Jump to content

Malware removal help

shwnstnsn
 Share

Recommended Posts

shwnstnsn

shwnstnsn

Posted
Posted

Hello,

I have run a full scan and malware bytes has not found malware, but I am consistently getting outbound malicious malware blocked notifications.

Also, I've noticed thT IE is running multiple processes in the background (and taking up large amounts of resources) even though I never use IE. When I stop those tasks from running, they start again within minutes.

 

Following are my frst and addition results a requested.

 

Any help would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by C. Shawn Stinson (administrator) on SHAWNSDESKTOP on 05-06-2014 19:15:20
Running from C:\Users\C. Shawn Stinson\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Linksys, a Division of Cisco Systems, Inc.) C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
() C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [3784704 2006-11-09] (Realtek Semiconductor)
HKLM\...\Run: [LaunchList] => C:\Program Files\Pinnacle\Studio 10\LaunchList.exe [50712 2007-01-04] (Pinnacle Systems)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47408 2010-06-15] (Apple Inc.)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [181544 2008-10-28] (Seagate LLC)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024 2008-06-10] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe [668328 2008-06-13] ()
HKLM\...\Run: [lxdxamon] => C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe [16040 2008-06-13] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [EasyLinkAdvisor] => C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [454784 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [Wenuehrunotekie] => "C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf\ipdybe.exe"
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\MountPoints2: {535ee08e-cce3-11dd-9382-001bb98fc6f7} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\MountPoints2: {7d8d13aa-2f39-11e0-87b5-001bb98fc6f7} - J:\LaunchU3.exe -a
Startup: C:\Users\C. Shawn Stinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\C. Shawn Stinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x927E8FF61A81CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-11-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (getPlusPlus for Adobe 16248) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-11]
CHR Extension: (Google Drive) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-11]
CHR Extension: (Google Search) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-11]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [156968 2008-10-28] (Seagate Technology LLC)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1682768 2014-05-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-15] (LogMeIn, Inc.)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
S2 lxdxCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [98984 2008-02-27] (Lexmark International, Inc.)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [594600 2008-02-27] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 stdhddav; \??\C:\Windows\system32\drivers\stdhddav.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 19:15 - 2014-06-05 19:15 - 00025234 _____ () C:\Users\C. Shawn Stinson\Downloads\FRST.txt
2014-06-05 19:14 - 2014-06-05 19:15 - 00000000 ____D () C:\FRST
2014-06-05 19:14 - 2014-06-05 19:14 - 01059840 _____ (Farbar) C:\Users\C. Shawn Stinson\Downloads\FRST.exe
2014-05-31 11:45 - 2014-06-05 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 11:45 - 2014-05-31 11:45 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 11:44 - 2014-05-31 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 11:44 - 2014-05-31 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 11:44 - 2014-05-31 11:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-31 11:44 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 11:44 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-31 11:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-31 11:42 - 2014-05-31 11:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C. Shawn Stinson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 01:07 - 2014-05-26 01:08 - 00000000 ____D () C:\SIERRA
2014-05-25 21:35 - 2014-05-25 21:35 - 00002035 _____ () C:\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk
2014-05-25 21:34 - 2014-05-25 21:34 - 00000000 _____ () C:\Windows\PowerReg.dat
2014-05-25 21:32 - 2014-05-25 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
2014-05-25 21:32 - 2014-05-25 21:32 - 00000000 ____D () C:\Program Files\Infogrames Interactive
2014-05-23 19:42 - 2014-05-23 19:42 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\AVG2014
2014-05-23 19:41 - 2014-05-23 19:41 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-23 19:41 - 2014-05-23 19:41 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\TuneUp Software
2014-05-23 19:41 - 2014-05-23 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-23 19:40 - 2014-05-23 19:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-23 19:40 - 2014-05-23 19:40 - 00000000 ___HD () C:\$AVG
2014-05-23 19:39 - 2014-05-23 19:39 - 00000000 ____D () C:\Program Files\AVG
2014-05-23 19:27 - 2014-06-05 18:13 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-23 19:27 - 2014-05-23 19:50 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\Avg2014
2014-05-23 19:27 - 2014-05-23 19:27 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\MFAData
