Jump to content

SearchSnacks and Superfish reinstalling themselves


Recommended Posts

  hello forum. I paid for the premium hoping it would fix my problem. SearchSnacks and Superfish are my problems. MalwareBytes appears to delete them, but moments later they are back again. I've reset all my browsers several times. Ive deleted any references to the files on my PC. But somehow they keep reinstalling themselves. I need help!! They will not go away and they make using this computer very miserable! Log attached to postFRST.txtAddition.txt

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    CloseProcesses:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKCU\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]CHR HKLM-x32\...\Chrome\Extension: [bhonlaanaiplgdkbhimogmnjgiiljijc] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode443\ch\MediaBuzzV1mode443.crx [2013-08-11]CHR HKLM-x32\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]AlternateDataStreams: C:\ProgramData\TEMP:56E2E879AlternateDataStreams: C:\Users\Melanie\AppData\Local\MKmg1gZFedg:KLMZU3wocAKSIwXxePc2UPMd0AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temp:5MAqyXZOgtys2eOph1PiAlternateDataStreams: C:\Users\Melanie\AppData\Local\Temporary Internet Files:a8PZX2eCbXmyC7FzvfGFASRJMqhTask: C:\Windows\Tasks\istcleaner Task.job => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exeTask: {C54C46E2-386B-41A1-8AD7-CB4821268FA8} - System32\Tasks\istcleaner Task => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exeTask: {3FEDFB56-7EBD-4405-8552-EA1CE7885E0C} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exeC:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exeC:\Program Files (x86)\GetPrivateC:\Users\Melanie\AppData\Roaming\UpdateServTask: {CAFD4904-6511-4244-95B6-98D71FB0EA32} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-09-06] ()Hosts:EmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Melanie (administrator) on MELANIE-PC on 25-09-2014 18:08:32
Running from C:\Users\Melanie\Desktop\Recovery
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFJA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON8A0F24] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: {13a42f41-569b-11e1-8956-806e6f6e6963} - D:\PCOpenCD.exe
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: {13a42f42-569b-11e1-8956-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {EFB4FCAD-77B9-41E7-B264-221AC17B87D1} URL = 
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\32il2v8s.default-1411010864146
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-03-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR HKCU\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [bhonlaanaiplgdkbhimogmnjgiiljijc] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode443\ch\MediaBuzzV1mode443.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 18:05 - 2014-09-25 18:08 - 00000000 ____D () C:\Users\Melanie\Desktop\Recovery
2014-09-25 18:05 - 2014-09-25 18:05 - 02108928 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64 (1).exe
2014-09-24 16:33 - 2014-09-24 16:33 - 02315075 _____ () C:\Users\Melanie\Downloads\IMG_0344.MOV
2014-09-24 08:43 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:43 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2014-09-23 17:26 - 2014-09-25 18:08 - 00000000 ____D () C:\FRST
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-09-21 19:02 - 2014-09-21 19:02 - 00005222 _____ () C:\Windows\DPINST.LOG
2014-09-21 19:02 - 2014-09-21 19:02 - 00000946 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 19:00 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-09-21 19:00 - 2014-09-21 19:00 - 10716552 _____ (LeapFrog Enterprises, Inc.) C:\Users\Melanie\Downloads\LeapFrogConnectSetup_LeapsterGSExplorer.exe
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\Users\Melanie\Downloads\log
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-09-20 20:41 - 2014-09-20 22:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-20 20:40 - 2014-09-20 20:41 - 11194928 _____ (SurfRight B.V.) C:\Users\Melanie\Downloads\HitmanPro_x64.exe
2014-09-19 22:37 - 2014-09-19 22:37 - 00005754 _____ () C:\Users\Melanie\Desktop\Malware_09-19-2014.txt
2014-09-18 15:42 - 2014-09-24 18:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Popcorn Time
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-17 11:34 - 2014-09-17 11:34 - 00275280 _____ () C:\Windows\Minidump\091714-23992-01.dmp
2014-09-17 11:32 - 2014-09-17 11:32 - 00079064 _____ () C:\Windows\system32\Drivers\lcnmrrni.sys
2014-09-17 10:25 - 2014-09-17 10:26 - 00000089 _____ () C:\Users\Melanie\Desktop\Malware_key.txt
2014-09-17 10:15 - 2014-09-17 10:15 - 00000015 _____ () C:\Users\Melanie\Desktop\CapOne_Tech_SupportNumber.txt
2014-09-16 23:07 - 2014-09-21 19:47 - 00004541 _____ () C:\Users\Melanie\Desktop\malware.txt
2014-09-15 22:42 - 2014-09-25 17:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 22:42 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 22:42 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 22:42 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 22:40 - 2014-09-15 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Melanie\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-14 22:06 - 2014-09-14 22:06 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 22:06 - 2014-06-14 10:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-09-14 22:06 - 2014-06-14 10:03 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll
2014-09-14 22:05 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-09-14 12:22 - 2014-09-14 12:22 - 02068480 _____ () C:\Users\Melanie\Desktop\image.jpeg
2014-09-13 22:57 - 2014-09-13 22:57 - 31766208 _____ (Microsoft Corporation) C:\Users\Melanie\Desktop\Windows-KB890830-x64-V5.16.exe
2014-09-12 22:01 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files\iTunes
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 22:00 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 18:29 - 2014-09-17 18:29 - 00003308 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-10 21:32 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:32 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 21:32 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:32 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:32 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:32 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:32 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:32 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:32 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:32 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:32 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:32 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:32 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:32 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:32 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:32 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 21:32 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:32 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:32 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 21:32 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:32 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 21:32 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 21:32 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 21:32 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 21:32 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 21:32 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:32 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 21:32 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 21:32 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 21:32 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 21:32 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:32 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:32 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:32 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 21:32 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 21:32 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 21:32 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 21:32 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:32 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 21:32 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 21:32 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 21:32 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:32 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 21:32 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 21:32 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 21:32 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 21:31 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 21:31 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:31 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:31 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 21:24 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:24 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:21 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:21 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:21 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:21 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:21 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:21 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:21 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 08:20 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:20 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 18:27 - 2014-09-24 18:27 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-06 18:27 - 2014-09-06 18:27 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-06 18:27 - 2014-09-06 18:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GetPrivate
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-09-03 23:28 - 2014-09-03 23:28 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-03 23:10 - 2014-09-03 23:29 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GitHub
2014-09-03 23:10 - 2014-09-03 23:29 - 00000000 ____D () C:\Users\Melanie\AppData\Local\GitHub
2014-09-03 23:09 - 2014-09-03 23:30 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-08-28 08:17 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:17 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:17 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 18:08 - 2014-09-25 18:05 - 00000000 ____D () C:\Users\Melanie\Desktop\Recovery
2014-09-25 18:08 - 2014-09-23 17:26 - 00000000 ____D () C:\FRST
2014-09-25 18:08 - 2012-02-15 20:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\uTorrent
2014-09-25 18:05 - 2014-09-25 18:05 - 02108928 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64 (1).exe
2014-09-25 17:58 - 2014-09-15 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 17:45 - 2012-12-17 21:45 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 17:22 - 2012-04-12 15:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 14:51 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:51 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 14:47 - 2012-02-13 18:36 - 01840995 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 14:44 - 2012-12-17 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 14:43 - 2014-03-14 20:15 - 00000420 _____ () C:\Windows\Tasks\istcleaner Task.job
