 17:44 - 2013-04-03 19:10 - 00736506 _____ () C:\windows\PFRO.log
2014-05-19 17:43 - 2013-12-04 15:20 - 02013597 _____ () C:\windows\WindowsUpdate.log
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-19 17:31 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype
2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Lavasoft
2014-05-19 14:21 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics
2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp
2014-05-19 12:40 - 2014-05-19 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-05-19 12:38 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-19 12:37 - 2014-05-19 12:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-19 09:13 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job
2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (3).exe
2014-05-19 09:08 - 2014-05-19 09:08 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2014-05-19 09:08 - 2014-05-19 09:08 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook
2014-05-19 09:08 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA
2014-05-19 09:08 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core
2014-05-19 08:20 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-19 07:49 - 2014-03-06 12:30 - 00001204 _____ () C:\Users\Marcos\Documents\FV2 friends.txt
2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe
2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe
2014-05-19 06:53 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe
2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe
2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT
2014-05-19 06:35 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos
2014-05-19 06:35 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos
2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-19 04:06 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin
2014-05-18 21:51 - 2014-03-24 11:52 - 00012800 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-18 21:50 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid
2014-05-18 20:34 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}
2014-05-18 08:31 - 2014-05-15 08:26 - 00000347 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt
2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-17 15:35 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe
2014-05-17 14:06 - 2014-04-01 11:07 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype
2014-05-17 14:06 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe
2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk
2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-17 13:52 - 2014-05-17 13:52 - 00185800 _____ (Лаборатория Касперского) C:\Users\Marcos\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-05-16 23:20 - 2013-12-04 15:48 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration
2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-05-16 14:00 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt
2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt
2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt
2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt
2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt
2014-05-15 11:38 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-05-14 18:38 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt
2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt
2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt
2014-05-13 20:21 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt
2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt
2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt
2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt
2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp4
2014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt
2014-05-10 10:52 - 2013-12-21 10:44 - 01011200 ___SH () C:\Users\Marcos\Downloads\Thumbs.db
2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt
2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)
2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt
2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt
2014-05-08 11:59 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics
2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt
2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 22:48 - 2014-05-18 17:13 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 22:48 - 2014-05-18 17:13 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 22:37 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 22:26 - 2014-05-18 17:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-05 13:10 - 2014-02-25 12:34 - 00000431 _____ () C:\Users\Marcos\Documents\Fariha.txt
2014-05-04 15:55 - 2014-04-23 14:03 - 00001080 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt
2014-05-04 14:53 - 2012-07-26 02:21 - 00031184 _____ () C:\windows\setupact.log
2014-05-04 13:17 - 2014-05-04 13:16 - 17759406 _____ () C:\Users\Marcos\Downloads\fariha video
2014-05-03 07:12 - 2014-05-03 07:12 - 00000007 _____ () C:\Users\Marcos\Documents\Ninja Kingdom hackers.txt
2014-05-02 14:46 - 2014-05-02 14:20 - 00000035 _____ () C:\Users\Marcos\Documents\fv2  inventory.txt
2014-05-01 15:37 - 2014-05-19 17:46 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 15:37 - 2012-07-26 03:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 11:00 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-1001
2014-04-29 20:03 - 2014-04-13 07:25 - 00000279 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt
2014-04-25 11:19 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
2014-04-23 06:25 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-22 00:50 - 2014-04-22 00:50 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-04-22 00:50 - 2014-04-22 00:50 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-04-22 00:50 - 2014-02-03 13:08 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-04-22 00:50 - 2014-02-03 13:08 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-04-22 00:50 - 2014-02-03 13:08 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-04-22 00:50 - 2014-02-03 13:08 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-04-22 00:50 - 2014-02-03 13:08 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-04-22 00:50 - 2014-02-03 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-19 17:12 - 2014-02-09 12:43 - 00000114 _____ () C:\Users\Marcos\Documents\Neighbor visits.txt
2014-04-19 04:39 - 2014-04-24 14:22 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-19 03:45 - 2014-04-24 14:22 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-19 03:45 - 2014-04-24 14:22 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 01:57 - 2014-04-24 14:22 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-19 01:57 - 2014-04-24 14:22 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
Some content of TEMP:
====================
C:\Users\Marcos\AppData\Local\Temp\005e84b9-9e7f-40de-9478-28faaf14d4e7.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-17 03:00
 
==================== End Of Log ============================FRST.txt

 

Link to post
Share on other sites

  • 2 weeks later...