2014-05-23 19:26 - 2014-05-23 19:27 - 04485528 _____ (AVG Technologies) C:\Users\C. Shawn Stinson\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-23 19:01 - 2014-05-23 19:03 - 26908896 _____ (Microsoft Corporation) C:\Users\C. Shawn Stinson\Downloads\Windows-KB890830-V5.12.exe
2014-05-23 18:04 - 2014-05-23 18:04 - 00659968 _____ () C:\Users\C. Shawn Stinson\Downloads\MicrosoftFixit50195.msi
2014-05-23 17:56 - 2014-05-31 11:45 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-23 12:29 - 2014-05-23 12:35 - 101446936 _____ (Microsoft Corporation) C:\Users\C. Shawn Stinson\Downloads\msert.exe
2014-05-20 18:16 - 2014-05-20 18:16 - 00000104 _____ () C:\Users\C. Shawn Stinson\Documents\Network - Shortcut.lnk
2014-05-16 23:32 - 2014-05-16 23:32 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAKE - id STUFF
2014-05-16 23:32 - 2014-05-16 23:32 - 00000000 ____D () C:\IDSTUFF
2014-05-16 22:35 - 2014-05-23 18:13 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf
2014-05-15 03:28 - 2014-05-15 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-15 03:28 - 2014-05-15 03:28 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-05-15 03:04 - 2014-05-15 03:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 03:02 - 2014-05-05 18:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:02 - 2014-05-05 18:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:02 - 2014-05-05 18:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:01 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-09 21:53 - 2014-05-26 01:03 - 00000000 ____D () C:\oldgames
2014-05-09 21:52 - 2014-05-09 21:52 - 00000000 ____D () C:\Users\C. Shawn Stinson\oldgames
2014-05-09 00:32 - 2014-05-09 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-09 00:31 - 2014-05-09 00:32 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-09 00:31 - 2014-05-09 00:32 - 00000000 ____D () C:\Program Files\iTunes
2014-05-09 00:20 - 2014-05-09 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-09 00:20 - 2014-05-09 00:20 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-08 01:06 - 2014-05-08 01:06 - 01448809 _____ (DOSBox Team) C:\Users\C. Shawn Stinson\Downloads\DOSBox0.74-win32-installer.exe
2014-05-08 01:06 - 2014-05-08 01:06 - 00001703 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\DOSBox
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\Program Files\DOSBox-0.74
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 19:15 - 2014-06-05 19:15 - 00025234 _____ () C:\Users\C. Shawn Stinson\Downloads\FRST.txt
2014-06-05 19:15 - 2014-06-05 19:14 - 00000000 ____D () C:\FRST
2014-06-05 19:15 - 2007-12-13 03:25 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\Temp
2014-06-05 19:14 - 2014-06-05 19:14 - 01059840 _____ (Farbar) C:\Users\C. Shawn Stinson\Downloads\FRST.exe
2014-06-05 19:11 - 2013-01-10 22:40 - 00004589 _____ () C:\Windows\IE9_main.log
2014-06-05 19:06 - 2013-05-10 23:52 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 19:03 - 2013-01-11 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 19:03 - 2006-11-02 07:52 - 01287304 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 19:03 - 2006-11-02 05:33 - 00006564 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 18:39 - 2013-06-29 18:59 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\LogMeIn Hamachi
2014-06-05 18:37 - 2014-05-31 11:45 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 18:33 - 2013-05-10 23:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 18:33 - 2007-12-18 05:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 18:33 - 2007-12-13 03:14 - 00590196 _____ () C:\Windows\PFRO.log
2014-06-05 18:33 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 18:33 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 18:33 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 18:31 - 2006-11-02 08:01 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 18:13 - 2014-05-23 19:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-03 22:24 - 2006-11-02 07:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-02 20:21 - 2013-01-21 19:36 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-01 03:00 - 2008-01-03 23:18 - 00000568 _____ () C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - C. Shawn Stinson.job
2014-05-31 13:10 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\MSAgent
2014-05-31 11:45 - 2014-05-31 11:45 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-31 11:45 - 2014-05-31 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-31 11:45 - 2014-05-23 17:56 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-31 11:44 - 2014-05-31 11:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 11:44 - 2014-05-31 11:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-31 11:43 - 2014-05-31 11:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\C. Shawn Stinson\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-31 11:23 - 2007-12-27 01:42 - 00003384 _____ () C:\Users\C. Shawn Stinson\AppData\Local\d3d9caps.dat
2014-05-26 01:08 - 2014-05-26 01:07 - 00000000 ____D () C:\SIERRA
2014-05-26 01:08 - 2007-12-24 04:41 - 00000781 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Sierra Utilities.lnk
2014-05-26 01:08 - 2007-12-24 04:39 - 00000590 _____ () C:\Windows\SIERRA.INI
2014-05-26 01:03 - 2014-05-09 21:53 - 00000000 ____D () C:\oldgames
2014-05-25 21:35 - 2014-05-25 21:35 - 00002035 _____ () C:\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk
2014-05-25 21:34 - 2014-05-25 21:34 - 00000000 _____ () C:\Windows\PowerReg.dat