2014-09-25 14:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 14:43 - 2009-07-14 00:51 - 00105068 _____ () C:\Windows\setupact.log
2014-09-25 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 09:23 - 2012-12-19 22:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 09:20 - 2010-11-20 23:47 - 00209530 _____ () C:\Windows\PFRO.log
2014-09-24 22:37 - 2013-02-28 23:58 - 00000000 ____D () C:\Users\Melanie\AppData\Local\F5C421D1-C777-4EF6-9627-525D77DFB760.aplzod
2014-09-24 18:47 - 2014-09-18 15:42 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 18:27 - 2014-09-07 18:27 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-24 16:33 - 2014-09-24 16:33 - 02315075 _____ () C:\Users\Melanie\Downloads\IMG_0344.MOV
2014-09-24 13:22 - 2012-04-12 15:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 13:22 - 2012-04-12 15:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 13:22 - 2012-02-16 00:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2014-09-22 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-22 10:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 19:47 - 2014-09-16 23:07 - 00004541 _____ () C:\Users\Melanie\Desktop\malware.txt
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-09-21 19:12 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 19:02 - 2014-09-21 19:02 - 00005222 _____ () C:\Windows\DPINST.LOG
2014-09-21 19:02 - 2014-09-21 19:02 - 00000946 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 19:02 - 2014-09-21 19:00 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-09-21 19:00 - 2014-09-21 19:00 - 10716552 _____ (LeapFrog Enterprises, Inc.) C:\Users\Melanie\Downloads\LeapFrogConnectSetup_LeapsterGSExplorer.exe
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\Users\Melanie\Downloads\log
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-09-20 22:04 - 2014-09-20 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-20 21:01 - 2012-02-15 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-20 20:41 - 2014-09-20 20:40 - 11194928 _____ (SurfRight B.V.) C:\Users\Melanie\Downloads\HitmanPro_x64.exe
2014-09-20 07:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-09-19 22:37 - 2014-09-19 22:37 - 00005754 _____ () C:\Users\Melanie\Desktop\Malware_09-19-2014.txt
2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-18 15:36 - 2014-03-11 13:07 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Popcorn-Time
2014-09-18 15:35 - 2014-08-16 19:13 - 02919548 _____ (Popcorn Official) C:\Users\Melanie\AppData\Roaming\package.nw.new
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Popcorn Time
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-17 23:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-09-17 18:29 - 2014-09-11 18:29 - 00003308 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-17 11:34 - 2014-09-17 11:34 - 00275280 _____ () C:\Windows\Minidump\091714-23992-01.dmp
2014-09-17 11:34 - 2014-07-13 14:38 - 1663553555 _____ () C:\Windows\MEMORY.DMP
2014-09-17 11:34 - 2014-07-13 14:38 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 11:32 - 2014-09-17 11:32 - 00079064 _____ () C:\Windows\system32\Drivers\lcnmrrni.sys
2014-09-17 11:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-17 10:26 - 2014-09-17 10:25 - 00000089 _____ () C:\Users\Melanie\Desktop\Malware_key.txt
2014-09-17 10:21 - 2014-09-15 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 10:21 - 2014-09-15 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 10:15 - 2014-09-17 10:15 - 00000015 _____ () C:\Users\Melanie\Desktop\CapOne_Tech_SupportNumber.txt
2014-09-17 09:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-17 09:35 - 2013-05-15 22:01 - 00037888 ___SH () C:\Users\Melanie\Thumbs.db
2014-09-15 22:58 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2014-09-15 22:57 - 2014-06-20 17:19 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-09-15 22:57 - 2012-02-15 20:18 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-15 22:42 - 2014-09-15 22:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Melanie\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-15 18:30 - 2014-08-19 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 10:03 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie
2014-09-14 22:06 - 2014-09-14 22:06 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:05 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-09-14 22:06 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie\AppData\Local\VirtualStore
2014-09-14 12:22 - 2014-09-14 12:22 - 02068480 _____ () C:\Users\Melanie\Desktop\image.jpeg
2014-09-13 22:57 - 2014-09-13 22:57 - 31766208 _____ (Microsoft Corporation) C:\Users\Melanie\Desktop\Windows-KB890830-x64-V5.16.exe
2014-09-12 22:01 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iTunes
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 22:00 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 09:10 - 2012-03-07 01:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Clip Art Collection
2014-09-10 21:42 - 2012-04-25 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 21:34 - 2012-02-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 21:30 - 2012-02-14 16:26 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:30 - 2012-02-14 16:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 21:30 - 2012-02-14 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 21:30 - 2012-02-14 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 21:29 - 2013-08-11 04:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:29 - 2012-05-01 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 21:24 - 2014-05-06 23:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 18:11 - 2014-09-24 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-24 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-06 18:29 - 2014-03-14 20:15 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-06 18:27 - 2014-09-06 18:27 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-06 18:27 - 2014-09-06 18:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GetPrivate
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-09-04 22:10 - 2014-09-10 08:19 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 08:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 23:30 - 2014-09-03 23:09 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-09-03 23:30 - 2014-07-02 22:14 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Deployment
2014-09-03 23:29 - 2014-09-03 23:10 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GitHub
2014-09-03 23:29 - 2014-09-03 23:10 - 00000000 ____D () C:\Users\Melanie\AppData\Local\GitHub
2014-09-03 23:28 - 2014-09-03 23:28 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-08-29 13:01 - 2012-02-14 16:59 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-29 03:18 - 2009-07-14 00:45 - 04982824 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\1czuiipf.fnc.exe
C:\Users\Melanie\AppData\Local\Temp\30zir3qb.reh.exe
C:\Users\Melanie\AppData\Local\Temp\aidtp103.nig.exe
C:\Users\Melanie\AppData\Local\Temp\BackupSetup.exe
C:\Users\Melanie\AppData\Local\Temp\bav2kafb.jof.exe
C:\Users\Melanie\AppData\Local\Temp\cabex.dll
C:\Users\Melanie\AppData\Local\Temp\dmqxnfs5.xyy.exe
C:\Users\Melanie\AppData\Local\Temp\eypucbsr.kll.exe
C:\Users\Melanie\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Melanie\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-2.exe
C:\Users\Melanie\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5412222D2.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541373B41.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5414C52C1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5414C5302.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541616AC1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5417682C1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5418B9AD1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5418B9AF2.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541A0B2C1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541B5CAC1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541B5CAD2.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541CAE2C1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541E03981.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541E039C2.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541F512C1.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd541F512E2.exe
C:\Users\Melanie\AppData\Local\Temp\GPUpd5420A2AC1.exe
C:\Users\Melanie\AppData\Local\Temp\HitmanPro.exe
C:\Users\Melanie\AppData\Local\Temp\InstallAX.exe
C:\Users\Melanie\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Melanie\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Melanie\AppData\Local\Temp\oly0154m.gh0.exe
C:\Users\Melanie\AppData\Local\Temp\oomn2zh0.wh0.exe
C:\Users\Melanie\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Melanie\AppData\Local\Temp\ose00000.exe
C:\Users\Melanie\AppData\Local\Temp\post1.exe
C:\Users\Melanie\AppData\Local\Temp\post2.dll
C:\Users\Melanie\AppData\Local\Temp\post2.exe
C:\Users\Melanie\AppData\Local\Temp\tbapp0.dll
C:\Users\Melanie\AppData\Local\Temp\tls13jyy.55q.exe
C:\Users\Melanie\AppData\Local\Temp\tu17p84.exe
C:\Users\Melanie\AppData\Local\Temp\unelevate.exe
C:\Users\Melanie\AppData\Local\Temp\utt5692.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Melanie\AppData\Local\Temp\x3ovio5k.l04.exe
C:\Users\Melanie\AppData\Local\Temp\ytai_ytareg_setup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-17 08:50
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Melanie at 2014-09-25 18:08:55
Running from C:\Users\Melanie\Desktop\Recovery
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM-x32\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.375.1000 (HKLM-x32\...\{74652686-90F5-477B-9CDD-5134C2717B6F}) (Version: 3.5.375.1000 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-09-2014 02:02:57 Checkpoint by HitmanPro
24-09-2014 12:42:03 Windows Update
25-09-2014 02:38:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-20 18:45 - 00004104 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0       localhost 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
127.0.0.1 ereg.adobe.com 
127.0.0.1 activate.wip3.adobe.com 
127.0.0.1 wip3.adobe.com 
127.0.0.1 3dns-3.adobe.com 
127.0.0.1 3dns-2.adobe.com 
127.0.0.1 adobe-dns.adobe.com 
127.0.0.1 adobe-dns-2.adobe.com 
127.0.0.1 adobe-dns-3.adobe.com 
127.0.0.1 ereg.wip3.adobe.com 
127.0.0.1 activate-sea.adobe.com 
127.0.0.1 wwis-dubc1-vip60.adobe.com 
127.0.0.1 activate-sjc0.adobe.com 
0.0.0.0       localhost 
127.0.0.1 activate.adobe.com 
127.0.0.1 practivate.adobe.com 
127.0.0.1 ereg.adobe.com 
127.0.0.1 activate.wip3.adobe.com 
127.0.0.1 wip3.adobe.com 
127.0.0.1 3dns-3.adobe.com 
127.0.0.1 3dns-2.adobe.com 
127.0.0.1 adobe-dns.adobe.com 
127.0.0.1 adobe-dns-2.adobe.com 
127.0.0.1 adobe-dns-3.adobe.com 
127.0.0.1 ereg.wip3.adobe.com 
127.0.0.1 activate-sea.adobe.com 
127.0.0.1 wwis-dubc1-vip60.adobe.com 
 