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run FRST one more time, make sure "Addition" is checked marked under "Optional scan" Post both produced logs in next reply....

 

Kevin.....

Link to post
Share on other sites

Addition.txtDuring scan it immediately came back with this message.

1 Interrupted Action
An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use 
 
the error code to search for help with this problem.
Error 0x80030003: %1 could not be found.
 
install.rdf
Type:RDF File
Date modified: 8/22/2012 8:32 PM
Size 2.39 KB
So I clicked cancel on the message, and the scan continued.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Marcos (administrator) on MAINBRAIN on 05-06-2014 17:11:24
Running from C:\Users\Marcos\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [etMonitor] => C:\windows\etMon.exe
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marcos\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [GoogleChromeAutoLaunch_C1BC9AC30E031DFD659FEA797D292C8F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [Facebook Update] => C:\Users\Marcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-04] (Facebook Inc.)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1783906617-1284620665-1589854910-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF SelectedSearchEngine: Microsoft (Bing)
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Marcos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Marcos\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\searchplugins\bing-avast.xml
FF Extension: Exif Viewer - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-21]
FF Extension: Red1 - C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\Extensions\{CCE2B3E0-5E83-4eff-B221-214DE205AD7F}.xpi [2014-02-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03]
 
Chrome: 
=======
CHR HomePage: hxxp://home.nucomm.net/
CHR StartupUrls: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-05-19&ent=hp&u=47F7C98C8DADF29F8C5EF6537A41AA69", "hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Docs) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]
CHR Extension: (Google Drive) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (WOT) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-12-04]
CHR Extension: (YouTube) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]
CHR Extension: (GameLinkExchange.Com) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndhbffbmahdpnghifgmolgfabnpfoan [2014-06-03]
CHR Extension: (Google Search) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]
CHR Extension: (AdBlock) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-17]
CHR Extension: (avast! Online Security) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-04]
CHR Extension: (RT News) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]
CHR Extension: (Gmail) - C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-03-05] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
R3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)
R3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)
R3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt
2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-06-04 19:43 - 2014-06-04 19:44 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook
2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt
2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt
2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com
2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity
2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-03 05:48 - 2014-06-03 05:49 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe
2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt
2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe
2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe
2014-05-29 06:53 - 2013-05-16 20:49 - 03847168 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athw8x.sys
2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe
2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY
2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo
2014-05-24 22:27 - 2014-05-24 22:33 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe
2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia
2014-05-24 15:01 - 2014-06-05 11:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 15:01 - 2014-05-31 05:19 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe
2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log
2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini
2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe
2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk
2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2014-05-20 06:35 - 2012-07-26 00:26 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140520-063532.backup
2014-05-19 18:20 - 2014-05-19 18:21 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt
2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt
2014-05-19 18:14 - 2014-06-05 17:16 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt
2014-05-19 18:13 - 2014-06-05 17:15 - 00000000 ____D () C:\FRST
2014-05-19 18:11 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2014-05-19 17:46 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics
2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection
2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-19 07:22 - 2014-05-19 07:23 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe
2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe
2014-05-19 06:51 - 2014-05-20 06:50 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-19 06:51 - 2014-05-20 06:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-19 06:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-05-19 06:39 - 2014-05-19 06:41 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe
2014-05-19 06:37 - 2014-05-19 06:38 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe
2014-05-18 17:14 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-18 17:14 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-18 17:14 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-18 17:14 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-18 17:13 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-18 17:13 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-18 17:13 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-18 17:13 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-18 17:13 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-18 17:13 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-18 17:13 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-18 17:13 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-18 17:13 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-18 17:13 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-18 17:13 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-18 17:13 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-18 17:13 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-18 17:13 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-18 17:13 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-18 17:13 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-18 17:13 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-18 17:13 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-18 17:13 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-18 17:13 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-18 17:13 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-18 17:13 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-18 17:13 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-18 17:13 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-18 17:13 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-18 17:13 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-18 17:13 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-18 17:13 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-18 17:13 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-18 17:13 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-18 17:13 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-18 17:13 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-18 17:13 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-18 17:13 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-18 17:13 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-18 17:13 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-18 17:07 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-05-18 17:07 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-18 17:07 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-05-18 17:07 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-05-18 17:07 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-05-17 15:35 - 2014-05-31 14:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 15:35 - 2014-05-31 04:28 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-17 15:35 - 2014-05-31 04:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 15:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-17 15:35 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-17 15:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-17 15:30 - 2014-05-17 15:31 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe
2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk
2014-05-17 13:59 - 2014-05-17 15:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-17 13:53 - 2014-05-17 14:02 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe
2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt
2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt
2014-05-15 18:47 - 2014-05-15 19:12 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt
2014-05-15 08:26 - 2014-05-26 19:54 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt
2014-05-13 10:46 - 2014-05-14 12:06 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt
2014-05-11 15:38 - 2014-05-11 15:42 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp4
2014-05-09 11:07 - 2014-05-14 15:29 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt
2014-05-09 10:01 - 2014-05-09 10:14 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt
2014-05-08 14:04 - 2014-05-08 14:31 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt
2014-05-08 13:18 - 2014-05-08 14:23 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt
2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 17:16 - 2014-05-19 18:14 - 00021471 _____ () C:\Users\Marcos\Desktop\FRST.txt
2014-06-05 17:16 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Temp
2014-06-05 17:15 - 2014-06-05 17:15 - 00000303 _____ () C:\Users\Marcos\Documents\Malwarebyte frst.txt
2014-06-05 17:15 - 2014-05-19 18:13 - 00000000 ____D () C:\FRST
2014-06-05 17:09 - 2014-06-05 17:09 - 02068992 _____ (Farbar) C:\Users\Marcos\Downloads\FRST64.exe
2014-06-05 17:09 - 2014-05-19 18:11 - 02068992 _____ (Farbar) C:\Users\Marcos\Desktop\FRST64.exe
2014-06-05 17:03 - 2013-12-04 15:46 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 17:03 - 2013-12-04 15:20 - 01608943 _____ () C:\windows\WindowsUpdate.log
2014-06-05 17:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-05 12:11 - 2013-08-07 12:39 - 00065536 _____ () C:\windows\system32\spu_storage.bin
2014-06-05 11:53 - 2014-05-24 15:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 11:51 - 2014-04-01 11:07 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Skype
2014-06-05 11:18 - 2013-12-04 15:46 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 10:48 - 2014-02-10 20:02 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA.job
2014-06-05 09:10 - 2013-12-04 15:22 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{BF274140-FF8A-48A4-A459-06E7071757B6}
2014-06-05 03:23 - 2014-03-24 11:52 - 00016384 _____ () C:\Users\Marcos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-05 03:21 - 2013-12-21 10:44 - 01303552 ___SH () C:\Users\Marcos\Downloads\Thumbs.db