2014-05-25 21:32 - 2014-05-25 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive
2014-05-25 21:32 - 2014-05-25 21:32 - 00000000 ____D () C:\Program Files\Infogrames Interactive
2014-05-25 21:32 - 2007-12-14 01:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-24 21:40 - 2007-12-15 23:37 - 00207360 _____ () C:\Users\C. Shawn Stinson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-24 21:10 - 2013-05-10 23:55 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 19:50 - 2014-05-23 19:27 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\Avg2014
2014-05-23 19:42 - 2014-05-23 19:42 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\AVG2014
2014-05-23 19:42 - 2014-05-23 19:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-23 19:41 - 2014-05-23 19:41 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-23 19:41 - 2014-05-23 19:41 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\TuneUp Software
2014-05-23 19:41 - 2014-05-23 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-23 19:40 - 2014-05-23 19:40 - 00000000 ___HD () C:\$AVG
2014-05-23 19:39 - 2014-05-23 19:39 - 00000000 ____D () C:\Program Files\AVG
2014-05-23 19:27 - 2014-05-23 19:27 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\MFAData
2014-05-23 19:27 - 2014-05-23 19:26 - 04485528 _____ (AVG Technologies) C:\Users\C. Shawn Stinson\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-05-23 19:03 - 2014-05-23 19:01 - 26908896 _____ (Microsoft Corporation) C:\Users\C. Shawn Stinson\Downloads\Windows-KB890830-V5.12.exe
2014-05-23 18:22 - 2011-01-11 19:42 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-05-23 18:13 - 2014-05-16 22:35 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf
2014-05-23 18:04 - 2014-05-23 18:04 - 00659968 _____ () C:\Users\C. Shawn Stinson\Downloads\MicrosoftFixit50195.msi
2014-05-23 12:35 - 2014-05-23 12:29 - 101446936 _____ (Microsoft Corporation) C:\Users\C. Shawn Stinson\Downloads\msert.exe
2014-05-20 18:16 - 2014-05-20 18:16 - 00000104 _____ () C:\Users\C. Shawn Stinson\Documents\Network - Shortcut.lnk
2014-05-16 23:32 - 2014-05-16 23:32 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAKE - id STUFF
2014-05-16 23:32 - 2014-05-16 23:32 - 00000000 ____D () C:\IDSTUFF
2014-05-15 05:03 - 2013-01-11 22:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 05:03 - 2013-01-11 22:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 03:40 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 03:28 - 2014-05-15 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-15 03:28 - 2014-05-15 03:28 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-05-15 03:28 - 2013-10-05 01:59 - 00000807 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-05-15 03:09 - 2013-07-19 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:09 - 2008-10-23 06:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 03:04 - 2014-05-15 03:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 07:26 - 2014-05-31 11:44 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-31 11:44 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-31 11:44 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 08:01 - 2014-03-29 19:25 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.dreamcraft
2014-05-10 08:01 - 2014-03-29 18:36 - 00000000 ____D () C:\VoidLauncher
2014-05-10 08:01 - 2014-03-29 18:36 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.electriciansjourney
2014-05-10 08:00 - 2014-04-03 16:30 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.aethericcrusade
2014-05-10 07:59 - 2014-03-29 19:48 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.crazycraft
2014-05-10 07:59 - 2013-01-19 10:53 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.minecraft
2014-05-10 07:54 - 2014-03-29 18:36 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Roaming\.beta-jurassiccraft
2014-05-09 23:46 - 2008-06-09 21:49 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-05-09 21:59 - 2007-12-20 22:26 - 00000000 ____D () C:\Program Files\blood
2014-05-09 21:55 - 2007-12-20 22:26 - 00002855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood v1.0.pif
2014-05-09 21:52 - 2014-05-09 21:52 - 00000000 ____D () C:\Users\C. Shawn Stinson\oldgames
2014-05-09 21:52 - 2007-12-13 03:25 - 00000000 ____D () C:\Users\C. Shawn Stinson
2014-05-09 00:32 - 2014-05-09 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-09 00:32 - 2014-05-09 00:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-05-09 00:32 - 2014-05-09 00:31 - 00000000 ____D () C:\Program Files\iTunes
2014-05-09 00:32 - 2013-01-12 08:54 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-09 00:31 - 2008-01-01 08:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-09 00:31 - 2007-12-14 01:38 - 00000000 ____D () C:\Program Files\iPod
2014-05-09 00:27 - 2008-01-01 08:40 - 00000000 ____D () C:\ProgramData\Apple
2014-05-09 00:20 - 2014-05-09 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-09 00:20 - 2014-05-09 00:20 - 00000000 ____D () C:\Program Files\QuickTime
2014-05-09 00:18 - 2013-01-11 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-05-08 01:06 - 2014-05-08 01:06 - 01448809 _____ (DOSBox Team) C:\Users\C. Shawn Stinson\Downloads\DOSBox0.74-win32-installer.exe
2014-05-08 01:06 - 2014-05-08 01:06 - 00001703 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\Users\C. Shawn Stinson\AppData\Local\DOSBox
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2014-05-08 01:06 - 2014-05-08 01:06 - 00000000 ____D () C:\Program Files\DOSBox-0.74
 