There are 64 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BB3A4DB-D959-4C35-A79A-BCCA864A0FED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {25539106-F32C-4090-AE91-81D30CE67A36} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2C802AF9-2208-48FE-8BDF-EC46A2F4464A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {34D59002-70E2-470A-97E7-AF41472AE279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {3FEDFB56-7EBD-4405-8552-EA1CE7885E0C} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe
Task: {47D9CECA-D489-4906-AEFA-B9741864D762} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {7A398A87-F5A5-49BD-AAA2-004302A4523E} - System32\Tasks\AdobeAAMUpdater-1.0-Melanie-PC-Melanie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B085C535-54BF-4210-87FA-4B5ADD58900E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C54C46E2-386B-41A1-8AD7-CB4821268FA8} - System32\Tasks\istcleaner Task => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {CAFD4904-6511-4244-95B6-98D71FB0EA32} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-09-06] ()
Task: {D8A56C81-D450-41D8-B4B2-CC0BC1F1757B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2A55407-4514-4FDC-B174-C32A0134E585} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1628004709-538632468-972459584-1000
Task: {F5D8CC6A-58F6-40FB-8DA3-6668858BEBBE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\istcleaner Task.job => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-01-19 13:02 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-19 13:02 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:47 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:47 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Melanie\AppData\Local\MKmg1gZFedg:KLMZU3wocAKSIwXxePc2UPMd0
AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temp:5MAqyXZOgtys2eOph1Pi
AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temporary Internet Files:a8PZX2eCbXmyC7FzvfGFASRJMqh
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iLivid => "C:\Users\Melanie\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1628004709-538632468-972459584-500 -> Administrator - Disabled - Status: Degraded)
Guest (S-1-5-21-1628004709-538632468-972459584-501 -> Limited - Disabled - Status: Degraded)
HomeGroupUser$ (S-1-5-21-1628004709-538632468-972459584-1002 -> Limited - Enabled - Status: OK)
Melanie (S-1-5-21-1628004709-538632468-972459584-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Melanie
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/25/2014 02:45:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/25/2014 09:22:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Melanie-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/25/2014 09:22:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/25/2014 07:15:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30984279
 
Error: (09/25/2014 07:15:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30984279
 
Error: (09/25/2014 07:15:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/24/2014 08:30:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40948640
 
Error: (09/24/2014 08:30:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40948640
 
Error: (09/24/2014 08:30:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/24/2014 08:30:26 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40947642
 
 
System errors:
=============
Error: (09/25/2014 02:45:31 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x8007041d
 
Error description: The service did not respond to the start or control request in a timely fashion. 
 
Reason: %%892
 
Error: (09/25/2014 02:45:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/25/2014 02:44:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error: 
%%1053
 
Error: (09/25/2014 02:44:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
 
Error: (09/25/2014 02:43:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:42:02 PM on ‎9/‎25/‎2014 was unexpected.
 
Error: (09/25/2014 09:22:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/25/2014 09:19:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/23/2014 07:04:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/22/2014 10:50:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/22/2014 10:54:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2013 04:22:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52227 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 01:21:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 00:21:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 11:20:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 10:20:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 09:20:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 08:20:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 07:20:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 06:20:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 20%
Total physical RAM: 12279.18 MB
Available physical RAM: 9819.9 MB
Total Pagefile: 24556.54 MB
Available Pagefile: 21945.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:333.98 GB) NTFS
Drive d: (ImageCD) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD016BFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Oh, so sorry. Please forgive my ignorance. I thank you for talking time out of you day/night with helping me solve my problem!

