mom2mny Posted August 6, 2014 ID:863236 Share Posted August 6, 2014 My computer is infected with something. I've used malware-bytes but when the computer restarts it all comes back.I have attached the malware-bytes log and the rogue killer report. The following are the DDS reports: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.17028Run by Lisa at 11:37:11 on 2014-08-06Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3965.2776 [GMT -4:00].AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\dwm.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\AdminService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Windows\system32\dashost.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhostex.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXEC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.comuURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dllmWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dllBHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dllEB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [GoogleChromeAutoLaunch_A963AF10D41C891DDF74F25191F896A3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logonmRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabTCP: NameServer = 208.95.136.4 208.95.136.5TCP: Interfaces\{ABB5FA9F-0AFC-4DDF-8737-94E7827DEAC4} : DHCPNameServer = 208.95.136.4 208.95.136.5Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dllAppInit_DLLs= C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\program filesSSODL: WebCheck - <orphaned> DDS attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 9/12/2013 7:15:08 PMSystem Uptime: 8/6/2014 11:30:26 AM (0 hours ago).Motherboard: Dell Inc. | | Type2 - Board Product Name1Processor: Intel® Pentium® CPU 2117U @ 1.80GHz | U3E1 | 1800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 465 GiB total, 426.975 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP86: 7/19/2014 10:51:51 AM - Windows UpdateRP87: 7/23/2014 11:52:50 AM - Windows UpdateRP89: 7/28/2014 3:00:01 AM - Windows UpdateRP90: 7/31/2014 10:33:50 PM - Windows UpdateRP91: 8/4/2014 10:00:09 AM - Windows Update.==== Installed Programs ======================.Adobe Reader XI (11.0.07)Apple Application SupportApple Mobile Device SupportApple Software UpdateAviraAvira Free AntivirusBelarc Advisor 8.3BonjourCanon Easy-WebPrint EXCanon IJ Network Scanner Selector EXCanon IJ Network ToolCanon IJ Scan UtilityCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MX920 series MP DriversCanon MX920 series On-screen ManualCanon MX920 series User RegistrationCanon My PrinterCanon Quick MenuCanon Speed Dial UtilityCCleanerCoupon Printer for WindowsExpert PDF 7 ReaderGoogle ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® Trusted Connect Service ClientiTunesMalwarebytes Anti-Malware version 2.0.2.1012Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219QuickTime 7Realtek USB 2.0 Card Reader.==== Event Viewer Messages From Past Week ========.8/6/2014 9:40:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.8/6/2014 11:31:55 AM, Error: Service Control Manager [7034] - The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).8/6/2014 11:31:43 AM, Error: Service Control Manager [7031] - The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.8/6/2014 11:31:31 AM, Error: Service Control Manager [7031] - The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.8/6/2014 11:31:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect.8/6/2014 11:31:19 AM, Error: Service Control Manager [7000] - The Avira Real-Time Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/6/2014 11:31:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect.8/6/2014 11:31:04 AM, Error: Service Control Manager [7000] - The Avira Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Thank you for any help you can offer..==== End Of File =========================== RKreport_SCN_08062014_132848.logmalware.txt Link to post Share on other sites More sharing options...
deeprybka Posted August 6, 2014 ID:863238 Share Posted August 6, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges. Make sure the option Addition.txt is checked and press the Scan button. When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from. Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
mom2mny Posted August 6, 2014 Author ID:863242 Share Posted August 6, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Lisa (administrator) on LAPTOP on 06-08-2014 14:02:20Running from C:\Users\Lisa\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Windows\System32\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3011618588-1290325941-1597316452-1001\...\Run: [GoogleChromeAutoLaunch_A963AF10D41C891DDF74F25191F896A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not FoundAppInit_DLLs: C:\Program Files => C:\Program Files [0 2014-05-30] ()AppInit_DLLs-x32: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not FoundAppInit_DLLs-x32: c:\program files => c:\program files [0 2014-05-30] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB657043B0FB0CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {59947972-4999-49F1-8C01-57891CB54BBB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140312,20028,0,25,0BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Tcpip\Parameters: [DhcpNameServer] 208.95.136.4 208.95.136.5 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpi Chrome: =======CHR NewTab: "chrome-extension://kamaleideepgjgcjbjhamhchimbdfkmi/spent.html"CHR DefaultSearchKeyword: askwsCHR DefaultSearchProvider: Ask.comCHR DefaultSearchURL: http://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=69757399-5659-44B8-8C8A-5C5343264771&n=780bfd1b&ind=2014051611&p2=^AW6^xdm003^YYA^us&si=CJCJ3pj-sb4CFahaMgodd1oAUgCHR DefaultNewTabURL: CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)R2 SAWFP; C:\Windows\system32\Drivers\SAWFP64.sys [41768 2014-03-18] (SecureAssist) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 14:02 - 2014-08-06 14:02 - 00011504 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-06 14:02 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:20 - 2014-08-06 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:36 - 2014-08-06 11:37 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-05 12:52 - 2014-08-06 11:30 - 00156428 _____ () C:\Windows\PFRO.log2014-07-24 11:51 - 2014-08-06 14:00 - 01202133 _____ () C:\Windows\WindowsUpdate.log2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 11:50 - 2014-08-06 13:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-22 11:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-22 11:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-13 09:26 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-13 09:26 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 00:22 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 00:22 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 00:22 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 00:22 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2014-07-10 00:22 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 00:22 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-07-10 00:21 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 00:21 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 00:21 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 00:21 