Some content of TEMP:
====================
C:\Users\C. Shawn Stinson\AppData\Local\Temp\bfc_check.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\EREGLIB.DLL
C:\Users\C. Shawn Stinson\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\MSN3D3F.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\ose00000.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\SETUPL.DLL
C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf16.dll
C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf32.dll
C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntfNT.dll
C:\Users\C. Shawn Stinson\AppData\Local\Temp\smplayer-0.6.9-win32.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\C. Shawn Stinson\AppData\Local\Temp\wget.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\_is6964.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\_isC122.exe
C:\Users\C. Shawn Stinson\AppData\Local\Temp\_SETUP.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-06-05 18:45
 
==================== End Of Log ============================
 
 
Addition....
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by C. Shawn Stinson at 2014-06-05 19:16:39
Running from C:\Users\C. Shawn Stinson\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
123CopyDVDGold (HKLM\...\123CopyDVDGold 2010) (Version: 2010 - Bling Software Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader for Palm OS 2.0 (HKCU\...\Acrobat Reader for Palm OS) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Reader for Palm OS, 3.05 (HKCU\...\Adobe Reader for Palm OS) (Version:  - )
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Blood (HKLM\...\Blood) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Camera WIA Driver (Version: 5.0.0 - Canon) Hidden
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver (HKLM\...\InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}) (Version: 5.0.0 - Canon)
Canon PhotoRecord (HKLM\...\PhotoRecord) (Version:  - )
Canon PowerShot G3 WIA Driver (HKLM\...\InstallShield_{B94061DC-B2BB-42F7-800D-BCBF678AA8B3}) (Version: 5.0.0 - Canon)
Canon PowerShot S45 WIA Driver (HKLM\...\InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}) (Version: 5.0.0 - Canon)
Canon Utilities File Viewer Utility 1.2 (HKLM\...\InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}) (Version: 1.2 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM\...\InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}) (Version: 2.7.0 - Canon)
City of Heroes (remove only) (HKLM\...\COH) (Version:  - )
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC (HKLM\...\{65563451-00B6-458C-9F9A-03A7757355A6}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D-Fend Reloaded 1.3.6 (deinstall) (HKLM\...\D-Fend Reloaded) (Version: 1.3.6 - Alexander Herzog)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9 - Gteko Ltd.) Hidden
Evernote (HKLM\...\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}) (Version: 3.1.0.1225 - Evernote)
File Viewer Utility 1.2 (Version: 1.2 - Canon) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Half-Life (HKLM\...\Half-Life) (Version:  - )
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
Handmark Solitaire (HKLM\...\Handmark Solitaire) (Version:  - )
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
InterVideo MP3 XPack (HKLM\...\{99755640-9633-11D5-AB3C-0050DAB311CC}) (Version: 1.2 - InterVideo Inc.)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iPod for Windows 2006-01-10 (HKLM\...\InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-01-10 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)