2014-06-04 20:39 - 2012-07-26 02:28 - 00876494 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-04 20:33 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-04 20:32 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-06-04 19:48 - 2014-02-10 20:02 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core.job
2014-06-04 19:44 - 2014-06-04 19:43 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Facebook
2014-06-04 19:43 - 2014-06-04 19:43 - 00501248 _____ (Facebook Inc.) C:\Users\Marcos\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-06-04 19:43 - 2014-02-10 20:02 - 00003802 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001UA
2014-06-04 19:43 - 2014-02-10 20:02 - 00003452 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1783906617-1284620665-1589854910-1001Core
2014-06-04 17:21 - 2014-04-23 14:03 - 00001282 _____ () C:\Users\Marcos\Documents\FV2 friends1.txt
2014-06-04 16:16 - 2014-03-24 11:51 - 00000000 ____D () C:\Users\Marcos\Documents\ezvid
2014-06-04 12:23 - 2014-03-06 12:30 - 00001286 _____ () C:\Users\Marcos\Documents\FV2 friends.txt
2014-06-04 10:45 - 2014-02-25 12:34 - 00000631 _____ () C:\Users\Marcos\Documents\Fariha.txt
2014-06-03 17:45 - 2013-12-04 15:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783906617-1284620665-1589854910-1001
2014-06-03 16:53 - 2013-12-05 16:54 - 00000356 _____ () C:\windows\Tasks\HPCeeScheduleForMarcos.job
2014-06-03 14:54 - 2014-06-03 14:54 - 00025288 _____ () C:\Users\Marcos\Desktop\dds.txt
2014-06-03 14:54 - 2014-06-03 14:54 - 00007104 _____ () C:\Users\Marcos\Desktop\attach.txt
2014-06-03 14:46 - 2014-06-03 14:46 - 00688992 ____R (Swearware) C:\Users\Marcos\Desktop\dds.com
2014-06-03 05:52 - 2014-06-03 05:52 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\Audacity
2014-06-03 05:51 - 2014-06-03 05:51 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-03 05:51 - 2014-06-03 05:51 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-06-03 05:51 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-03 05:49 - 2014-06-03 05:48 - 22180353 _____ (Audacity Team ) C:\Users\Marcos\Downloads\audacity-win-2.0.5.exe
2014-06-02 11:54 - 2013-12-05 16:54 - 00003172 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMarcos
2014-06-02 11:54 - 2013-12-05 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-02 11:54 - 2013-12-05 16:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-02 11:54 - 2013-12-04 15:20 - 00000000 ____D () C:\Users\Marcos
2014-06-02 07:43 - 2014-06-02 07:43 - 00001282 _____ () C:\Users\Marcos\Documents\staples rewards.txt
2014-06-01 12:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-05-31 14:00 - 2014-05-17 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 13:28 - 2014-05-31 13:28 - 02021112 _____ (Coupons.com Incorporated) C:\Users\Marcos\Downloads\couponprinter.exe
2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-31 06:45 - 2014-05-31 06:45 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Adobe
2014-05-31 05:19 - 2014-05-24 15:01 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 05:13 - 2014-01-21 20:18 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-31 05:13 - 2013-12-04 15:48 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-31 05:10 - 2014-05-19 14:21 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics
2014-05-31 05:01 - 2014-05-19 12:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-31 04:28 - 2014-05-17 15:35 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 04:28 - 2014-05-17 15:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 22:22 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-29 06:54 - 2013-08-07 12:48 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-05-29 06:53 - 2013-08-07 12:48 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-05-29 06:51 - 2013-04-10 14:20 - 00000000 ____D () C:\SWSETUP
2014-05-28 11:37 - 2014-05-28 11:37 - 00743704 _____ (Ammyy LLC) C:\Users\Marcos\Downloads\AA_v3.4.exe
2014-05-28 11:37 - 2014-05-28 11:37 - 00000000 ____D () C:\ProgramData\AMMYY
2014-05-28 01:11 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-26 19:54 - 2014-05-15 08:26 - 00000351 _____ () C:\Users\Marcos\Documents\fv2 24 hours crop.txt
2014-05-25 14:29 - 2014-05-25 14:29 - 00000061 _____ () C:\Users\Marcos\Documents\cameo.txtcameo
2014-05-24 23:34 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 22:33 - 2014-05-24 22:27 - 138197184 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_25_06_44.exe
2014-05-24 15:06 - 2014-05-24 15:06 - 00000000 ____D () C:\Users\Marcos\AppData\Local\Macromedia
2014-05-24 08:54 - 2013-04-03 19:10 - 00741544 _____ () C:\windows\PFRO.log
2014-05-24 08:29 - 2014-01-04 21:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-23 18:44 - 2014-01-21 14:15 - 00000000 ____D () C:\Users\Marcos\AppData\Local\CrashDumps
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-22 13:26 - 2014-04-13 07:25 - 00000295 _____ () C:\Users\Marcos\Documents\fv2 tree times.txt
2014-05-22 03:20 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-05-21 11:22 - 2014-05-21 11:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-21 11:22 - 2014-05-21 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 11:22 - 2014-04-01 11:07 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 11:19 - 2014-05-21 11:19 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Marcos\Downloads\SkypeSetup.exe
2014-05-20 10:10 - 2014-05-20 10:10 - 00000000 _____ () C:\windows\setupact.log
2014-05-20 10:01 - 2014-05-20 10:01 - 00001759 _____ () C:\windows\wininit.ini
2014-05-20 07:20 - 2014-05-20 07:20 - 01729768 _____ (Comfort Software Group ) C:\Users\Marcos\Downloads\FreeAlarmClockSetup.exe
2014-05-20 07:20 - 2014-05-20 07:20 - 00001090 _____ () C:\Users\Marcos\Desktop\Free Alarm Clock.lnk
2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2014-05-20 07:20 - 2014-05-20 07:20 - 00000000 ____D () C:\Program Files (x86)\FreeAlarmClock