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 00:21 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 00:21 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 00:21 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 00:21 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-07-10 00:21 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 00:21 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 00:21 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 00:21 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 00:21 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-07-10 00:21 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 00:21 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 00:21 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 00:21 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-07-10 00:21 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2014-07-10 00:21 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2014-07-10 00:21 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-07-10 00:21 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe2014-07-10 00:21 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2014-07-10 00:21 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 14:02 - 2014-08-06 14:02 - 00011504 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-06 14:02 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 14:00 - 2014-07-24 11:51 - 01202133 _____ () C:\Windows\WindowsUpdate.log2014-08-06 14:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru2014-08-06 13:57 - 2014-02-05 12:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:44 - 2014-07-22 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-06 13:35 - 2014-07-03 19:25 - 01218048 ___SH () C:\Users\Lisa\Downloads\Thumbs.db2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:21 - 2014-08-06 13:20 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:37 - 2014-08-06 11:36 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-06 11:36 - 2012-07-26 03:28 - 00805186 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-06 11:35 - 2014-02-05 12:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-06 11:34 - 2014-03-18 12:34 - 00000396 _____ () C:\Windows\Tasks\PassShow_wd.job2014-08-06 11:30 - 2014-08-05 12:52 - 00156428 _____ () C:\Windows\PFRO.log2014-08-06 11:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-06 11:30 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-06 11:30 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-08-06 10:43 - 2013-09-12 19:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-08-05 12:52 - 2012-07-26 03:52 - 00000000 ____D () C:\Windows\ShellNew2014-07-28 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:46 - 2014-04-15 14:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-24 10:39 - 2013-11-30 11:23 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-24 10:39 - 2013-11-30 11:23 - 00000000 ____D () C:\Program Files\CCleaner2014-07-22 13:21 - 2013-09-12 19:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3011618588-1290325941-1597316452-10012014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 12:34 - 2012-07-26 03:20 - 00000000 ____D () C:\Windows\Setup2014-07-22 11:50 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Malwarebytes2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-07-13 09:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-13 09:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-13 09:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore2014-07-13 09:19 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:06 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp2014-07-10 03:05 - 2013-09-13 19:42 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:04 - 2013-09-13 19:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 03:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM Some content of TEMP:====================C:\Users\Lisa\AppData\Local\Temp\ct_2001.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-27 20:59 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014Ran by Lisa at 2014-08-06 14:03:06Running from C:\Users\Lisa\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avira (HKLM-x32\...\{3361e961-9e49-487c-b1ac-9255348ccbaf}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) HiddenAvira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-07-2014 14:51:51 Windows Update23-07-2014 15:52:50 Windows Update28-07-2014 07:00:01 Windows Update01-08-2014 02:33:50 Windows Update04-08-2014 14:00:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {2667703B-8018-48F3-8D7F-B6BE79AFEEB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)Task: {65F20D54-998A-459A-995D-0FD302F0EB53} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)Task: {670CC746-D9D8-4042-8103-46AB11B19C83} - System32\Tasks\SaveDailyDeals\Updater\SaveDailyDeals updater => C:\Program Files (x86)\SaveDailyDeals Updater\updater.exe [2014-06-11] ()Task: {850577D1-449C-418D-9FBC-E52CCCF6F51D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)Task: {8CEC22F5-F58F-4B6A-8B9F-6C42B924FBF3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)Task: {A63E52E6-2E21-4F9E-A3DA-2BD639AA3A5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {DA1F4078-E078-4D27-8BF3-6D54C21DF5F8} - \PassShow_wd No Task File <==== ATTENTIONTask: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {F3D8FDE9-2B82-40A0-BEB9-6A5D8E094C0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow-soft\PassShow_wd.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-09-12 19:44 - 2012-03-28 08:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2012-10-06 00:12 - 2012-10-06 00:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-02-14 04:06 - 2014-02-14 04:06 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll2013-06-19 11:54 - 2012-06-25 01:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-18 13:58 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-18 13:58 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/06/2014 01:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cc4 Start Time: 01cfb19d4a5f780b Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Report Id: 9711c11a-1d90-11e4-be9b-a4173193d084 Faulting package full name: Faulting package-relative application ID: Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1188 Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1188 Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 11:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.12.20002, time stamp: 0x53674d9bFaulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6Exception code: 0xe0434352Fault offset: 0x00010f22Faulting process id: 0xbb4Faulting application start time: 0xAvira.OE.ServiceHost.exe0Faulting application path: Avira.OE.ServiceHost.exe1Faulting module path: Avira.OE.ServiceHost.exe2Report Id: Avira.OE.ServiceHost.exe3Faulting package full name: Avira.OE.ServiceHost.exe4Faulting package-relative application ID: Avira.OE.ServiceHost.exe5 Error: (08/06/2014 11:31:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/06/2014 11:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.12.20002, time stamp: 0x53674d9bFaulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6Exception code: 0xe0434352Fault offset: 0x00010f22Faulting process id: 0xaecFaulting application start time: 0xAvira.OE.ServiceHost.exe0Faulting application path: Avira.OE.ServiceHost.exe1Faulting