Linksys EasyLink Advisor 1.6 (0044) (HKLM\...\EasyLinkAdvisor) (Version:  - )
Logitech Audio Echo Cancellation Component (Version: 10.51.2027 - Logitech Inc.) Hidden
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_10.51) (Version:  - )
Logitech QuickCam (HKLM\...\{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}) (Version: 11.50.1169 - Logitech Inc.)
Logitech QuickCam Driver Package (HKLM\...\lvdrivers_11.50) (Version:  - )
Logitech Video Enumerator (Version: 10.51.2027 - Logitech Inc.) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maximized Software iCoverArt (HKLM\...\{891B4BD7-98FE-427E-BD56-D3B4BEFDF864}) (Version: 1.1 - Maximized Software)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 6.3 (HKLM\...\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}) (Version: 6.30.191.0 - Microsoft)
Microsoft IntelliType Pro 6.3 (HKLM\...\{02F6993D-B763-4F40-8F93-2A9CD97586E3}) (Version: 6.30.191.0 - Microsoft)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (Version: 17.0.0.1414 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Publisher 97 (HKLM\...\MSPUB4) (Version:  - )
Microsoft Return of Arcade (HKLM\...\Return of Arcade) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2009 (HKLM\...\{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}) (Version: 16.0.18.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM\...\{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}) (Version: 2.01.07.10 - Novatel Wireless)
MobileMe Control Panel (HKLM\...\{7F815C5F-D2A4-4173-B7C0-55A9D6F87E38}) (Version: 3.1.0.14 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MVision (Version: 10.51.2027 - Logitech Inc.) Hidden
Netflix in Windows Media Center (HKLM\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{DD1865F0-AD73-40FB-B23E-1822E02396FF}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PCI Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version:  - )
Pinnacle Systems USB-2 Device Drivers (HKLM\...\{9870C7AE-7C6A-478D-9A75-35827382220F}) (Version: 2.00.0014 - Pinnacle Systems)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5322 - Realtek Semiconductor Corp.)
Recover Files 3.29 (HKLM\...\Recover Files_is1) (Version:  - Undelete & Unerase, Inc.)
RemoteCapture 2.7.0 (Version: 2.7.0 - Canon) Hidden
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
Seagate Manager Installer (HKLM\...\InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}) (Version: 2.01.0048 - Seagate)
Seagate Manager Installer (Version: 2.01.0048 - Seagate) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SimCity 2000® Special Edition (HKLM\...\SimCity2000CDv1) (Version:  - )
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Studio 10 (HKLM\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.5 - Pinnacle Systems)
Studio 10.8 Patch (Version: 10.8.0.4641 - Pinnacle Systems) Hidden
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.3.1 - Helios)
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2009 waliper (Version: 009.000.0693 - Intuit Inc.) Hidden
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 waliper (Version: 012.000.1471 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 waliper (Version: 013.000.1343 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wmsiper (Version: 013.000.1272 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Easy Transfer Companion (Beta) (HKLM\...\{B139DD51-C3F1-4583-98B4-D35F64EA847F}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM\...\ZMBV) (Version:  - DOSBox Team)
 