 

=============================================================================

=============================================================================

=============================================================================

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Melanie (administrator) on MELANIE-PC on 26-09-2014 21:06:32
Running from C:\Users\Melanie\Desktop\Recovery
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [bService] => C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON8A0F24] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: {13a42f41-569b-11e1-8956-806e6f6e6963} - D:\PCOpenCD.exe
HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: {13a42f42-569b-11e1-8956-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {EFB4FCAD-77B9-41E7-B264-221AC17B87D1} URL = 
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\32il2v8s.default-1411010864146
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-03-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-25 18:29 - 2014-09-26 11:31 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-25 18:05 - 2014-09-26 21:06 - 00000000 ____D () C:\Users\Melanie\Desktop\Recovery
2014-09-25 18:05 - 2014-09-25 18:05 - 02108928 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64 (1).exe
2014-09-24 16:33 - 2014-09-24 16:33 - 02315075 _____ () C:\Users\Melanie\Downloads\IMG_0344.MOV
2014-09-24 08:43 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:43 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2014-09-23 17:26 - 2014-09-26 21:06 - 00000000 ____D () C:\FRST
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-09-21 19:02 - 2014-09-21 19:02 - 00005222 _____ () C:\Windows\DPINST.LOG
2014-09-21 19:02 - 2014-09-21 19:02 - 00000946 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 19:00 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-09-21 19:00 - 2014-09-21 19:00 - 10716552 _____ (LeapFrog Enterprises, Inc.) C:\Users\Melanie\Downloads\LeapFrogConnectSetup_LeapsterGSExplorer.exe
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\Users\Melanie\Downloads\log
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-09-20 20:41 - 2014-09-20 22:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-20 20:40 - 2014-09-20 20:41 - 11194928 _____ (SurfRight B.V.) C:\Users\Melanie\Downloads\HitmanPro_x64.exe
2014-09-19 22:37 - 2014-09-19 22:37 - 00005754 _____ () C:\Users\Melanie\Desktop\Malware_09-19-2014.txt
2014-09-18 15:42 - 2014-09-24 18:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Popcorn Time
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-17 11:34 - 2014-09-17 11:34 - 00275280 _____ () C:\Windows\Minidump\091714-23992-01.dmp
2014-09-17 11:32 - 2014-09-17 11:32 - 00079064 _____ () C:\Windows\system32\Drivers\lcnmrrni.sys
2014-09-17 10:25 - 2014-09-17 10:26 - 00000089 _____ () C:\Users\Melanie\Desktop\Malware_key.txt
2014-09-17 10:15 - 2014-09-17 10:15 - 00000015 _____ () C:\Users\Melanie\Desktop\CapOne_Tech_SupportNumber.txt
2014-09-16 23:07 - 2014-09-21 19:47 - 00004541 _____ () C:\Users\Melanie\Desktop\malware.txt
2014-09-15 22:42 - 2014-09-26 21:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 22:42 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 22:42 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 22:42 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 22:40 - 2014-09-15 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Melanie\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-14 22:06 - 2014-09-14 22:06 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 22:06 - 2014-06-14 10:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-09-14 22:06 - 2014-06-14 10:03 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll
2014-09-14 22:05 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-09-14 12:22 - 2014-09-14 12:22 - 02068480 _____ () C:\Users\Melanie\Desktop\image.jpeg
2014-09-13 22:57 - 2014-09-13 22:57 - 31766208 _____ (Microsoft Corporation) C:\Users\Melanie\Desktop\Windows-KB890830-x64-V5.16.exe
2014-09-12 22:01 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files\iTunes
2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 22:00 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 21:32 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:32 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 21:32 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:32 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:32 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:32 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:32 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:32 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:32 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:32 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:32 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:32 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:32 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:32 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:32 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:32 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:32 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 21:32 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:32 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:32 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 21:32 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:32 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 21:32 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 21:32 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 21:32 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 21:32 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 21:32 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 21:32 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:32 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 21:32 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 21:32 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 21:32 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 21:32 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:32 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:32 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:32 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 21:32 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 21:32 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 21:32 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 21:32 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:32 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 21:32 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 21:32 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 21:32 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:32 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 21:32 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 21:32 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 21:32 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 21:31 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 21:31 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:31 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:31 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 21:24 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 21:24 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:21 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:21 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:21 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:21 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:21 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:21 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:21 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 08:20 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:20 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-07 18:27 - 2014-09-26 18:27 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-06 18:27 - 2014-09-06 18:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GetPrivate
2014-09-03 23:28 - 2014-09-03 23:28 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-03 23:10 - 2014-09-03 23:29 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GitHub
2014-09-03 23:10 - 2014-09-03 23:29 - 00000000 ____D () C:\Users\Melanie\AppData\Local\GitHub
2014-09-03 23:09 - 2014-09-03 23:30 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-08-28 08:17 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:17 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:17 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 21:06 - 2014-09-25 18:05 - 00000000 ____D () C:\Users\Melanie\Desktop\Recovery
2014-09-26 21:06 - 2014-09-23 17:26 - 00000000 ____D () C:\FRST
2014-09-26 21:05 - 2014-09-15 22:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 21:04 - 2014-03-14 20:15 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-26 21:04 - 2014-03-01 22:30 - 00000008 __RSH () C:\Users\Melanie\ntuser.pol
2014-09-26 21:04 - 2012-12-17 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 21:04 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie
2014-09-26 21:04 - 2010-11-20 23:47 - 00308614 _____ () C:\Windows\PFRO.log
2014-09-26 21:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 21:04 - 2009-07-14 00:51 - 00105180 _____ () C:\Windows\setupact.log
2014-09-26 21:03 - 2012-02-13 18:36 - 01920124 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 21:02 - 2013-08-14 19:13 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CRE
2014-09-26 21:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-26 20:45 - 2012-12-17 21:45 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 20:22 - 2012-04-12 15:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 18:27 - 2014-09-07 18:27 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-26 11:40 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 11:40 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 11:32 - 2012-02-14 16:51 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-26 11:31 - 2014-09-25 18:29 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-26 11:31 - 2012-02-15 20:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\uTorrent
2014-09-25 20:44 - 2013-02-28 23:58 - 00000000 ____D () C:\Users\Melanie\AppData\Local\F5C421D1-C777-4EF6-9627-525D77DFB760.aplzod
2014-09-25 18:05 - 2014-09-25 18:05 - 02108928 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64 (1).exe
2014-09-25 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 09:23 - 2012-12-19 22:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 18:47 - 2014-09-18 15:42 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 16:33 - 2014-09-24 16:33 - 02315075 _____ () C:\Users\Melanie\Downloads\IMG_0344.MOV
2014-09-24 13:22 - 2012-04-12 15:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 13:22 - 2012-04-12 15:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 13:22 - 2012-02-16 00:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2014-09-22 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-22 10:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 19:47 - 2014-09-16 23:07 - 00004541 _____ () C:\Users\Melanie\Desktop\malware.txt
2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-09-21 19:12 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 19:02 - 2014-09-21 19:02 - 00005222 _____ () C:\Windows\DPINST.LOG
2014-09-21 19:02 - 2014-09-21 19:02 - 00000946 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files\DIFX
2014-09-21 19:02 - 2014-09-21 19:00 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-09-21 19:00 - 2014-09-21 19:00 - 10716552 _____ (LeapFrog Enterprises, Inc.) C:\Users\Melanie\Downloads\LeapFrogConnectSetup_LeapsterGSExplorer.exe
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\Users\Melanie\Downloads\log
2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-09-20 22:04 - 2014-09-20 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-20 21:01 - 2012-02-15 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-09-20 20:41 - 2014-09-20 20:40 - 11194928 _____ (SurfRight B.V.) C:\Users\Melanie\Downloads\HitmanPro_x64.exe
2014-09-20 07:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-09-19 22:37 - 2014-09-19 22:37 - 00005754 _____ () C:\Users\Melanie\Desktop\Malware_09-19-2014.txt
2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-18 15:36 - 2014-03-11 13:07 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Popcorn-Time
2014-09-18 15:35 - 2014-08-16 19:13 - 02919548 _____ (Popcorn Official) C:\Users\Melanie\AppData\Roaming\package.nw.new
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Popcorn Time
2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-17 23:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2014-09-17 11:34 - 2014-09-17 11:34 - 00275280 _____ () C:\Windows\Minidump\091714-23992-01.dmp
2014-09-17 11:34 - 2014-07-13 14:38 - 1663553555 _____ () C:\Windows\MEMORY.DMP
2014-09-17 11:34 - 2014-07-13 14:38 - 00000000 ____D () C:\Windows\Minidump
2014-09-17 11:32 - 2014-09-17 11:32 - 00079064 _____ () C:\Windows\system32\Drivers\lcnmrrni.sys
2014-09-17 11:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-17 10:26 - 2014-09-17 10:25 - 00000089 _____ () C:\Users\Melanie\Desktop\Malware_key.txt
2014-09-17 10:21 - 2014-09-15 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-17 10:21 - 2014-09-15 22:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 10:15 - 2014-09-17 10:15 - 00000015 _____ () C:\Users\Melanie\Desktop\CapOne_Tech_SupportNumber.txt
2014-09-17 09:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-17 09:35 - 2013-05-15 22:01 - 00037888 ___SH () C:\Users\Melanie\Thumbs.db
2014-09-15 22:58 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2014-09-15 22:57 - 2014-06-20 17:19 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-09-15 22:57 - 2012-02-15 20:18 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-15 22:42 - 2014-09-15 22:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Melanie\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-15 18:30 - 2014-08-19 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 22:06 - 2014-09-14 22:06 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-09-14 22:06 - 2014-09-14 22:05 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time
2014-09-14 22:06 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie\AppData\Local\VirtualStore
2014-09-14 12:22 - 2014-09-14 12:22 - 02068480 _____ () C:\Users\Melanie\Desktop\image.jpeg
2014-09-13 22:57 - 2014-09-13 22:57 - 31766208 _____ (Microsoft Corporation) C:\Users\Melanie\Desktop\Windows-KB890830-x64-V5.16.exe
2014-09-12 22:01 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iTunes
2014-09-12 22:01 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-12 22:00 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 09:10 - 2012-03-07 01:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Clip Art Collection
2014-09-10 21:42 - 2012-04-25 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-10 21:34 - 2012-02-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 21:30 - 2012-02-14 16:26 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 21:30 - 2012-02-14 16:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 21:30 - 2012-02-14 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 21:30 - 2012-02-14 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 21:29 - 2013-08-11 04:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:29 - 2012-05-01 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 21:24 - 2014-05-06 23:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 18:11 - 2014-09-24 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-24 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-06 18:27 - 2014-09-06 18:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 18:26 - 2014-09-06 18:26 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GetPrivate
2014-09-04 22:10 - 2014-09-10 08:19 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 08:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 23:30 - 2014-09-03 23:09 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-09-03 23:30 - 2014-07-02 22:14 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Deployment
2014-09-03 23:29 - 2014-09-03 23:10 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\GitHub
2014-09-03 23:29 - 2014-09-03 23:10 - 00000000 ____D () C:\Users\Melanie\AppData\Local\GitHub
2014-09-03 23:28 - 2014-09-03 23:28 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-08-29 13:01 - 2012-02-14 16:59 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-29 03:18 - 2009-07-14 00:45 - 04982824 _____ () C:\Windows\system32\FNTCACHE.DAT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 11:57
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 