module path: Avira.OE.ServiceHost.exe2Report Id: Avira.OE.ServiceHost.exe3Faulting package full name: Avira.OE.ServiceHost.exe4Faulting package-relative application ID: Avira.OE.ServiceHost.exe5 Error: (08/06/2014 11:31:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/06/2014 11:31:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.12.20002, time stamp: 0x53674d9bFaulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6Exception code: 0xe0434352Fault offset: 0x00010f22Faulting process id: 0x750Faulting application start time: 0xAvira.OE.ServiceHost.exe0Faulting application path: Avira.OE.ServiceHost.exe1Faulting module path: Avira.OE.ServiceHost.exe2Report Id: Avira.OE.ServiceHost.exe3Faulting package full name: Avira.OE.ServiceHost.exe4Faulting package-relative application ID: Avira.OE.ServiceHost.exe5 Error: (08/06/2014 11:31:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() System errors:=============Error: (08/06/2014 11:31:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (08/06/2014 11:31:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/06/2014 11:31:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/06/2014 11:31:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Real-Time Protection service failed to start due to the following error: %%1053 Error: (08/06/2014 11:31:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect. Error: (08/06/2014 11:31:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Scheduler service failed to start due to the following error: %%1053 Error: (08/06/2014 11:31:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect. Error: (08/06/2014 09:40:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller. Error: (08/05/2014 00:54:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (08/05/2014 00:54:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (08/06/2014 01:39:24 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: mbam.exe1.0.0.532cc401cfb19d4a5f780b4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe9711c11a-1d90-11e4-be9b-a4173193d084 Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1188 Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1188 Error: (08/06/2014 11:40:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 11:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Avira.OE.ServiceHost.exe1.1.12.2000253674d9bKERNELBASE.dll6.2.9200.16864531d2be6e043435200010f22bb401cfb18b8cc43b09C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dllcb5835d1-1d7e-11e4-be9b-a4173193d084 Error: (08/06/2014 11:31:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/06/2014 11:31:43 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Avira.OE.ServiceHost.exe1.1.12.2000253674d9bKERNELBASE.dll6.2.9200.16864531d2be6e043435200010f22aec01cfb18b858bc7a3C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dllc4299fc2-1d7e-11e4-be9b-a4173193d084 Error: (08/06/2014 11:31:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/06/2014 11:31:22 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Avira.OE.ServiceHost.exe1.1.12.2000253674d9bKERNELBASE.dll6.2.9200.16864531d2be6e043435200010f2275001cfb18b78bf6eccC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\Windows\SYSTEM32\KERNELBASE.dllb80d3baf-1d7e-11e4-be9b-a4173193d084 Error: (08/06/2014 11:31:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Avira.OE.ServiceHost.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.ArgumentExceptionStack: at Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String) at Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration() at Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() ==================== Memory info =========================== Percentage of memory in use: 51%Total physical RAM: 3965.27 MBAvailable physical RAM: 1937.11 MBTotal Pagefile: 16253.27 MBAvailable Pagefile: 14755.75 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.25 GB) (Free:426.94 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 0F67BBC1) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted August 6, 2014 ID:863250 Share Posted August 6, 2014 Hi, Step 1Please click the Chrome menu on the browser toolbar.Select Settings.Click Show advanced settings and find the "Reset browser settings” section.Click Reset browser settings.In the dialog that appears, click Reset.Step 2 Scan with Malwarebytes AntimalwarePlease update the database by clicking on the "Update Now" button.Following the update and click "Settings" and go to "Detection and Protection"Make sure "Scan for Rootkits" is checked.Click on Dashboard, then click on Scan Now to start the scan. (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)A window with an option to view the detailed log will appear. Click on "View Detailed Log".After viewing the results, please click on the "Copy to Clipboard" button and then OK.Return to our forum. Paste your log into your next reply.Step 3 Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically. Copy and paste the contents of that logfile in your next reply.Step 4 Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from. Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
mom2mny Posted August 6, 2014 Author ID:863269 Share Posted August 6, 2014 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/6/2014 Scan Time: 2:38:17 PM Logfile: mal.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.06.07 Rootkit Database: v2014.08.04.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Lisa Scan Type: Threat Scan Result: Completed Objects Scanned: 283687 Time Elapsed: 9 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}\INPROCSERVER32, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SaveDailyDeals, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.SaveDailyDeals, C:\PROGRAM FILES (X86)\SAVEDAILYDEALS, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], Files: 4 PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\SAVEDAILYDEALS.DLL, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\SAVEDAILYDEALS_X64.DLL, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\resources.zip, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\uninstall000.exe, Quarantined, [cbcdfec4b4c7e551c134bb2fbf43d828], Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
mom2mny Posted August 6, 2014 Author ID:863280 Share Posted August 6, 2014 # AdwCleaner v3.302 - Report created 06/08/2014 at 15:25:43# Updated 30/07/2014 by Xplode# Operating System : Windows 8 (64 bits)# Username : Lisa - LAPTOP# Running from : C:\Users\Lisa\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\003Folder Deleted : C:\Users\Lisa\AppData\Local\visi_couponFile Deleted : C:\Windows\SysWOW64\SecureAssist.iniFile Deleted : C:\Windows\SysWOW64\SecureAssistOff.iniFile Deleted : C:\Windows\System32\drivers\SAWFP64.sysFile Deleted : C:\Windows\System32\SecureAssist.iniFile Deleted : C:\Windows\System32\SecureAssistOff.ini ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.17028 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [3043 octets] - [06/08/2014 15:21:28]AdwCleaner[s0].txt - [2973 octets] - [06/08/2014 15:25:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3033 octets] ########## Link to post Share on other sites More sharing options...
deeprybka Posted August 6, 2014 ID:863288 Share Posted August 6, 2014 Good job! And step 4 please... Link to post Share on other sites More sharing options...