==================== Restore Points  =========================
 
17-05-2014 04:36:39 Installed Star Wars®: Knights of the Old Republic
18-05-2014 05:00:05 Scheduled Checkpoint
23-05-2014 23:05:10 Installed Microsoft Fix it 50195
23-05-2014 23:35:58 Windows Update
24-05-2014 00:39:13 Installed AVG 2014
24-05-2014 00:39:51 Installed AVG 2014
25-05-2014 03:27:37 Removed Bing Bar
25-05-2014 19:56:54 Scheduled Checkpoint
26-05-2014 02:32:16 Installed RollerCoaster Tycoon 2
27-05-2014 02:21:00 Scheduled Checkpoint
28-05-2014 05:00:01 Scheduled Checkpoint
29-05-2014 06:19:07 Scheduled Checkpoint
30-05-2014 01:28:29 Scheduled Checkpoint
31-05-2014 05:00:03 Scheduled Checkpoint
31-05-2014 17:33:17 Scheduled Checkpoint
05-06-2014 06:01:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0948BE21-8B74-49A6-A03B-28FBDF9D7ADE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {37C7D8A1-5B34-4A30-A9FF-C1D804F8DB5F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2008-06-10] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4F3A2605-41E9-4B11-92ED-DBC58E08FE7E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F19EBDF-0506-4813-8365-305081E9293A} - System32\Tasks\Norton Internet Security - Run Full System Scan - C. Shawn Stinson => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: {8903F489-31A7-42D8-9167-E8786B615F7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {99CD4846-E76F-4545-9663-F3AB0D067FF5} - \Security Center Update - 3566915613 No Task File <==== ATTENTION
Task: {B8FF146A-9ADF-412B-A4E0-DCB551635605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {C80E403C-CD88-4EF7-AF77-63807FADE062} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2008-06-10] (Microsoft Corporation)
Task: {CEAAB777-9823-4135-B355-62408E015447} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DC175BAB-B103-48E8-A3D6-0414B9B92915} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F2C51300-8D74-4277-A1B3-FDA1BE285104} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - C. Shawn Stinson.job => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{5F21A599-F43B-40A5-A808-F1E341DB00FF}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-21 19:36 - 2008-02-27 19:15 - 00115200 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdxdrpp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-10-19 13:17 - 2007-10-19 13:17 - 00068120 _____ () C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
2007-10-25 16:33 - 2007-10-25 16:33 - 00563984 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2007-10-25 16:33 - 2007-10-25 16:33 - 00344336 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
2007-10-25 16:33 - 2007-10-25 16:33 - 00167184 _____ () C:\Program Files\Logitech\QuickCam\EFVal.dll
2007-10-25 16:34 - 2007-10-25 16:34 - 00138000 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
2007-10-25 16:34 - 2007-10-25 16:34 - 00165136 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
2007-10-25 16:35 - 2007-10-25 16:35 - 00149264 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
2007-10-25 16:37 - 2007-10-25 16:37 - 02178832 _____ () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2007-10-25 16:44 - 2007-10-25 16:44 - 00103184 _____ () C:\Program Files\Logitech\QuickCam\LAppRes.dll
2013-01-21 19:33 - 2008-06-13 11:04 - 00668328 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
2013-01-21 19:33 - 2008-06-13 10:11 - 00380928 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxscw.dll
2013-01-21 19:34 - 2008-02-27 19:02 - 00589824 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdxdatr.dll
2013-01-21 19:34 - 2008-02-27 19:02 - 00073728 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdxcats.dll
2013-01-21 19:33 - 2008-06-13 10:11 - 00782336 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxDRS.dll
2013-01-21 19:33 - 2008-06-13 10:11 - 00081920 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxcaps.dll
2013-01-21 19:33 - 2008-06-13 10:03 - 00069632 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxcnv4.dll
2013-01-21 19:33 - 2008-06-13 11:04 - 00025256 _____ () C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
2013-01-21 19:33 - 2008-02-27 18:40 - 00028672 _____ () C:\Program Files\Lexmark 3600-4600 Series\App4R.Monitor.Common.dll
2013-01-21 19:33 - 2008-02-27 18:40 - 00036864 _____ () C:\Program Files\Lexmark 3600-4600 Series\App4R.Monitor.Core.dll
2013-01-21 19:33 - 2008-02-27 18:40 - 00061440 _____ () C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.dll
2013-01-21 19:33 - 2007-11-22 11:55 - 00011776 _____ () C:\Program Files\Lexmark 3600-4600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2010-03-20 21:58 - 2010-03-20 21:58 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-20 21:58 - 2010-03-20 21:58 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-05-24 21:10 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 21:10 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 21:10 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/05/2014 07:03:55 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
 
Error: (06/05/2014 07:03:55 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
 
Error: (06/05/2014 06:39:15 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
 
Error: (06/05/2014 06:39:15 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
 
Error: (06/05/2014 05:51:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Flash32_13_0_0_214.ocx, version 13.0.0.214, time stamp 0x5359c422, exception code 0xc0000005, fault offset 0x0020ca1d,
process id 0x3b90, application start time 0xiexplore.exe0.
 