=============================================================================

=============================================================================

=============================================================================

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Melanie at 2014-09-26 21:07:21
Running from C:\Users\Melanie\Desktop\Recovery
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)
Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM-x32\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.375.1000 (HKLM-x32\...\{74652686-90F5-477B-9CDD-5134C2717B6F}) (Version: 3.5.375.1000 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-09-2014 02:02:57 Checkpoint by HitmanPro
24-09-2014 12:42:03 Windows Update
25-09-2014 02:38:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-26 21:02 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BB3A4DB-D959-4C35-A79A-BCCA864A0FED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {25539106-F32C-4090-AE91-81D30CE67A36} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2C802AF9-2208-48FE-8BDF-EC46A2F4464A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {34D59002-70E2-470A-97E7-AF41472AE279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)
Task: {47D9CECA-D489-4906-AEFA-B9741864D762} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {7A398A87-F5A5-49BD-AAA2-004302A4523E} - System32\Tasks\AdobeAAMUpdater-1.0-Melanie-PC-Melanie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {B085C535-54BF-4210-87FA-4B5ADD58900E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {D8A56C81-D450-41D8-B4B2-CC0BC1F1757B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2A55407-4514-4FDC-B174-C32A0134E585} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1628004709-538632468-972459584-1000
Task: {F5D8CC6A-58F6-40FB-8DA3-6668858BEBBE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-01-19 13:02 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-19 13:02 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:47 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:47 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:47 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temporary Internet Files:a8PZX2eCbXmyC7FzvfGFASRJMqh
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: iLivid => "C:\Users\Melanie\AppData\Local\iLivid\iLivid.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1628004709-538632468-972459584-500 -> Administrator - Disabled - Status: Degraded)
Guest (S-1-5-21-1628004709-538632468-972459584-501 -> Limited - Disabled - Status: Degraded)
HomeGroupUser$ (S-1-5-21-1628004709-538632468-972459584-1002 -> Limited - Enabled - Status: OK)
Melanie (S-1-5-21-1628004709-538632468-972459584-1000 -> Administrator - Enabled - Status: OK) => C:\Users\Melanie
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/26/2014 09:05:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 11:34:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2014 11:16:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50106492
 
Error: (09/26/2014 11:16:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50106492
 
Error: (09/26/2014 11:16:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/25/2014 02:45:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/25/2014 09:22:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: Melanie-PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/25/2014 09:22:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/25/2014 07:15:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30984279
 
Error: (09/25/2014 07:15:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30984279
 
 
System errors:
=============
Error: (09/26/2014 09:05:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/26/2014 09:03:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%109
 
Error: (09/26/2014 09:03:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
%%1069
 
Error: (09/26/2014 09:03:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (09/26/2014 09:03:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/26/2014 09:03:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/26/2014 09:03:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (09/26/2014 09:02:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (09/26/2014 09:02:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/26/2014 09:02:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2013 04:22:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52227 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 01:21:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 00:21:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 11:20:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 10:20:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 09:20:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 08:20:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 07:20:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2012 06:20:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 21%
Total physical RAM: 12279.18 MB
Available physical RAM: 9670.5 MB
Total Pagefile: 24556.54 MB
Available Pagefile: 21834.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:337.33 GB) NTFS
Drive d: (ImageCD) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD016BFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

please post also here the fixlog.txt... :)

Step 1

Scan with mbam.pngMalwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

I uninstalled a recent update to uTorrent software. The Malwarebytes scans are not picking anything up anymore. Ill insert the log files as requested. 

 

=============================================================================

=============================================================================

=============================================================================

Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Melanie at 2014-09-26 21:02:16 Run:1
Running from C:\Users\Melanie\Desktop\Recovery
Loaded Profile: Melanie (Available profiles: Melanie)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [bhonlaanaiplgdkbhimogmnjgiiljijc] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode443\ch\MediaBuzzV1mode443.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx [2013-08-11]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Melanie\AppData\Local\MKmg1gZFedg:KLMZU3wocAKSIwXxePc2UPMd0
AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temp:5MAqyXZOgtys2eOph1Pi
AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temporary Internet Files:a8PZX2eCbXmyC7FzvfGFASRJMqh
Task: C:\Windows\Tasks\istcleaner Task.job => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {C54C46E2-386B-41A1-8AD7-CB4821268FA8} - System32\Tasks\istcleaner Task => C:\Users\Melanie\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {3FEDFB56-7EBD-4405-8552-EA1CE7885E0C} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe
C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe
C:\Program Files (x86)\GetPrivate
C:\Users\Melanie\AppData\Roaming\UpdateServ
Task: {CAFD4904-6511-4244-95B6-98D71FB0EA32} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-09-06] ()
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi" => Key deleted successfully.
C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhonlaanaiplgdkbhimogmnjgiiljijc" => Key deleted successfully.
"C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode443\ch\MediaBuzzV1mode443.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ggamifejnddpoocdmadhjdbgaijnphdi" => Key deleted successfully.
"C:\Users\Melanie\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx" => File/Directory not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\Users\Melanie\AppData\Local\MKmg1gZFedg => ":KLMZU3wocAKSIwXxePc2UPMd0" ADS removed successfully.
C:\Users\Melanie\AppData\Local\Temp => ":5MAqyXZOgtys2eOph1Pi" ADS removed successfully.
"C:\Users\Melanie\AppData\Local\Temporary Internet Files" => ":a8PZX2eCbXmyC7FzvfGFASRJMqh" ADS not found.
C:\Windows\Tasks\istcleaner Task.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C54C46E2-386B-41A1-8AD7-CB4821268FA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C54C46E2-386B-41A1-8AD7-CB4821268FA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\istcleaner Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\istcleaner Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FEDFB56-7EBD-4405-8552-EA1CE7885E0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEDFB56-7EBD-4405-8552-EA1CE7885E0C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Chrome Launcher => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome Launcher" => Key deleted successfully.
"C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe" => File/Directory not found.
C:\Program Files (x86)\GetPrivate => Moved successfully.
"C:\Users\Melanie\AppData\Roaming\UpdateServ" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAFD4904-6511-4244-95B6-98D71FB0EA32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAFD4904-6511-4244-95B6-98D71FB0EA32}" => Key deleted successfully.
C:\Windows\System32\Tasks\GPUP => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 

=============================================================================

=============================================================================

=============================================================================

Malwarebytes.txt

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/28/2014
Scan Time: 9:06:04 PM
Logfile: Malwarebytes_Scan_Log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.29.01
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Melanie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342971
Time Elapsed: 5 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 

=============================================================================

=============================================================================

=============================================================================

AdwCleaner[s0].txt

 

 

 

# AdwCleaner v3.310 - Report created 28/09/2014 at 
 
21:14:55
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 
 
1 (64 bits)
# Username : Melanie - MELANIE-PC
# Running from : C:\Users\Melanie\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Melanie\AppData\Local\Conduit
Folder Deleted : C:\Users\Melanie\AppData\LocalLow
 
\Conduit
Folder Deleted : C:\Users\Melanie\AppData\Roaming
 
\GetPrivate
File Deleted : C:\Users\Melanie\AppData\Roaming
 
\aps.uninstall.scan.results
File Deleted : C:\Users\Melanie\AppData\Roaming
 
\LiveSupport.exe_log.txt
File Deleted : C:\Users\Melanie\AppData\Roaming
 
\regsvr32.exe_log.txt
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing
 
\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing
 
\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing
 
\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing
 
\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows
 
\CurrentVersion\Run [bService]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-
 
132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-
 
F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-
 
0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-
 
01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Proxy
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software
 
\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-
 
889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-
 
5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-
 
C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\BFlix
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\Proxy
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Melanie\AppData\Roaming\Mozilla
 
\Firefox\Profiles\32il2v8s.default-
 
1411010864146\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Melanie\AppData\Local\Google\Chrome
 
\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2994 octets] - [28/09/2014 
 
20:58:22]
AdwCleaner[s0].txt - [2905 octets] - [28/09/2014 
 
21:14:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - 
 
[2965 octets] ##########
 
Link to post
Share on other sites

Let's do a final check up:


Step 1


Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click on Start. The virus signature database will begin to download. This may take some time. [*]When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient. [*]When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! [*]Now click on Finish [*]A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.


Note: Do not forget to re-enable your antivirus application after running the above scan!

 

Step 2

 

 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

=============================================================================


=============================================================================


=============================================================================


ESET Log


 


 


ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=d849ba7c6789d649a337ad74e9055e9d

# engine=20451

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-10-05 04:52:44

# local_time=2014-10-05 12:52:44 (-0500, Eastern 

 

Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 1207364 

 

106593974 0 0

# scanned=261993

# found=4

# cleaned=0

# scan_time=4937

sh=A2950BF34BB181865D3C67EFD34D9A60A0F07CC7 ft=0 

 

fh=0000000000000000 vn="a variant of 

 

Win32/Toolbar.Conduit.AH potentially unwanted 

 

application" ac=I fn="C:\FRST\Quarantine\C\Users

 

\Melanie\AppData\Local\CRE

 

\ggamifejnddpoocdmadhjdbgaijnphdi.crx.xBAD"

sh=13C7186279CC716CA0FEAD58896EEA84FB460A78 ft=1 

 

fh=0773f7a444c293a9 vn="a variant of Win32/AnyProtect.D 

 

potentially unwanted application" ac=I fn="C:\Users

 

\Melanie\AppData\Local\nsp2EDA.tmp"

sh=B3D42DAC5BE1039A601D3C8D6DD6C3F68BA05EF8 ft=1 

 

fh=190fff6348a719b0 vn="a variant of Win32/SpeedBit.A 

 

potentially unwanted application" ac=I fn="C:\Users

 

\Melanie\AppData\Local\Installer

 

\Install_15412\ytai_ytareg_setup.exe"

sh=B3D42DAC5BE1039A601D3C8D6DD6C3F68BA05EF8 ft=1 

 

fh=190fff6348a719b0 vn="a variant of Win32/SpeedBit.A 

 

potentially unwanted application" ac=I fn="C:\Users

 

\Melanie\AppData\Local\Installer

 

\Install_17219\ytai_ytareg_setup.exe"

 

 

 


=============================================================================


=============================================================================


=============================================================================


Addition Log


 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014

Ran by Melanie at 2014-10-05 13:01:40

Running from C:\Users\Melanie\Desktop\Recovery

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Apps Migration For Microsoft Outlook® 3.0.19.44 (HKLM-x32\...\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}) (Version: 3.0.19.44 - Google, Inc.)

Google Apps Sync™ for Microsoft Outlook® 3.5.380.1010 (HKLM-x32\...\{DE0A6BFF-9531-4681-BCDD-884B84AB2F89}) (Version: 3.5.380.1010 - Google, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)

LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

24-09-2014 12:42:03 Windows Update

25-09-2014 02:38:27 Windows Update

28-09-2014 13:12:42 Windows Update

01-10-2014 03:11:07 Windows Update

05-10-2014 12:51:21 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-09-26 21:02 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0BB3A4DB-D959-4C35-A79A-BCCA864A0FED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)

Task: {25539106-F32C-4090-AE91-81D30CE67A36} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {2C802AF9-2208-48FE-8BDF-EC46A2F4464A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)

Task: {34D59002-70E2-470A-97E7-AF41472AE279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.)

Task: {47D9CECA-D489-4906-AEFA-B9741864D762} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {7A398A87-F5A5-49BD-AAA2-004302A4523E} - System32\Tasks\AdobeAAMUpdater-1.0-Melanie-PC-Melanie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {B085C535-54BF-4210-87FA-4B5ADD58900E} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {D8A56C81-D450-41D8-B4B2-CC0BC1F1757B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E2A55407-4514-4FDC-B174-C32A0134E585} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1628004709-538632468-972459584-1000

Task: {F5D8CC6A-58F6-40FB-8DA3-6668858BEBBE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2014-01-19 13:02 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

2014-01-19 13:02 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll

2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-09-24 18:47 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

2014-09-24 18:47 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll

2014-09-24 18:47 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 18:47 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 18:47 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Melanie\AppData\Local\Temporary Internet Files:a8PZX2eCbXmyC7FzvfGFASRJMqh

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: iLivid => "C:\Users\Melanie\AppData\Local\iLivid\iLivid.exe" -autorun

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1628004709-538632468-972459584-500 - Administrator - Disabled)

Guest (S-1-5-21-1628004709-538632468-972459584-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1628004709-538632468-972459584-1002 - Limited - Enabled)

Melanie (S-1-5-21-1628004709-538632468-972459584-1000 - Administrator - Enabled) => C:\Users\Melanie

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/05/2014 00:59:09 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/05/2014 11:26:23 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/05/2014 11:26:21 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/05/2014 11:26:21 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/05/2014 08:40:53 AM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (10/05/2014 08:40:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 37588675

 

Error: (10/05/2014 08:40:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 37588675

 

Error: (10/05/2014 08:40:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/05/2014 08:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 37587676

 

Error: (10/05/2014 08:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 37587676

 

 

System errors:

=============

Error: (10/04/2014 02:41:13 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {DD000CBD-67A6-423F-9132-1A2D0F76EAD5}

 

Error: (10/01/2014 09:42:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (10/01/2014 09:42:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )

Description: WMPNetworkSvc0x80070420

 

Error: (10/01/2014 09:40:26 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (09/29/2014 11:01:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (09/29/2014 10:59:23 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (09/29/2014 10:42:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (09/29/2014 10:40:40 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (09/28/2014 09:17:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (09/28/2014 09:15:30 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

 

Microsoft Office Sessions:

=========================

Error: (08/14/2013 04:22:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52227 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 01:21:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 00:21:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 11:20:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 10:20:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 09:20:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 08:20:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 07:20:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (02/20/2012 06:20:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7 CPU 920 @ 2.67GHz

Percentage of memory in use: 21%

Total physical RAM: 12279.18 MB

Available physical RAM: 9676.23 MB

Total Pagefile: 24556.54 MB

Available Pagefile: 21632.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.66 GB) (Free:337.21 GB) NTFS

Drive d: (ImageCD) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD016BFE)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

 


=============================================================================


=============================================================================


=============================================================================


FRST Log


 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014

Ran by Melanie (administrator) on MELANIE-PC on 05-10-2014 13:01:11

Running from C:\Users\Melanie\Desktop\Recovery

Loaded Profile: Melanie (Available profiles: Melanie)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON8A0F24] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [EPSON WorkForce 610 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\Run: [WorkForce 610(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE [223232 2009-01-26] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-1628004709-538632468-972459584-1000\...\MountPoints2: {13a42f41-569b-11e1-8956-806e6f6e6963} - D:\PCOpenCD.exe

HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\32il2v8s.default-1411010864146

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-03-04]

 

Chrome: 

=======

CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-05 11:26 - 2014-10-05 11:26 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-10-04 22:04 - 2014-10-04 22:04 - 02347384 _____ (ESET) C:\Users\Melanie\Desktop\esetsmartinstaller_enu.exe

2014-10-04 15:46 - 2014-10-04 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync

2014-09-30 15:10 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-30 15:10 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-29 11:11 - 2014-09-29 11:11 - 01155223 _____ () C:\Users\Melanie\Downloads\Paystubs.zip

2014-09-29 11:11 - 2014-09-29 11:11 - 01155223 _____ () C:\Users\Melanie\Downloads\Paystubs (1).zip

2014-09-28 20:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-28 20:56 - 2014-09-29 22:59 - 00000000 ____D () C:\AdwCleaner

2014-09-27 13:09 - 2014-09-27 13:09 - 01373475 _____ () C:\Users\Melanie\Desktop\AdwCleaner.exe

2014-09-25 18:05 - 2014-10-05 13:01 - 00000000 ____D () C:\Users\Melanie\Desktop\Recovery

2014-09-25 18:05 - 2014-09-25 18:05 - 02108928 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64 (1).exe

2014-09-24 16:33 - 2014-09-24 16:33 - 02315075 _____ () C:\Users\Melanie\Downloads\IMG_0344.MOV

2014-09-24 08:43 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 08:43 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-23 17:26 - 2014-10-05 13:01 - 00000000 ____D () C:\FRST

2014-09-21 19:18 - 2014-09-21 19:18 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog

2014-09-21 19:02 - 2014-09-21 19:02 - 00005222 _____ () C:\Windows\DPINST.LOG

2014-09-21 19:02 - 2014-09-21 19:02 - 00000946 _____ () C:\Users\Public\Desktop\LeapFrog Connect.lnk

2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

2014-09-21 19:02 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files\DIFX

2014-09-21 19:00 - 2014-09-21 19:02 - 00000000 ____D () C:\Program Files (x86)\LeapFrog

2014-09-21 19:00 - 2014-09-21 19:00 - 10716552 _____ (LeapFrog Enterprises, Inc.) C:\Users\Melanie\Downloads\LeapFrogConnectSetup_LeapsterGSExplorer.exe

2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\Users\Melanie\Downloads\log

2014-09-21 19:00 - 2014-09-21 19:00 - 00000000 ____D () C:\ProgramData\Leapfrog

2014-09-20 20:41 - 2014-09-20 22:04 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-09-20 20:40 - 2014-09-20 20:41 - 11194928 _____ (SurfRight B.V.) C:\Users\Melanie\Downloads\HitmanPro_x64.exe

2014-09-18 15:42 - 2014-09-24 18:47 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-18 15:42 - 2014-09-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Popcorn Time

2014-09-18 15:34 - 2014-09-18 15:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2014-09-17 11:34 - 2014-09-17 11:34 - 00275280 _____ () C:\Windows\Minidump\091714-23992-01.dmp

2014-09-17 11:32 - 2014-09-17 11:32 - 00079064 _____ () C:\Windows\system32\Drivers\lcnmrrni.sys

2014-09-15 22:42 - 2014-10-05 10:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-15 22:42 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-15 22:42 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-15 22:42 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-15 22:42 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-14 22:06 - 2014-09-14 22:06 - 00001121 _____ () C:\Users\Public\Desktop\Popcorn Time.lnk

2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

2014-09-14 22:06 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack

2014-09-14 22:06 - 2014-06-14 10:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll

2014-09-14 22:06 - 2014-06-14 10:03 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll

2014-09-14 22:05 - 2014-09-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time

2014-09-12 22:01 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files\iTunes

2014-09-12 22:00 - 2014-09-12 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-12 22:00 - 2014-09-12 22:00 - 00000000 ____D () C:\Program Files\iPod

2014-09-10 21:32 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 21:32 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 21:32 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 21:32 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 21:32 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 21:32 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 21:32 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 21:32 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 21:32 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 21:32 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 21:32 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 21:32 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 21:32 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 21:32 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 21:32 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 21:32 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 21:32 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 21:32 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 21:32 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 21:32 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 21:32 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 21:32 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 21:32 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 21:32 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 21:32 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 21:32 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 21:32 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 21:32 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 21:32 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 21:32 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 21:32 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 21:32 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 21:32 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 21:32 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 21:32 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 21:32 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 21:32 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 21:32 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 21:32 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 21:32 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 21:32 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 21:32 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 21:32 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 21:32 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 21:32 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 21:32 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 21:32 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 21:32 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 21:32 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 21:32 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 21:32 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 21:32 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 21:31 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 21:31 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 21:31 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 21:31 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 21:24 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 21:24 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 08:21 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 08:21 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 08:21 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 08:21 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 08:21 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 08:21 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 08:21 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 08:20 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 08:20 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 08:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-10 08:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-07 18:27 - 2014-09-26 18:27 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-09-06 18:27 - 2014-09-06 18:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-05 12:45 - 2012-12-17 21:45 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-05 12:22 - 2012-04-12 15:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-05 09:09 - 2012-02-13 18:36 - 01307051 _____ () C:\Windows\WindowsUpdate.log

2014-10-05 08:50 - 2012-12-17 21:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-04 19:16 - 2009-07-14 00:51 - 00107028 _____ () C:\Windows\setupact.log

2014-10-04 18:49 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-04 18:49 - 2009-07-14 00:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-04 18:47 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-03 22:57 - 2013-02-28 23:58 - 00000000 ____D () C:\Users\Melanie\AppData\Local\F5C421D1-C777-4EF6-9627-525D77DFB760.aplzod

2014-10-01 21:41 - 2009-07-14 01:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-01 21:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-29 23:00 - 2010-11-20 23:47 - 00309234 _____ () C:\Windows\PFRO.log

2014-09-29 22:43 - 2012-02-15 23:58 - 00000000 ____D () C:\_Melanie

2014-09-28 21:40 - 2013-08-21 17:58 - 00007629 _____ () C:\Users\Melanie\AppData\Local\Resmon.ResmonCfg

2014-09-27 13:49 - 2012-02-15 20:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\uTorrent

2014-09-27 13:09 - 2013-05-15 22:01 - 00037888 ___SH () C:\Users\Melanie\Thumbs.db

2014-09-26 21:04 - 2014-03-14 20:15 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-26 21:04 - 2014-03-01 22:30 - 00000008 __RSH () C:\Users\Melanie\ntuser.pol

2014-09-26 21:04 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie

2014-09-26 21:02 - 2013-08-14 19:13 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CRE

2014-09-26 21:02 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-26 11:32 - 2012-02-14 16:51 - 00000000 ____D () C:\Windows\PCHEALTH

2014-09-25 09:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-09-25 09:23 - 2012-12-19 22:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-24 13:22 - 2012-04-12 15:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-24 13:22 - 2012-04-12 15:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-24 13:22 - 2012-02-16 00:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-23 07:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-22 10:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration

2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-20 21:01 - 2012-02-15 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-09-20 07:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas

2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google

2014-09-18 15:42 - 2012-02-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Google

2014-09-18 15:36 - 2014-03-11 13:07 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Popcorn-Time

2014-09-18 15:35 - 2014-08-16 19:13 - 02919548 _____ (Popcorn Official) C:\Users\Melanie\AppData\Roaming\package.nw.new

2014-09-17 23:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance

2014-09-17 11:34 - 2014-07-13 14:38 - 1663553555 _____ () C:\Windows\MEMORY.DMP

2014-09-17 11:34 - 2014-07-13 14:38 - 00000000 ____D () C:\Windows\Minidump

2014-09-17 11:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-09-17 09:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache

2014-09-15 22:58 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew

2014-09-15 22:57 - 2014-06-20 17:19 - 00000000 ____D () C:\ProgramData\UpdateServer

2014-09-15 22:57 - 2012-02-15 20:18 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-15 18:30 - 2014-08-19 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-14 22:06 - 2012-02-13 18:36 - 00000000 ____D () C:\Users\Melanie\AppData\Local\VirtualStore

2014-09-12 09:10 - 2012-03-07 01:15 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Clip Art Collection

2014-09-10 21:42 - 2012-04-25 21:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-10 21:34 - 2012-02-14 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 21:30 - 2012-02-14 16:26 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 21:30 - 2012-02-14 16:26 - 00002155 _____ () C:\Windows\epplauncher.mif

2014-09-10 21:30 - 2012-02-14 16:26 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-09-10 21:30 - 2012-02-14 16:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-09-10 21:29 - 2013-08-11 04:09 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 21:29 - 2012-05-01 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-09-10 21:24 - 2014-05-06 23:12 - 00000000 ___SD () C:\Windows\system32\CompatTel

 

Some content of TEMP:

====================

C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 11:57

 

==================== End Of Log ============================


Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.