mom2mny Posted August 6, 2014 Author ID:863290 Share Posted August 6, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Lisa (administrator) on LAPTOP on 06-08-2014 15:39:21Running from C:\Users\Lisa\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Windows\System32\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe(Microsoft Corporation) C:\Windows\splwow64.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB657043B0FB0CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {59947972-4999-49F1-8C01-57891CB54BBB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140312,20028,0,25,0BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Tcpip\Parameters: [DhcpNameServer] 208.95.136.4 208.95.136.5 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpi Chrome: =======CHR HomePage: CHR Extension: (SaveDailyDeals) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2014-08-06]CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)S2 SAWFP; \??\C:\Windows\system32\Drivers\SAWFP64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 15:39 - 2014-08-06 15:39 - 00009808 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-06 15:35 - 2014-08-06 15:35 - 00064376 _____ (System Applet ) C:\Users\Lisa\Downloads\setup.exe2014-08-06 15:33 - 2014-08-06 15:33 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-06 15:20 - 2014-08-06 15:25 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:11 - 2014-08-06 15:17 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:03 - 2014-08-06 14:03 - 00025654 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-06 14:02 - 2014-08-06 15:39 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:20 - 2014-08-06 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:36 - 2014-08-06 11:37 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-05 12:52 - 2014-08-06 15:37 - 00158552 _____ () C:\Windows\PFRO.log2014-07-24 11:51 - 2014-08-06 15:37 - 01217845 _____ () C:\Windows\WindowsUpdate.log2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 11:50 - 2014-08-06 14:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-22 11:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-22 11:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-13 09:26 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-13 09:26 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 00:22 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 00:22 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 00:22 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 00:22 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2014-07-10 00:22 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 00:22 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-07-10 00:21 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 00:21 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 00:21 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 00:21 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 00:21 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 00:21 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 00:21 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 00:21 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-07-10 00:21 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 00:21 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 00:21 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 00:21 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 00:21 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-07-10 00:21 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 00:21 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 00:21 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 00:21 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-07-10 00:21 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2014-07-10 00:21 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2014-07-10 00:21 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-07-10 00:21 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe2014-07-10 00:21 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2014-07-10 00:21 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 15:39 - 2014-08-06 15:39 - 00009808 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-06 15:39 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-06 15:38 - 2014-03-18 12:34 - 00000396 _____ () C:\Windows\Tasks\PassShow_wd.job2014-08-06 15:38 - 2014-02-05 12:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-06 15:37 - 2014-08-05 12:52 - 00158552 _____ () C:\Windows\PFRO.log2014-08-06 15:37 - 2014-07-24 11:51 - 01217845 _____ () C:\Windows\WindowsUpdate.log2014-08-06 15:37 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-06 15:35 - 2014-08-06 15:35 - 00064376 _____ (System Applet ) C:\Users\Lisa\Downloads\setup.exe2014-08-06 15:33 - 2014-08-06 15:33 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 15:33 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 15:33 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2014-08-06 15:33 - 2014-01-15 10:49 - 00000000 ____D () C:\Program Files (x86)\Avira2014-08-06 15:33 - 2012-07-26 03:28 - 00805186 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-06 15:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-08-06 15:25 - 2014-08-06 15:20 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:17 - 2014-08-06 15:11 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 15:10 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\addins2014-08-06 15:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru2014-08-06 14:57 - 2014-02-05 12:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-06 14:38 - 2014-07-22 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-06 14:03 - 2014-08-06 14:03 - 00025654 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:35 - 2014-07-03 19:25 - 01218048 ___SH () C:\Users\Lisa\Downloads\Thumbs.db2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:21 - 2014-08-06 13:20 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:37 - 2014-08-06 11:36 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-06 11:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-06 10:43 - 2013-09-12 19:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-08-05 12:52 - 2012-07-26 03:52 - 00000000 ____D () C:\Windows\ShellNew2014-07-28 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:46 - 2014-04-15 14:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-24 10:39 - 2013-11-30 11:23 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-24 10:39 - 2013-11-30 11:23 - 00000000 ____D () C:\Program Files\CCleaner2014-07-22 13:21 - 2013-09-12 19:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3011618588-1290325941-1597316452-10012014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 12:34 - 2012-07-26 03:20 - 00000000 ____D () C:\Windows\Setup2014-07-22 11:50 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Malwarebytes2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-07-13 09:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-13 09:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-13 09:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore2014-07-13 09:19 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:06 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp2014-07-10 03:05 - 2013-09-13 19:42 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:04 - 2013-09-13 19:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 03:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM Some content of TEMP:====================C:\Users\Lisa\AppData\Local\Temp\ct_2001.exeC:\Users\Lisa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-27 20:59 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted August 6, 2014 ID:863292 Share Posted August 6, 2014 OK, Let's do a final check up: Step 1 Please download the ESET Online Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start esetsmartinstaller_enu.exe with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.Now click on Advanced Settings and select the following:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!Now click on FinishA log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste the content of this log file in your next reply.Note: Do not forget to re-enable your antivirus application after running the above scan! Link to post Share on other sites More sharing options...
mom2mny Posted August 6, 2014 Author ID:863324 Share Posted August 6, 2014 C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Lisa\Downloads\setup.exe a variant of Win32/AdWare.iBryte.AX applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863528 Share Posted August 7, 2014 Hi,please copy&paste the following text into the URL-line of your chrome browserchrome://extensions/and delete these Extention: (SaveDailyDeals). Please reboot your PC an run MBAM again. Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863571 Share Posted August 7, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/7/2014Scan Time: 9:17:34 AMLogfile: mal3.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.07.03Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8CPU: x64File System: NTFSUser: Lisa Scan Type: Threat ScanResult: CompletedObjects Scanned: 283417Time Elapsed: 8 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 6PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\CLASSES\CLSID\{E16E8A02-5F7D-407E-B1DB-23A301DB5580}\INPROCSERVER32, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SaveDailyDeals, , [d9bf655ded8ef541286c8a61768c9c64], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.SaveDailyDeals, C:\PROGRAM FILES (X86)\SAVEDAILYDEALS, , [d9bf655ded8ef541286c8a61768c9c64], Files: 4PUP.Optional.IBryte, C:\Users\Lisa\Downloads\setup.exe, , [cfc9f7cb6f0ccf677886ffa8b849d729], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\SAVEDAILYDEALS.DLL, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\SAVEDAILYDEALS_X64.DLL, , [d9bf655ded8ef541286c8a61768c9c64], PUP.Optional.SaveDailyDeals, C:\Program Files (x86)\SaveDailyDeals\uninstall000.exe, , [d9bf655ded8ef541286c8a61768c9c64], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863576 Share Posted August 7, 2014 Hi, please select "quarantaine" after the MBAM scan is finished. Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863580 Share Posted August 7, 2014 I thought that I did. I'll try again. Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863585 Share Posted August 7, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/7/2014Scan Time: 10:22:27 AMLogfile: mal4.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.07.04Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8CPU: x64File System: NTFSUser: Lisa Scan Type: Threat ScanResult: CompletedObjects Scanned: 283919Time Elapsed: 8 min, 54 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863671 Share Posted August 7, 2014 Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button. When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Can you please tell me which problems still persist now? Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863699 Share Posted August 7, 2014 I don't seem to be having problems anymore on this computer. Should I still run FRST scan? Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863700 Share Posted August 7, 2014 Yes please! Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863712 Share Posted August 7, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Lisa (administrator) on LAPTOP on 07-08-2014 15:45:52Running from C:\Users\Lisa\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Windows\System32\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB657043B0FB0CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {59947972-4999-49F1-8C01-57891CB54BBB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140312,20028,0,25,0BHO: SaveDailyDeals -> {E16E8A02-5F7D-407E-B1DB-23A301DB5580} -> C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals_x64.dll (SaveDailyDeals)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: SaveDailyDeals -> {E16E8A02-5F7D-407E-B1DB-23A301DB5580} -> C:\Program Files (x86)\SaveDailyDeals\SaveDailyDeals.dll (SaveDailyDeals)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Tcpip\Parameters: [DhcpNameServer] 208.95.136.4 208.95.136.5 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpi Chrome: =======CHR HomePage: CHR Extension: (SaveDailyDeals) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2014-08-07]CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)S2 SAWFP; \??\C:\Windows\system32\Drivers\SAWFP64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 15:45 - 2014-08-07 15:46 - 00010660 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 11:12 - 2014-08-07 11:42 - 00000000 ____D () C:\Program Files (x86)\SaveDailyDeals2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:28 - 2014-08-06 17:29 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-06 15:20 - 2014-08-06 15:25 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:11 - 2014-08-06 15:17 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:03 - 2014-08-06 14:03 - 00025654 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-06 14:02 - 2014-08-07 15:45 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:20 - 2014-08-06 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:36 - 2014-08-06 11:37 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-05 12:52 - 2014-08-07 09:27 - 00159824 _____ () C:\Windows\PFRO.log2014-07-24 11:51 - 2014-08-07 14:00 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 11:50 - 2014-08-07 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-22 11:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-22 11:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-13 09:26 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-13 09:26 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 00:22 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 00:22 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 00:22 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 00:22 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2014-07-10 00:22 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 00:22 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-07-10 00:21 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 00:21 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 00:21 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 00:21 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 00:21 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 00:21 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 00:21 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 00:21 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-07-10 00:21 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 00:21 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 00:21 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 00:21 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 00:21 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-07-10 00:21 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 00:21 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 00:21 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 00:21 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-07-10 00:21 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2014-07-10 00:21 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2014-07-10 00:21 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-07-10 00:21 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe2014-07-10 00:21 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2014-07-10 00:21 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 15:46 - 2014-08-07 15:45 - 00010660 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 15:45 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-07 15:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru2014-08-07 14:57 - 2014-02-05 12:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-07 14:00 - 2014-07-24 11:51 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-08-07 12:35 - 2014-03-18 12:34 - 00000396 _____ () C:\Windows\Tasks\PassShow_wd.job2014-08-07 11:42 - 2014-08-07 11:12 - 00000000 ____D () C:\Program Files (x86)\SaveDailyDeals2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 10:22 - 2014-07-22 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-07 09:34 - 2012-07-26 03:28 - 00805186 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-07 09:27 - 2014-08-05 12:52 - 00159824 _____ () C:\Windows\PFRO.log2014-08-07 09:27 - 2014-02-05 12:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-07 09:27 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\DesktopTileResources2014-08-07 09:27 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:38 - 2013-09-12 19:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3011618588-1290325941-1597316452-10012014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:29 - 2014-08-06 17:28 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Avira2014-08-06 17:29 - 2014-01-15 10:49 - 00000000 ____D () C:\Program Files (x86)\Avira2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:26 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\addins2014-08-06 15:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-08-06 15:25 - 2014-08-06 15:20 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:17 - 2014-08-06 15:11 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:03 - 2014-08-06 14:03 - 00025654 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:35 - 2014-07-03 19:25 - 01218048 ___SH () C:\Users\Lisa\Downloads\Thumbs.db2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:21 - 2014-08-06 13:20 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:37 - 2014-08-06 11:36 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-06 11:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-06 10:43 - 2013-09-12 19:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-08-05 12:52 - 2012-07-26 03:52 - 00000000 ____D () C:\Windows\ShellNew2014-07-28 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:46 - 2014-04-15 14:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-24 10:39 - 2013-11-30 11:23 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-24 10:39 - 2013-11-30 11:23 - 00000000 ____D () C:\Program Files\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 12:34 - 2012-07-26 03:20 - 00000000 ____D () C:\Windows\Setup2014-07-22 11:50 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Malwarebytes2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-07-13 09:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-13 09:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-13 09:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore2014-07-13 09:19 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:06 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp2014-07-10 03:05 - 2013-09-13 19:42 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:04 - 2013-09-13 19:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 03:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM Some content of TEMP:====================C:\Users\Lisa\AppData\Local\Temp\ct_2001.exeC:\Users\Lisa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-27 20:59 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014Ran by Lisa at 2014-08-07 15:46:34Running from C:\Users\Lisa\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) HiddenAvira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)SaveDailyDeals (HKLM-x32\...\SaveDailyDeals) (Version: - SaveDailyDeals) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-07-2014 15:52:50 Windows Update28-07-2014 07:00:01 Windows Update01-08-2014 02:33:50 Windows Update04-08-2014 14:00:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {2667703B-8018-48F3-8D7F-B6BE79AFEEB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)Task: {65F20D54-998A-459A-995D-0FD302F0EB53} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)Task: {6806A28B-5ED0-497E-B4EF-BC09CB2C2DBE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)Task: {850577D1-449C-418D-9FBC-E52CCCF6F51D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)Task: {A12101B7-34F7-46B3-8E21-CA7F414D931E} - System32\Tasks\SaveDailyDeals\Updater\SaveDailyDeals updater => C:\Program Files (x86)\SaveDailyDeals Updater\updater.exe [2014-06-11] ()Task: {A63E52E6-2E21-4F9E-A3DA-2BD639AA3A5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-05] (Google Inc.)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {DA1F4078-E078-4D27-8BF3-6D54C21DF5F8} - \PassShow_wd No Task File <==== ATTENTIONTask: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {F3D8FDE9-2B82-40A0-BEB9-6A5D8E094C0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow-soft\PassShow_wd.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-09-12 19:44 - 2012-03-28 08:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2012-10-06 00:12 - 2012-10-06 00:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll2014-02-14 04:06 - 2014-02-14 04:06 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll2013-06-19 11:54 - 2012-06-25 01:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll2014-03-18 13:58 - 2014-03-14 20:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-18 13:58 - 2014-03-14 20:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-18 13:58 - 2014-03-14 20:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1156 Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1156 Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2765 Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 2765 Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1703 Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1703 Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 10:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1141 System errors:=============Error: (08/07/2014 09:28:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Real-Time Protection service failed to start due to the following error: %%1053 Error: (08/07/2014 09:28:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect. Error: (08/07/2014 09:27:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SAWFP service failed to start due to the following error: %%2 Error: (08/07/2014 09:27:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Scheduler service failed to start due to the following error: %%1053 Error: (08/07/2014 09:27:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect. Error: (08/07/2014 09:16:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Real-Time Protection service failed to start due to the following error: %%1053 Error: (08/07/2014 09:16:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Real-Time Protection service to connect. Error: (08/07/2014 09:15:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SAWFP service failed to start due to the following error: %%2 Error: (08/07/2014 09:15:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Avira Scheduler service failed to start due to the following error: %%1053 Error: (08/07/2014 09:15:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Scheduler service to connect. Microsoft Office Sessions:=========================Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1156 Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1156 Error: (08/07/2014 00:42:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2765 Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 2765 Error: (08/07/2014 01:12:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1703 Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1703 Error: (08/07/2014 01:12:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 10:12:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1141 ==================== Memory info =========================== Percentage of memory in use: 41%Total physical RAM: 3965.27 MBAvailable physical RAM: 2307.24 MBTotal Pagefile: 16253.27 MBAvailable Pagefile: 14456.1 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.25 GB) (Free:427.96 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 0F67BBC1) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863714 Share Posted August 7, 2014 Should I choose fix on the FRST? Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863750 Share Posted August 7, 2014 Hi, still some things to do:Step 1Please uninstall some programs:Windows 8 : Hold down the Windows logo key and press X to open a menu at the lower-left area of the screen.Select Programs and Features from the menu.Search and select the following programs one by one and click on Uninstall:SaveDailyDealsReboot your computer.Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
mom2mny Posted August 7, 2014 Author ID:863767 Share Posted August 7, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Lisa (administrator) on LAPTOP on 07-08-2014 16:15:24Running from C:\Users\Lisa\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Windows\System32\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB657043B0FB0CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {59947972-4999-49F1-8C01-57891CB54BBB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140312,20028,0,25,0BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Tcpip\Parameters: [DhcpNameServer] 208.95.136.4 208.95.136.5 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpi Chrome: =======CHR HomePage: CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)S2 SAWFP; \??\C:\Windows\system32\Drivers\SAWFP64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 16:15 - 2014-08-07 16:15 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe2014-08-07 16:15 - 2014-08-07 16:15 - 00010157 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 15:46 - 2014-08-07 15:46 - 00017063 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:28 - 2014-08-06 17:29 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-06 15:20 - 2014-08-06 15:25 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:11 - 2014-08-06 15:17 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:02 - 2014-08-07 16:15 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:20 - 2014-08-06 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:36 - 2014-08-06 11:37 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-05 12:52 - 2014-08-07 16:12 - 00160174 _____ () C:\Windows\PFRO.log2014-07-24 11:51 - 2014-08-07 14:00 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 11:50 - 2014-08-07 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-22 11:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-22 11:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-13 09:26 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-13 09:26 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 00:22 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 00:22 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 00:22 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 00:22 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2014-07-10 00:22 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 00:22 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-07-10 00:21 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 00:21 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 00:21 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 00:21 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 00:21 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 00:21 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 00:21 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 00:21 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-07-10 00:21 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 00:21 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 00:21 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 00:21 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 00:21 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-07-10 00:21 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 00:21 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 00:21 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 00:21 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-07-10 00:21 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2014-07-10 00:21 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2014-07-10 00:21 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-07-10 00:21 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe2014-07-10 00:21 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2014-07-10 00:21 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 16:15 - 2014-08-07 16:15 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe2014-08-07 16:15 - 2014-08-07 16:15 - 00010157 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 16:15 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-07 16:12 - 2014-08-05 12:52 - 00160174 _____ () C:\Windows\PFRO.log2014-08-07 16:12 - 2014-03-18 12:34 - 00000396 _____ () C:\Windows\Tasks\PassShow_wd.job2014-08-07 16:12 - 2014-02-05 12:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-07 16:12 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-07 16:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru2014-08-07 15:57 - 2014-02-05 12:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-07 15:46 - 2014-08-07 15:46 - 00017063 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 14:00 - 2014-07-24 11:51 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 10:22 - 2014-07-22 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-07 09:34 - 2012-07-26 03:28 - 00805186 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-07 09:27 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\DesktopTileResources2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:38 - 2013-09-12 19:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3011618588-1290325941-1597316452-10012014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:29 - 2014-08-06 17:28 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Avira2014-08-06 17:29 - 2014-01-15 10:49 - 00000000 ____D () C:\Program Files (x86)\Avira2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:26 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\addins2014-08-06 15:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-08-06 15:25 - 2014-08-06 15:20 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:17 - 2014-08-06 15:11 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:35 - 2014-07-03 19:25 - 01218048 ___SH () C:\Users\Lisa\Downloads\Thumbs.db2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:21 - 2014-08-06 13:20 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:37 - 2014-08-06 11:36 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-06 11:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-06 10:43 - 2013-09-12 19:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-08-05 12:52 - 2012-07-26 03:52 - 00000000 ____D () C:\Windows\ShellNew2014-07-28 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:46 - 2014-04-15 14:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-24 10:39 - 2013-11-30 11:23 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-24 10:39 - 2013-11-30 11:23 - 00000000 ____D () C:\Program Files\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 12:34 - 2012-07-26 03:20 - 00000000 ____D () C:\Windows\Setup2014-07-22 11:50 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Malwarebytes2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-07-13 09:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-13 09:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-13 09:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore2014-07-13 09:19 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:06 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp2014-07-10 03:05 - 2013-09-13 19:42 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:04 - 2013-09-13 19:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 03:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM Some content of TEMP:====================C:\Users\Lisa\AppData\Local\Temp\ct_2001.exeC:\Users\Lisa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-27 20:59 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted August 7, 2014 ID:863773 Share Posted August 7, 2014 Hi,Step 1Press the + R on your keyboard at the same time. Type Notepad and click OK.Copy the entire content of the codebox below and paste into the Notepad document:FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpiCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONR2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)C:\Program Files (x86)\Coupons\AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not FoundReboot:Click File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply.After Reboot:Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
mom2mny Posted August 8, 2014 Author ID:863889 Share Posted August 8, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2014Ran by Lisa at 2014-08-07 21:39:21 Run:1Running from C:\Users\Lisa\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************FF HKCU\...\Firefox\Extensions: [{1eb48c91-d398-4bf3-baa1-7741b65432c3}] - C:\Program Files (x86)\PassShow-soft\157.xpiCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONR2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)C:\Program Files (x86)\Coupons\AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not FoundReboot:***************** HKCU\Software\Mozilla\Firefox\Extensions\\{1eb48c91-d398-4bf3-baa1-7741b65432c3} => value deleted successfully."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.CouponPrinterService => Unable to stop serviceCouponPrinterService => Service deleted successfully.C:\Program Files (x86)\Coupons => Moved successfully."C:\Program Files C:\Program Files" => Value Data not found."C:\Program Files c:\program files" => Value Data not found. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
mom2mny Posted August 8, 2014 Author ID:863893 Share Posted August 8, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Lisa (administrator) on LAPTOP on 07-08-2014 21:46:25Running from C:\Users\Lisa\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Atheros Commnucations) C:\Windows\System32\AdminService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(Microsoft Corporation) C:\Windows\splwow64.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)AppInit_DLLs: C:\Program Files C:\Program Files => C:\Program Files C:\Program Files File Not FoundAppInit_DLLs-x32: C:\Program Files c:\program files => "C:\Program Files c:\program files" File Not Found ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB657043B0FB0CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)SearchScopes: HKCU - {59947972-4999-49F1-8C01-57891CB54BBB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140312,20028,0,25,0BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Tcpip\Parameters: [DhcpNameServer] 208.95.136.4 208.95.136.5 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: =======CHR HomePage: CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)S2 SAWFP; \??\C:\Windows\system32\Drivers\SAWFP64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 21:46 - 2014-08-07 21:46 - 00009752 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 21:38 - 2014-08-07 21:38 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (4).exe2014-08-07 21:34 - 2014-08-07 21:34 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (3).exe2014-08-07 21:33 - 2014-08-07 21:33 - 00017712 _____ () C:\Users\Lisa\Downloads\FRST.htm2014-08-07 16:15 - 2014-08-07 16:15 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe2014-08-07 15:46 - 2014-08-07 15:46 - 00017063 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:28 - 2014-08-06 17:29 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-06 15:20 - 2014-08-06 15:25 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:11 - 2014-08-06 15:17 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:02 - 2014-08-07 21:46 - 00000000 ____D () C:\FRST2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:20 - 2014-08-06 13:21 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:36 - 2014-08-06 11:37 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-05 12:52 - 2014-08-07 16:12 - 00160174 _____ () C:\Windows\PFRO.log2014-07-24 11:51 - 2014-08-07 14:00 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 11:50 - 2014-08-07 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-22 11:49 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-07-22 11:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-07-13 09:26 - 2014-06-26 16:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-13 09:26 - 2014-06-26 16:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-10 00:22 - 2014-06-17 19:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-10 00:22 - 2014-06-17 19:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-10 00:22 - 2014-06-11 00:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 00:22 - 2014-06-02 18:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2014-07-10 00:22 - 2014-05-29 19:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2014-07-10 00:22 - 2014-05-29 19:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-10 00:22 - 2014-05-29 19:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-07-10 00:21 - 2014-06-30 18:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-07-10 00:21 - 2014-06-27 23:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-10 00:21 - 2014-06-18 22:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 00:21 - 2014-06-18 22:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-07-10 00:21 - 2014-06-18 22:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-10 00:21 - 2014-06-18 22:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-10 00:21 - 2014-06-18 22:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 00:21 - 2014-06-18 22:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 00:21 - 2014-06-18 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 00:21 - 2014-06-18 22:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 00:21 - 2014-06-18 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-10 00:21 - 2014-06-18 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-10 00:21 - 2014-06-18 20:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-10 00:21 - 2014-06-18 20:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-07-10 00:21 - 2014-06-18 20:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-10 00:21 - 2014-06-18 20:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-10 00:21 - 2014-06-18 20:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-10 00:21 - 2014-06-18 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-10 00:21 - 2014-06-18 20:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-10 00:21 - 2014-06-18 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 00:21 - 2014-06-18 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-10 00:21 - 2014-06-18 18:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-07-10 00:21 - 2014-06-06 10:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 00:21 - 2014-06-06 06:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-10 00:21 - 2014-05-29 18:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-10 00:21 - 2014-05-03 02:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-07-10 00:21 - 2014-05-03 02:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2014-07-10 00:21 - 2014-05-03 00:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2014-07-10 00:21 - 2014-05-01 18:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2014-07-10 00:21 - 2014-04-29 18:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe2014-07-10 00:21 - 2014-04-29 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2014-07-10 00:21 - 2014-04-23 19:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2014-07-10 00:21 - 2014-04-23 19:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-07-10 00:21 - 2014-02-08 00:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-07 21:46 - 2014-08-07 21:46 - 00009752 _____ () C:\Users\Lisa\Downloads\FRST.txt2014-08-07 21:46 - 2014-08-06 14:02 - 00000000 ____D () C:\FRST2014-08-07 21:40 - 2014-03-18 12:34 - 00000396 _____ () C:\Windows\Tasks\PassShow_wd.job2014-08-07 21:40 - 2014-02-05 12:32 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-07 21:40 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-07 21:38 - 2014-08-07 21:38 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (4).exe2014-08-07 21:34 - 2014-08-07 21:34 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (3).exe2014-08-07 21:33 - 2014-08-07 21:33 - 00017712 _____ () C:\Users\Lisa\Downloads\FRST.htm2014-08-07 21:26 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru2014-08-07 17:57 - 2014-02-05 12:32 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-07 16:17 - 2012-07-26 03:28 - 00805186 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-07 16:15 - 2014-08-07 16:15 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe2014-08-07 16:12 - 2014-08-05 12:52 - 00160174 _____ () C:\Windows\PFRO.log2014-08-07 15:46 - 2014-08-07 15:46 - 00017063 _____ () C:\Users\Lisa\Downloads\Addition.txt2014-08-07 15:45 - 2014-08-07 15:45 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe2014-08-07 14:00 - 2014-07-24 11:51 - 01323829 _____ () C:\Windows\WindowsUpdate.log2014-08-07 10:39 - 2014-08-07 10:39 - 00001039 _____ () C:\Users\Lisa\Desktop\mal4.txt2014-08-07 10:22 - 2014-07-22 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-07 09:27 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\DesktopTileResources2014-08-07 09:26 - 2014-08-07 09:26 - 00002512 _____ () C:\Users\Lisa\Desktop\mal3.txt2014-08-06 17:38 - 2013-09-12 19:28 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3011618588-1290325941-1597316452-10012014-08-06 17:29 - 2014-08-06 17:29 - 00001070 _____ () C:\Users\Public\Desktop\Avira.lnk2014-08-06 17:29 - 2014-08-06 17:29 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-06 17:29 - 2014-08-06 17:28 - 04431200 _____ (Avira Operations GmbH & Co. KG) C:\Users\Lisa\Downloads\avira_en_av___ws (3).exe2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2014-08-06 17:29 - 2014-03-19 08:07 - 00000000 ____D () C:\ProgramData\Avira2014-08-06 17:29 - 2014-01-15 10:49 - 00000000 ____D () C:\Program Files (x86)\Avira2014-08-06 17:24 - 2014-08-06 17:24 - 00000662 _____ () C:\Users\Lisa\Downloads\eset.txt2014-08-06 15:55 - 2014-08-06 15:55 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu (1).exe2014-08-06 15:51 - 2014-08-06 15:51 - 02347384 _____ (ESET) C:\Users\Lisa\Downloads\esetsmartinstaller_enu.exe2014-08-06 15:51 - 2014-08-06 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-08-06 15:41 - 2014-08-06 15:41 - 00027970 _____ () C:\Users\Lisa\Downloads\FRST2.txt2014-08-06 15:26 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\addins2014-08-06 15:26 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-08-06 15:25 - 2014-08-06 15:20 - 00000000 ____D () C:\AdwCleaner2014-08-06 15:20 - 2014-08-06 15:20 - 01361309 _____ () C:\Users\Lisa\Downloads\AdwCleaner.exe2014-08-06 15:17 - 2014-08-06 15:11 - 00002658 _____ () C:\Users\Lisa\Desktop\mal.txt2014-08-06 14:01 - 2014-08-06 14:01 - 02094080 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe2014-08-06 13:45 - 2014-08-06 13:45 - 00007392 _____ () C:\Users\Lisa\Desktop\malware.txt2014-08-06 13:35 - 2014-07-03 19:25 - 01218048 ___SH () C:\Users\Lisa\Downloads\Thumbs.db2014-08-06 13:21 - 2014-08-06 13:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-06 13:21 - 2014-08-06 13:20 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-06 13:20 - 2014-08-06 13:20 - 05379160 _____ () C:\Users\Lisa\Downloads\RogueKillerX64.exe2014-08-06 11:39 - 2014-08-06 11:39 - 00011570 _____ () C:\Users\Lisa\Documents\dds2.txt2014-08-06 11:38 - 2014-08-06 11:38 - 00003761 _____ () C:\Users\Lisa\Documents\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00011570 _____ () C:\Users\Lisa\Desktop\dds.txt2014-08-06 11:37 - 2014-08-06 11:37 - 00003761 _____ () C:\Users\Lisa\Desktop\attach.txt2014-08-06 11:37 - 2014-08-06 11:36 - 00688992 ____R (Swearware) C:\Users\Lisa\Downloads\dds.scr2014-08-06 11:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-06 10:43 - 2013-09-12 19:39 - 00000000 ____D () C:\ProgramData\CanonIJPLM2014-08-05 12:52 - 2012-07-26 03:52 - 00000000 ____D () C:\Windows\ShellNew2014-07-28 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-07-24 11:18 - 2014-07-24 11:18 - 00072748 _____ () C:\Users\Lisa\Documents\cc_20140724_111827.reg2014-07-24 10:46 - 2014-04-15 14:04 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps2014-07-24 10:39 - 2014-07-24 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-24 10:39 - 2013-11-30 11:23 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-24 10:39 - 2013-11-30 11:23 - 00000000 ____D () C:\Program Files\CCleaner2014-07-22 12:34 - 2014-07-22 12:34 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-22 12:34 - 2012-07-26 03:20 - 00000000 ____D () C:\Windows\Setup2014-07-22 11:50 - 2014-03-18 22:12 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Malwarebytes2014-07-22 11:49 - 2014-07-22 11:49 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-07-22 11:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-22 11:49 - 2014-03-18 22:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-07-13 09:57 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache2014-07-13 09:20 - 2014-07-13 09:20 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-13 09:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-07-13 09:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore2014-07-13 09:19 - 2012-07-26 03:52 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 03:06 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp2014-07-10 03:05 - 2013-09-13 19:42 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 03:04 - 2013-09-13 19:42 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-10 03:04 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM Some content of TEMP:====================C:\Users\Lisa\AppData\Local\Temp\ct_2001.exeC:\Users\Lisa\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-27 20:59 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Recommended Posts