Error: (06/05/2014 05:49:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\C. SHAWN STINSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KPF3HAZQ\WWW.DAILYMOTION.COM\COM.DM.PLAYER.SOL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/05/2014 05:49:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\C. SHAWN STINSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KPF3HAZQ\WWW.DAILYMOTION.COM\COM.DM.PLAYER.SOL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/05/2014 03:06:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\C. SHAWN STINSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS-JP.JWPSRV.COM\SETTINGS.SOL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/05/2014 03:06:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\C. SHAWN STINSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS-JP.JWPSRV.COM\SETTINGS.SOL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/05/2014 02:43:08 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\C. SHAWN STINSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#SECUREPATHS.COM\SETTINGS.SOL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (06/05/2014 07:02:44 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 002129E556F6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (06/05/2014 06:38:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (06/05/2014 06:38:31 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (06/05/2014 06:36:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (06/05/2014 06:36:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LogMeIn Hamachi Tunneling Engine%%1053
 
Error: (06/05/2014 06:36:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000LogMeIn Hamachi Tunneling Engine
 
Error: (06/05/2014 06:36:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxdxCATSCustConnectService%%1053
 
Error: (06/05/2014 06:36:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxdxCATSCustConnectService
 
Error: (06/05/2014 06:32:27 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error: (06/05/2014 06:32:27 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2014 11:54:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/23/2013 04:19:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/15/2013 08:50:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 45008 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 07:38:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:11:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:06:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:05:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:04:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:03:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 06:03:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-05 19:18:08.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:18:07.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:18:07.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:18:06.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:50.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:50.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:49.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:49.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:49.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-05 19:17:48.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 3069.76 MB
Available physical RAM: 1608.14 MB
Total Pagefile: 6359.57 MB
Available Pagefile: 4745.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:131.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: ED697C68)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites
shwnstnsn

shwnstnsn

Posted
  • Author
Posted

I think I've done most everything as requested. The only issue I know of is that Junkwear removal tool would scan, complete then just shut down. Not log was produced.

 Here are all the other results. Thanks!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014

Ran by C. Shawn Stinson at 2014-06-06 16:55:45 Run:1

Running from C:\Users\C. Shawn Stinson\Downloads

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\Run: [Wenuehrunotekie] => "C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf\ipdybe.exe"

C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf

HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\MountPoints2: {535ee08e-cce3-11dd-9382-001bb98fc6f7} - J:\LaunchU3.exe -a

HKU\S-1-5-21-1978926973-619447027-613512027-1000\...\MountPoints2: {7d8d13aa-2f39-11e0-87b5-001bb98fc6f7} - J:\LaunchU3.exe -a

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\C. Shawn Stinson\AppData\Local\Temp\bfc_check.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\EREGLIB.DLL

C:\Users\C. Shawn Stinson\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\MSN3D3F.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\ose00000.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SETUPL.DLL

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf16.dll

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf32.dll

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntfNT.dll

C:\Users\C. Shawn Stinson\AppData\Local\Temp\smplayer-0.6.9-win32.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

C:\Users\C. Shawn Stinson\AppData\Local\Temp\wget.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_is6964.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_isC122.exe

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_SETUP.EXE

SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION

Task: {99CD4846-E76F-4545-9663-F3AB0D067FF5} - \Security Center Update - 3566915613 No Task File <==== ATTENTION

End

*****************

 

HKU\S-1-5-21-1978926973-619447027-613512027-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wenuehrunotekie => value deleted successfully.

C:\Users\C. Shawn Stinson\AppData\Roaming\Merexyf => Moved successfully.

'HKU\S-1-5-21-1978926973-619447027-613512027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535ee08e-cce3-11dd-9382-001bb98fc6f7}' => Key deleted successfully.

'HKCR\CLSID\{535ee08e-cce3-11dd-9382-001bb98fc6f7}'=> Key not found.

'HKU\S-1-5-21-1978926973-619447027-613512027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d8d13aa-2f39-11e0-87b5-001bb98fc6f7}' => Key deleted successfully.

'HKCR\CLSID\{7d8d13aa-2f39-11e0-87b5-001bb98fc6f7}'=> Key not found.

'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\bfc_check.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\EREGLIB.DLL => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\MSN3D3F.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SETUPL.DLL => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf16.dll => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntf32.dll => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\SIntfNT.dll => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\smplayer-0.6.9-win32.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\wget.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_is6964.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_isC122.exe => Moved successfully.

C:\Users\C. Shawn Stinson\AppData\Local\Temp\_SETUP.EXE => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99CD4846-E76F-4545-9663-F3AB0D067FF5}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CD4846-E76F-4545-9663-F3AB0D067FF5}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3566915613' => Key deleted successfully.