2014-05-20 06:50 - 2014-05-19 06:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-20 06:25 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-19 18:21 - 2014-05-19 18:20 - 00045746 _____ () C:\Users\Marcos\Desktop\Addition.txt
2014-05-19 18:19 - 2014-05-19 18:19 - 00000284 _____ () C:\Users\Marcos\Documents\Farbar.txt
2014-05-19 17:51 - 2014-05-19 12:39 - 00000000 ____D () C:\ProgramData\Search Protection
2014-05-19 17:51 - 2013-12-04 15:22 - 00000000 ___RD () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-19 17:43 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-19 12:41 - 2014-05-19 12:39 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp
2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-19 07:23 - 2014-05-19 07:22 - 07267840 _____ () C:\Users\Marcos\Downloads\spybotsd_includes.exe
2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe
2014-05-19 06:51 - 2014-05-19 06:51 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-05-19 06:51 - 2014-05-19 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-19 06:41 - 2014-05-19 06:39 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Marcos\Downloads\spybot-2.3.exe
2014-05-19 06:38 - 2014-05-19 06:37 - 16409960 _____ (Safer Networking Limited ) C:\Users\Marcos\Downloads\spybotsd162.exe
2014-05-19 06:36 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-05-19 06:35 - 2013-12-05 23:57 - 00000000 ____D () C:\windows\system32\MRT
2014-05-19 06:32 - 2013-12-05 23:57 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 15:37 - 2014-05-17 13:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-17 15:35 - 2014-05-17 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 15:31 - 2014-05-17 15:30 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marcos\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-17 15:28 - 2014-05-17 15:28 - 00065232 _____ (Malwarebytes) C:\Users\Marcos\Downloads\regassassin-setup-1.03.exe
2014-05-17 14:02 - 2014-05-17 14:02 - 00001311 _____ () C:\Users\Marcos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-05-17 14:02 - 2014-05-17 13:53 - 137352128 _____ () C:\Users\Marcos\Downloads\setup_11.0.1.1245.x01_2014_05_17_20_26.exe
2014-05-17 14:00 - 2014-05-17 14:00 - 00001084 _____ () C:\Users\Marcos\Desktop\Kaspersky Security Scan.lnk
2014-05-17 13:59 - 2014-05-17 13:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-05-17 02:59 - 2014-02-03 13:08 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-05-17 02:59 - 2014-02-03 13:08 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-05-17 02:59 - 2014-02-03 13:08 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-05-16 17:57 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-16 17:55 - 2013-12-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-16 17:54 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration
2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-05-16 17:53 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-16 17:53 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-05-16 15:58 - 2014-01-21 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-16 15:31 - 2014-01-20 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-16 14:59 - 2014-04-22 00:50 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 14:59 - 2014-02-03 13:08 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-05-16 10:10 - 2014-03-07 00:19 - 00000337 _____ () C:\Users\Marcos\Documents\Gina.txt
2014-05-15 20:33 - 2014-05-15 20:33 - 00000097 _____ () C:\Users\Marcos\Documents\fv2 prized pig XP.txt
2014-05-15 19:48 - 2014-04-17 11:02 - 00000374 _____ () C:\Users\Marcos\Documents\fv2 prized sheep.txt
2014-05-15 19:13 - 2014-05-15 19:13 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 prized goat XP.txt
2014-05-15 19:12 - 2014-05-15 18:47 - 00000336 _____ () C:\Users\Marcos\Documents\fv2 goat XP.txt
2014-05-14 15:59 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-05-14 15:29 - 2014-05-09 11:07 - 00000540 _____ () C:\Users\Marcos\Documents\fv2 heirloom.txt
2014-05-14 15:01 - 2014-01-25 15:09 - 00000062 _____ () C:\Users\Marcos\Documents\Fariha phone number.txt
2014-05-14 12:06 - 2014-05-13 10:46 - 00000720 _____ () C:\Users\Marcos\Documents\fv2 neighbors.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Safe Link Enrollment number.txt
2014-05-13 15:31 - 2014-05-13 15:31 - 00000008 _____ () C:\Users\Marcos\Documents\Enrollment number.txt
2014-05-13 11:47 - 2013-12-18 09:18 - 00003311 _____ () C:\Users\Marcos\Documents\Nija Rankings.txt
2014-05-13 08:52 - 2014-04-28 17:37 - 00000184 _____ () C:\Users\Marcos\Documents\fv2 treeXP.txt
2014-05-12 22:23 - 2014-05-01 10:18 - 00000352 _____ () C:\Users\Marcos\Documents\fv2 water recipes.txt
2014-05-12 07:26 - 2014-05-17 15:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-17 15:35 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-17 15:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 15:42 - 2014-05-11 15:38 - 19453208 _____ () C:\Users\Marcos\Downloads\Las Ketchup - The Ketchup Song (Asereje) (Spanglish Version) (Official Video).mp4
2014-05-11 09:41 - 2014-04-28 12:33 - 00000733 _____ () C:\Users\Marcos\Documents\fv2 cropXP.txt
2014-05-09 10:14 - 2014-05-09 10:01 - 00000818 _____ () C:\Users\Marcos\Documents\fv2 chicken XP.txt
2014-05-09 07:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI(413)
2014-05-08 14:31 - 2014-05-08 14:04 - 00000898 _____ () C:\Users\Marcos\Documents\fv2 prized cow xp.txt
2014-05-08 14:23 - 2014-05-08 13:18 - 00001955 _____ () C:\Users\Marcos\Documents\fv2 horse XP.txt
2014-05-08 08:13 - 2013-12-04 15:46 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:13 - 2013-12-04 15:46 - 00003654 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 19:40 - 2014-05-07 19:40 - 00538206 _____ () C:\Users\Marcos\Downloads\e531192516992152.ics
2014-05-07 18:09 - 2014-04-29 17:03 - 00000528 _____ () C:\Users\Marcos\Documents\fv2 animalXP.txt
2014-05-06 00:14 - 2014-05-18 17:13 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-18 17:13 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
 
Some content of TEMP:
====================
C:\Users\Marcos\AppData\Local\Temp\Extract.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-18 17:13] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-30 12:20
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those logs, also let me know if any remaining issues or concerns...

 

Kevin

 

 

 

 

 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-06-2014

Ran by Marcos at 2014-06-07 20:13:25 Run:1

Running from C:\Users\Marcos\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File

C:\Program Files (x86)\Lavasoft

BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll No File

Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)

2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

2014-05-31 13:28 - 2014-05-31 13:28 - 00000000 ____D () C:\Program Files (x86)\Coupons

2014-05-19 14:21 - 2014-05-31 05:10 - 00000000 ____D () C:\Users\Marcos\AppData\Roaming\LavasoftStatistics

2014-05-19 12:39 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-05-19 12:39 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Search Protection

2014-05-19 12:39 - 2014-05-19 12:41 - 00000000 ____D () C:\Users\Marcos\AppData\Local\adawarebp

2014-05-19 12:39 - 2014-05-19 12:39 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner

2014-05-19 12:38 - 2014-05-31 05:01 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

2014-05-19 12:36 - 2014-05-19 12:36 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-05-19 07:18 - 2014-05-19 07:18 - 01727624 _____ () C:\Users\Marcos\Downloads\Adaware_Installer.exe

C:\Users\Marcos\AppData\Local\Temp\Extract.exe

End

*****************

 

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully.

'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully.

C:\Program Files (x86)\Lavasoft => Moved successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}' => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.

'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully.

'HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully.

'HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}'=> Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.

'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.

'HKCR\PROTOCOLS\Handler\belarc' => Key deleted successfully.

'HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}'=> Key not found.

CouponPrinterService => Service not found.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons" => File/Directory not found.

C:\Program Files (x86)\Coupons => Moved successfully.

C:\Users\Marcos\AppData\Roaming\LavasoftStatistics => Moved successfully.

C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.

C:\ProgramData\Search Protection => Moved successfully.

C:\Users\Marcos\AppData\Local\adawarebp => Moved successfully.

C:\Program Files (x86)\Toolbar Cleaner => Moved successfully.

"C:\Program Files (x86)\Lavasoft" => File/Directory not found.

C:\ProgramData\Lavasoft => Moved successfully.

C:\Users\Marcos\Downloads\Adaware_Installer.exe => Moved successfully.

C:\Users\Marcos\AppData\Local\Temp\Extract.exe => Moved successfully.

 

==== End of Fixlog ====

 


# AdwCleaner v3.212 - Report created 07/06/2014 at 20:39:31

# Updated 05/06/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Marcos - MAINBRAIN

# Running from : C:\Users\Marcos\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Marcos\AppData\LocalLow\adawaretb

Folder Deleted : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\adawaretb

File Deleted : C:\Users\Public\Desktop\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb

Key Deleted : HKLM\Software\adawaretb

Key Deleted : HKLM\Software\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\Marcos\AppData\Roaming\Mozilla\Firefox\Profiles\bx31vswy.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\Marcos\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1948 octets] - [07/06/2014 20:18:10]

AdwCleaner[s0].txt - [1891 octets] - [07/06/2014 20:39:31]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1951 octets] ##########

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by Marcos on Sat 06/07/2014 at 21:41:03.99

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{075DE3E0-9690-4BAB-9E2D-68ED939E5F39}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\ammyy"

Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Marcos\AppData\Roaming\mozilla\firefox\profiles\bx31vswy.default\minidumps [2 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/07/2014 at 21:58:33.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/7/2014

Scan Time: 10:43:40 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.08.01

Rootkit Database: v2014.06.02.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Marcos

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 264636

Time Elapsed: 14 min, 22 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Lavasoft search still starts up. :(



Link to post
Share on other sites

Where does that entry start up/from?

 

Run the following:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:regfindLavasoft*Lavasoft*Adaware*Adaware*
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Kevin....

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 03:34 on 09/06/2014 by Marcos

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "Lavasoft"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection]

"Publisher"="Lavasoft"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com]

 

Searching for "*Lavasoft*"

No data found.

 

Searching for "Adaware"

[HKEY_CURRENT_USER\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}]

"AppPath"="C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe|Name=Ad-Aware Security Add-on DTX Broker|"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_USERS\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]

 

Searching for "*Adaware*"

No data found.

 

-= EOF =-

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}][-HKEY_LOCAL_MA"AppPathCHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"=-[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"=-[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lavasoftupdate.com][-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\lavasoftupdate.com][-HKEY_CURRENT_USER\S-1-5-21-1783906617-1284620665-1589854910-1001\Software\adawaretb][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B9BF5E1-0E0E-418D-B9C7-7A7EB56B22B3}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2DE08D-AF76-42f2-80E9-E5EEE624A973}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"=-[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{54AFD7A8-13A2-4554-88A5-FB1AC6BF17D6}"=-[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{7D1E6E75-10E8-44D8-8C79-5997965BCCC7}"=-[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc][-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com][-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc][-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com][-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc][-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com][-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adaware.cc][-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adawarenow.com]:FilesC:\Program Files (x86)\Lavasoft:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log, also is there any improvement

 

Kevin...

Link to post
Share on other sites

Ran OTM, machine automatically rebooted, but after reboot went into folder, but there was no file located there. But, no longer have Lava secure search showing up and yes the computer is running faster. Still feel like something is in the system though.

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Kevin.....

Link to post
Share on other sites

C:\Users\Marcos\Downloads\AA_v3.4.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application

C:\Users\Marcos\Downloads\cbsidlm-cbsi176-CamStudio-SEO-10067101.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\Marcos\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Marcos\Downloads\Setup (1).exe Win32/OutBrowse.G potentially unwanted application
Link to post
Share on other sites

Those entries are not malicious per se, they are classed as unsafe/unwanted installers, they may have bundled unwanted extras or actions. Your choice if you want to keep them...

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

If no remaining issues or concerns are we ok to close out?

 

Thank you,

 

Kevin

Link to post
Share on other sites

Yes you can delete those files, navigate to the downloads folder, right click on each file and select "delete" ......   Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns can we close out....

 

Kevin

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.