 

==== End of Fixlog ====

 

# AdwCleaner v3.212 - Report created 06/06/2014 at 17:00:00

# Updated 05/06/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : C. Shawn Stinson - SHAWNSDESKTOP

# Running from : C:\Users\C. Shawn Stinson\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\OApps

File Deleted : C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[ File : C:\Users\C. Shawn Stinson\AppData\Roaming\Mozilla\Firefox\Profiles\n9svwns2.default\prefs.js ]

 

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\C. Shawn Stinson\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP589AD5F4-DD2E-4228-B21D-CCD64A38C22D&q={searchTerms}&SSPV=

Deleted [search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=shadow+recruit&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

 

*************************

 

AdwCleaner[R0].txt - [1705 octets] - [06/06/2014 16:58:09]

AdwCleaner[s0].txt - [2261 octets] - [06/06/2014 17:00:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2321 octets] ##########

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/6/2014

Scan Time: 5:16:04 PM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.06.06.09

Rootkit Database: v2014.06.02.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: C. Shawn Stinson

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 288217

Time Elapsed: 16 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : C. Shawn Stinson [Admin rights]

Mode : Scan -- Date : 06/06/2014  18:01:02

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1978926973-619447027-613512027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1978926973-619447027-613512027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

[suspicious.Path] \\{6AC1C627-31CB-4ADA-8DAD-22039726082D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\C. Shawn Stinson\Downloads\forge-1.7.2-10.12.0.1024-installer-win (1).exe" -d "C:\Users\C. Shawn Stinson\Downloads") -> FOUND

[suspicious.Path] \\{D26C35AC-3837-4663-B3C5-F1A0A00FACF7} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\C. Shawn Stinson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO6N1OJJ\EarthLinkMailSetup[1].exe" -d "C:\Users\C. Shawn Stinson") -> FOUND

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

 

¤¤¤ Antirootkit : 10 ¤¤¤

[EAT:Addr] (explorer.exe) EhStorAPI.dll - AdviseHook : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bbaf09

[EAT:Addr] (explorer.exe) EhStorAPI.dll - DllCanUnloadNow : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bb1a6f

[EAT:Addr] (explorer.exe) EhStorAPI.dll - DllGetClassObject : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bb9cd3

[EAT:Addr] (explorer.exe) EhStorAPI.dll - DllRegisterServer : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bc8625

[EAT:Addr] (explorer.exe) EhStorAPI.dll - DllUnregisterServer : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bc8649

[EAT:Addr] (explorer.exe) EhStorAPI.dll - EndCaretTracking : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bc8cb9

[EAT:Addr] (explorer.exe) EhStorAPI.dll - ProcessCaretEvents : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bb1b73

[EAT:Addr] (explorer.exe) EhStorAPI.dll - ProcessCiceroCaretEvent : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bbb7f3

[EAT:Addr] (explorer.exe) EhStorAPI.dll - StartCaretTracking : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bbaf76

[EAT:Addr] (explorer.exe) EhStorAPI.dll - UnadviseHook : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll @ 0x76bc23f6

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00JS-22PDB0 SCSI Disk Device +++++

--- User ---

[MBR] f4534cf77d3f11036a6bb232664b58e1

[bSP] 56ce3eacdf7ebed4c47d5b3c094dc5be : Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

What is the current status of your system, are there any remaining issues or concerns.....

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

Link to post
Share on other sites
shwnstnsn

shwnstnsn

Posted
  • Author
Posted

My original symptoms seemed to have stopped, but I ran the Eset scan anyway.

 

It found 3 viruses. Here are the results...

C:\Users\C. Shawn Stinson\Documents\Downloads\kmd.exe a variant of Win32/Adware.Kazaa.A application
C:\Users\C. Shawn Stinson\Downloads\cbsidlm-tr1_10a-Recover_Files-ORG-10715455.exe Win32/DownloadAdmin.G potentially unwanted application
Operating memory a variant of Win32/Rovnix.R trojan
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe 

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
     
    :FilesC:\Users\C. Shawn Stinson\Documents\Downloads\kmd.exe C:\Users\C. Shawn Stinson\Downloads\cbsidlm-tr1_10a-Recover_Files-ORG-10715455.exe:Commands[EmptyTemp][Reboot]
     
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can be found here:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log, let me know if any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept