Jump to content

gaboyde88

Members
  • Content Count

    28
  • Joined

  • Last visited

About gaboyde88

  • Rank
    Member
  1. ComboFix 14-03-16.01 - rhonda 03/18/2014 1:49.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4241 [GMT -4:00] Running from: c:\users\rhonda\Desktop\ComboFix.exe Command switches used :: c:\users\rhonda\Desktop\CFScript.txt AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051} FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A} SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC} . FILE :: "c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll . . ((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 ))))))))))))))))))))))))))))))) . . 2014-03-18 05:54 . 2014-03-18 05:54 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-03-18 05:54 . 2014-03-18 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-15 05:51 . 2014-03-15 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-03-15 05:51 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-12 14:47 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 14:47 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 14:47 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 14:47 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-12 01:14 . 2014-03-12 01:14 -------- d-----w- c:\windows\ERUNT 2014-03-12 00:44 . 2014-03-12 00:50 -------- d-----w- C:\AdwCleaner 2014-03-08 04:10 . 2014-03-17 23:55 -------- d-----w- C:\FRST 2014-03-05 22:14 . 2014-03-05 22:14 388096 ----a-r- c:\users\rhonda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\users\Default\AppData\Local\WinZip 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\programdata\WinZip 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\program files\WinZip 2014-02-17 15:07 . 2014-02-17 15:14 -------- d-----w- C:\9481374f8c049f51497b20cbb3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 11:59 . 2012-04-19 21:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-12 11:59 . 2011-09-21 00:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-17 15:07 . 2011-09-20 05:02 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-23 22:40 . 2013-08-27 00:17 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-01-18 05:47 . 2014-01-18 05:47 90112 ----a-w- c:\windows\system32\igfxCoIn_v2993.dll 2014-01-18 05:47 . 2014-01-18 05:47 378368 ----a-w- c:\windows\system32\igfxTMM.dll 2014-01-18 05:47 . 2014-01-18 05:47 168944 ----a-w- c:\windows\system32\igfxtray.exe 2014-01-18 05:47 . 2014-01-18 05:47 510960 ----a-w- c:\windows\system32\igfxsrvc.exe 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrsky.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrus.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrom.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrsve.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrslv.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrtha.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrptg.lrc 2014-01-18 05:47 . 2011-02-12 01:46 62464 ----a-w- c:\windows\system32\igfxsrvc.dll 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrplk.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrnld.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrita.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrptb.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrnor.lrc 2014-01-18 05:47 . 2014-01-18 05:47 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc 2014-01-18 05:47 . 2014-01-18 05:47 283136 ----a-w- c:\windows\system32\igfxrkor.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrhun.lrc 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrfra.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrfin.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrheb.lrc 2014-01-18 05:47 . 2014-01-18 05:47 9014784 ----a-w- c:\windows\system32\igfxress.dll 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxresn.lrc 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrell.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrenu.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrdan.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrara.lrc 2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrcht.lrc 2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrchs.lrc 2014-01-18 05:47 . 2014-01-18 05:47 376320 ----a-w- c:\windows\system32\igfxpph.dll 2014-01-18 05:47 . 2014-01-18 05:47 418800 ----a-w- c:\windows\system32\igfxpers.exe 2014-01-18 05:47 . 2014-01-18 05:47 28672 ----a-w- c:\windows\system32\igfxexps.dll 2014-01-18 05:47 . 2014-01-18 05:47 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2014-01-18 05:47 . 2014-01-18 05:47 241136 ----a-w- c:\windows\system32\igfxext.exe 2014-01-18 05:47 . 2014-01-18 05:47 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2014-01-18 05:47 . 2014-01-18 05:47 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2014-01-18 05:47 . 2014-01-18 05:47 390144 ----a-w- c:\windows\system32\igfxdev.dll 2014-01-18 05:47 . 2014-01-18 05:47 142336 ----a-w- c:\windows\system32\igfxdo.dll 2014-01-18 05:47 . 2014-01-18 05:47 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2014-01-18 05:47 . 2014-01-18 05:47 246784 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2014-01-18 05:47 . 2014-01-18 05:47 219136 ----a-w- c:\windows\system32\igfxcmrt64.dll 2014-01-18 05:47 . 2014-01-18 05:47 2780160 ----a-w- c:\windows\system32\igfxcmjit64.dll 2014-01-18 05:47 . 2014-01-18 05:47 2191872 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2014-01-18 05:47 . 2014-01-18 05:47 8314368 ----a-w- c:\windows\system32\igdumd64.dll 2014-01-18 05:47 . 2011-02-12 02:09 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll 2014-01-18 05:47 . 2011-02-12 02:12 6324224 ----a-w- c:\windows\SysWow64\igdumd32.dll 2014-01-18 05:47 . 2014-01-18 05:46 12312928 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2014-01-18 05:46 . 2011-02-12 02:07 9528832 ----a-w- c:\windows\system32\igd10umd64.dll 2014-01-18 05:46 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2014-01-18 05:46 . 2014-01-18 05:46 18664960 ----a-w- c:\windows\system32\ig4icd64.dll 2014-01-18 05:46 . 2014-01-18 05:46 13913600 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2014-01-18 05:46 . 2014-01-18 05:46 394224 ----a-w- c:\windows\system32\hkcmd.exe 2014-01-18 05:46 . 2014-01-18 05:46 4380144 ----a-w- c:\windows\system32\GfxUI.exe 2014-01-18 05:46 . 2011-02-12 01:45 110080 ----a-w- c:\windows\system32\hccutils.dll 2014-01-18 05:46 . 2014-01-18 05:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll 2014-01-18 05:46 . 2014-01-18 05:46 185840 ----a-w- c:\windows\system32\difx64.exe 2014-01-18 05:42 . 2014-01-18 05:42 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll 2014-01-18 05:42 . 2014-01-18 05:42 155888 ----a-w- c:\windows\system32\SRSWOW64.dll 2014-01-18 05:42 . 2014-01-18 05:42 518896 ----a-w- c:\windows\system32\SRSTSX64.dll 2014-01-18 05:42 . 2014-01-18 05:42 211184 ----a-w- c:\windows\system32\SRSTSH64.dll 2014-01-18 05:42 . 2014-01-18 05:42 198896 ----a-w- c:\windows\system32\SRSHP64.dll 2014-01-18 05:41 . 2014-01-18 05:41 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl 2014-01-18 05:41 . 2014-01-18 05:41 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll 2014-01-18 05:41 . 2014-01-18 05:41 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2014-01-18 05:41 . 2014-01-18 05:41 3760344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2014-01-18 05:41 . 2014-01-18 05:41 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll 2014-01-18 05:41 . 2014-01-18 05:41 149608 ----a-w- c:\windows\system32\RtkCfg64.dll 2014-01-18 05:41 . 2014-01-18 05:41 2588888 ----a-w- c:\windows\system32\RtkAPO64.dll 2014-01-18 05:41 . 2014-01-18 05:41 1021656 ----a-w- c:\windows\system32\RtkApi64.dll 2014-01-18 05:41 . 2014-01-18 05:41 78680 ----a-w- c:\windows\system32\RTEEG64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 618200 ----a-w- c:\windows\system32\RtDataProc64.dll 2014-01-18 05:41 . 2014-01-18 05:41 375128 ----a-w- c:\windows\system32\RTEEP64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 204120 ----a-w- c:\windows\system32\RTEED64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 101208 ----a-w- c:\windows\system32\RTEEL64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 1286872 ----a-w- c:\windows\system32\RTCOM64.dll 2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DHT64.dll 2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DAA64.dll 2014-01-18 05:41 . 2014-01-18 05:41 154840 ----a-w- c:\windows\system32\RCoInstII64.dll 2014-01-18 05:40 . 2014-01-18 05:40 397080 ----a-w- c:\windows\system32\MBWrp64.dll 2014-01-18 05:40 . 2014-01-18 05:40 628504 ----a-w- c:\windows\system32\MBTHX64.dll 2014-01-18 05:40 . 2014-01-18 05:40 563992 ----a-w- c:\windows\SysWow64\MBTHX32.dll 2014-01-18 05:40 . 2014-01-18 05:40 897152 ----a-w- c:\windows\system32\MBAPO64.dll 2014-01-18 05:40 . 2014-01-18 05:40 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll 2014-01-18 05:40 . 2014-01-18 05:40 1998104 ----a-w- c:\windows\system32\MBAPO264.dll 2014-01-18 05:40 . 2014-01-18 05:40 1727256 ----a-w- c:\windows\SysWow64\MBAPO232.dll 2014-01-18 05:39 . 2014-01-18 05:39 2036992 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll 2014-01-18 05:39 . 2014-01-18 05:39 1013504 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll 2014-01-18 05:39 . 2014-01-18 05:39 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll 2014-01-18 05:38 . 2014-01-18 05:38 2743328 ----a-w- c:\windows\system32\FMAPO64.dll 2014-01-18 05:38 . 2014-01-18 05:38 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-16 6563608] "ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-29 354632] "Kooboodle"="c:\programdata\Clickfree\kooboodle\Kooboodle.exe" [2013-07-19 1030472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360] "SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-08-30 3216272] "CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x] R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x] R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x] R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x] R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-15 12:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 11:59] . 2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30] . 2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30] . 2014-03-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3534355d-0df4-4e5e-9608-bd04a11b3060.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-18 13662936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-18 168944] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-18 394224] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-18 418800] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll FF - ProfilePath - c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2014-02-28 15:57; [email protected]; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\[email protected] FF - ExtSQL: 2014-03-05 08:14; [email protected]; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\[email protected] . - - - - ORPHANS REMOVED - - - - . BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file) AddRemove-AccelerateTab_is1 - c:\program files (x86)\Secure Speed Dial\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-03-18 01:59:18 ComboFix-quarantined-files.txt 2014-03-18 05:59 ComboFix2.txt 2014-03-18 00:40 . Pre-Run: 35,956,408,320 bytes free Post-Run: 35,885,629,440 bytes free . - - End Of File - - 74B2C06635B58F48DEE1262F61A41E90 A36C5E4F47E84449FF07ED3517B43A31 Computer seems to be running fine.
  2. fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014 Ran by rhonda at 2014-03-17 19:55:22 Run:2 Running from C:\Users\rhonda\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe C:\Users\rhonda\Documents\ArcadeFrontierGames.exe C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe C:\Users\rhonda\Downloads\asc-setup.exe C:\Users\rhonda\Downloads\chromeinstall-6u31.exe C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe C:\Users\rhonda\Downloads\gtk2144-setup (1).exe C:\Users\rhonda\Downloads\gtk2144-setup.exe C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe C:\Users\rhonda\Downloads\speedupmypc(1).exe C:\Users\rhonda\Downloads\speedupmypc.exe C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe C:\Users\rhonda\Downloads\trojen killer.exe C:\Users\rhonda\Downloads\winzip155.exe C:\Users\rhonda\Downloads\WinZip175.exe C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z CMD: ipconfig /flushdns Reboot: end ***************** C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe => Moved successfully. "C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe" => File/Directory not found. C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe => Moved successfully. C:\Users\rhonda\Documents\ArcadeFrontierGames.exe => Moved successfully. C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe => Moved successfully. C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe => Moved successfully. C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe => Moved successfully. C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe => Moved successfully. C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe => Moved successfully. C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe => Moved successfully. C:\Users\rhonda\Downloads\asc-setup.exe => Moved successfully. C:\Users\rhonda\Downloads\chromeinstall-6u31.exe => Moved successfully. C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe => Moved successfully. C:\Users\rhonda\Downloads\gtk2144-setup (1).exe => Moved successfully. C:\Users\rhonda\Downloads\gtk2144-setup.exe => Moved successfully. C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe => Moved successfully. C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe => Moved successfully. C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe => Moved successfully. C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe => Moved successfully. C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe => Moved successfully. C:\Users\rhonda\Downloads\speedupmypc(1).exe => Moved successfully. C:\Users\rhonda\Downloads\speedupmypc.exe => Moved successfully. C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe => Moved successfully. C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe => Moved successfully. C:\Users\rhonda\Downloads\trojen killer.exe => Moved successfully. C:\Users\rhonda\Downloads\winzip155.exe => Moved successfully. C:\Users\rhonda\Downloads\WinZip175.exe => Moved successfully. C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe => Moved successfully. C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe => Moved successfully. C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe => Moved successfully. C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe => Moved successfully. "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z" => File/Directory not found. "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z" => File/Directory not found. "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z" => File/Directory not found. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z => Moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z => Moved successfully. C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z => Moved successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ==== combofix log: ComboFix 14-03-16.01 - rhonda 03/17/2014 20:12:44.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4128 [GMT -4:00] Running from: c:\users\rhonda\Desktop\ComboFix.exe AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051} FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 ))))))))))))))))))))))))))))))) . . 2014-03-18 00:18 . 2014-03-18 00:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-03-18 00:18 . 2014-03-18 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-15 05:51 . 2014-03-15 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-03-15 05:51 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-12 14:47 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-12 14:47 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-03-12 14:47 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-12 14:47 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-12 01:14 . 2014-03-12 01:14 -------- d-----w- c:\windows\ERUNT 2014-03-12 00:44 . 2014-03-12 00:50 -------- d-----w- C:\AdwCleaner 2014-03-08 04:10 . 2014-03-17 23:55 -------- d-----w- C:\FRST 2014-03-05 22:14 . 2014-03-05 22:14 388096 ----a-r- c:\users\rhonda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\users\Default\AppData\Local\WinZip 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\programdata\WinZip 2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\program files\WinZip 2014-02-17 15:07 . 2014-02-17 15:14 -------- d-----w- C:\9481374f8c049f51497b20cbb3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-12 11:59 . 2012-04-19 21:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-12 11:59 . 2011-09-21 00:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-17 15:07 . 2011-09-20 05:02 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-01-23 22:40 . 2013-08-27 00:17 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-01-18 05:47 . 2014-01-18 05:47 90112 ----a-w- c:\windows\system32\igfxCoIn_v2993.dll 2014-01-18 05:47 . 2014-01-18 05:47 378368 ----a-w- c:\windows\system32\igfxTMM.dll 2014-01-18 05:47 . 2014-01-18 05:47 168944 ----a-w- c:\windows\system32\igfxtray.exe 2014-01-18 05:47 . 2014-01-18 05:47 510960 ----a-w- c:\windows\system32\igfxsrvc.exe 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrsky.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrus.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrom.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrsve.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrslv.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrtha.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrptg.lrc 2014-01-18 05:47 . 2011-02-12 01:46 62464 ----a-w- c:\windows\system32\igfxsrvc.dll 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrplk.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrnld.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrita.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrptb.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrnor.lrc 2014-01-18 05:47 . 2014-01-18 05:47 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc 2014-01-18 05:47 . 2014-01-18 05:47 283136 ----a-w- c:\windows\system32\igfxrkor.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrhun.lrc 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrfra.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrfin.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrheb.lrc 2014-01-18 05:47 . 2014-01-18 05:47 9014784 ----a-w- c:\windows\system32\igfxress.dll 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxresn.lrc 2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrell.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrenu.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrdan.lrc 2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc 2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrara.lrc 2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrcht.lrc 2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrchs.lrc 2014-01-18 05:47 . 2014-01-18 05:47 376320 ----a-w- c:\windows\system32\igfxpph.dll 2014-01-18 05:47 . 2014-01-18 05:47 418800 ----a-w- c:\windows\system32\igfxpers.exe 2014-01-18 05:47 . 2014-01-18 05:47 28672 ----a-w- c:\windows\system32\igfxexps.dll 2014-01-18 05:47 . 2014-01-18 05:47 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2014-01-18 05:47 . 2014-01-18 05:47 241136 ----a-w- c:\windows\system32\igfxext.exe 2014-01-18 05:47 . 2014-01-18 05:47 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2014-01-18 05:47 . 2014-01-18 05:47 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2014-01-18 05:47 . 2014-01-18 05:47 390144 ----a-w- c:\windows\system32\igfxdev.dll 2014-01-18 05:47 . 2014-01-18 05:47 142336 ----a-w- c:\windows\system32\igfxdo.dll 2014-01-18 05:47 . 2014-01-18 05:47 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2014-01-18 05:47 . 2014-01-18 05:47 246784 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2014-01-18 05:47 . 2014-01-18 05:47 219136 ----a-w- c:\windows\system32\igfxcmrt64.dll 2014-01-18 05:47 . 2014-01-18 05:47 2780160 ----a-w- c:\windows\system32\igfxcmjit64.dll 2014-01-18 05:47 . 2014-01-18 05:47 2191872 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2014-01-18 05:47 . 2014-01-18 05:47 8314368 ----a-w- c:\windows\system32\igdumd64.dll 2014-01-18 05:47 . 2011-02-12 02:09 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll 2014-01-18 05:47 . 2011-02-12 02:12 6324224 ----a-w- c:\windows\SysWow64\igdumd32.dll 2014-01-18 05:47 . 2014-01-18 05:46 12312928 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2014-01-18 05:46 . 2011-02-12 02:07 9528832 ----a-w- c:\windows\system32\igd10umd64.dll 2014-01-18 05:46 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2014-01-18 05:46 . 2014-01-18 05:46 18664960 ----a-w- c:\windows\system32\ig4icd64.dll 2014-01-18 05:46 . 2014-01-18 05:46 13913600 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2014-01-18 05:46 . 2014-01-18 05:46 394224 ----a-w- c:\windows\system32\hkcmd.exe 2014-01-18 05:46 . 2014-01-18 05:46 4380144 ----a-w- c:\windows\system32\GfxUI.exe 2014-01-18 05:46 . 2011-02-12 01:45 110080 ----a-w- c:\windows\system32\hccutils.dll 2014-01-18 05:46 . 2014-01-18 05:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll 2014-01-18 05:46 . 2014-01-18 05:46 185840 ----a-w- c:\windows\system32\difx64.exe 2014-01-18 05:42 . 2014-01-18 05:42 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll 2014-01-18 05:42 . 2014-01-18 05:42 155888 ----a-w- c:\windows\system32\SRSWOW64.dll 2014-01-18 05:42 . 2014-01-18 05:42 518896 ----a-w- c:\windows\system32\SRSTSX64.dll 2014-01-18 05:42 . 2014-01-18 05:42 211184 ----a-w- c:\windows\system32\SRSTSH64.dll 2014-01-18 05:42 . 2014-01-18 05:42 198896 ----a-w- c:\windows\system32\SRSHP64.dll 2014-01-18 05:41 . 2014-01-18 05:41 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl 2014-01-18 05:41 . 2014-01-18 05:41 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll 2014-01-18 05:41 . 2014-01-18 05:41 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll 2014-01-18 05:41 . 2014-01-18 05:41 3760344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2014-01-18 05:41 . 2014-01-18 05:41 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll 2014-01-18 05:41 . 2014-01-18 05:41 149608 ----a-w- c:\windows\system32\RtkCfg64.dll 2014-01-18 05:41 . 2014-01-18 05:41 2588888 ----a-w- c:\windows\system32\RtkAPO64.dll 2014-01-18 05:41 . 2014-01-18 05:41 1021656 ----a-w- c:\windows\system32\RtkApi64.dll 2014-01-18 05:41 . 2014-01-18 05:41 78680 ----a-w- c:\windows\system32\RTEEG64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 618200 ----a-w- c:\windows\system32\RtDataProc64.dll 2014-01-18 05:41 . 2014-01-18 05:41 375128 ----a-w- c:\windows\system32\RTEEP64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 204120 ----a-w- c:\windows\system32\RTEED64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 101208 ----a-w- c:\windows\system32\RTEEL64A.dll 2014-01-18 05:41 . 2014-01-18 05:41 1286872 ----a-w- c:\windows\system32\RTCOM64.dll 2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DHT64.dll 2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DAA64.dll 2014-01-18 05:41 . 2014-01-18 05:41 154840 ----a-w- c:\windows\system32\RCoInstII64.dll 2014-01-18 05:40 . 2014-01-18 05:40 397080 ----a-w- c:\windows\system32\MBWrp64.dll 2014-01-18 05:40 . 2014-01-18 05:40 628504 ----a-w- c:\windows\system32\MBTHX64.dll 2014-01-18 05:40 . 2014-01-18 05:40 563992 ----a-w- c:\windows\SysWow64\MBTHX32.dll 2014-01-18 05:40 . 2014-01-18 05:40 897152 ----a-w- c:\windows\system32\MBAPO64.dll 2014-01-18 05:40 . 2014-01-18 05:40 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll 2014-01-18 05:40 . 2014-01-18 05:40 1998104 ----a-w- c:\windows\system32\MBAPO264.dll 2014-01-18 05:40 . 2014-01-18 05:40 1727256 ----a-w- c:\windows\SysWow64\MBAPO232.dll 2014-01-18 05:39 . 2014-01-18 05:39 2036992 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll 2014-01-18 05:39 . 2014-01-18 05:39 1013504 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll 2014-01-18 05:39 . 2014-01-18 05:39 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll 2014-01-18 05:38 . 2014-01-18 05:38 2743328 ----a-w- c:\windows\system32\FMAPO64.dll 2014-01-18 05:38 . 2014-01-18 05:38 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}] 2014-02-25 15:32 464720 ----a-w- c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-16 6563608] "ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-29 354632] "Kooboodle"="c:\programdata\Clickfree\kooboodle\Kooboodle.exe" [2013-07-19 1030472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360] "SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-08-30 3216272] "CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x] R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x] R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x] S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x] S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-15 12:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 11:59] . 2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30] . 2014-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30] . 2014-03-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3534355d-0df4-4e5e-9608-bd04a11b3060.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK] @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}" [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-18 13662936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-18 168944] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-18 394224] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-18 418800] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll FF - ProfilePath - c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2014-01-17 19:52; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} FF - ExtSQL: 2014-02-28 15:57; [email protected]; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\[email protected] FF - ExtSQL: 2014-03-05 08:14; [email protected]; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\[email protected] . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file) Wow6432Node-HKU-Default-Run-Advanced SystemCare 7 - c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file) AddRemove-AccelerateTab_is1 - c:\program files (x86)\Secure Speed Dial\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\GFI\LanGuard 11 Agent\Mantle.exe c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe c:\program files (x86)\TeamViewer\Version9\tv_w32.exe . ************************************************************************** . Completion time: 2014-03-17 20:40:40 - machine was rebooted ComboFix-quarantined-files.txt 2014-03-18 00:40 . Pre-Run: 38,188,892,160 bytes free Post-Run: 38,452,199,424 bytes free . - - End Of File - - 961048AEBEE5758C97FD282FE406EC18 A36C5E4F47E84449FF07ED3517B43A31
  3. I also want to say that it seems like something might be wrong with the hard drive. It seems like my drive keeps running low on disk space, but no matter how much stuff I take off my computer the hard drive space keeps draining. I took over 100 gigs worth pictures off about two weeks ago and now my hard drive space is back down to 39 gigs. Do you suppose a virus could be doing that?
  4. C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\FF\components\iobitappsToolbarFF.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll.vir a variant of Win32/Toolbar.Widgi potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll.vir Win64/Toolbar.Widgi.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\dtuser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\rhonda\AppData\LocalLow\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\rhonda\AppData\LocalLow\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\rhonda\AppData\Roaming\Slick Savings\Coupons.dll.vir a variant of Win32/Toolbar.Widgi.F potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\rhonda\AppData\Roaming\Slick Savings\Coupons64.dll.vir Win64/Toolbar.Widgi.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\rhonda\AppData\Roaming\Slick Savings\CouponsHelper.exe.vir a variant of Win32/Toolbar.Widgi.F potentially unwanted application C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe Win32/OpenCandy potentially unsafe application C:\Users\rhonda\Documents\ArcadeFrontierGames.exe Win32/OpenCandy potentially unsafe application C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe Win32/Toolbar.Conduit.S potentially unwanted application C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe Win32/MyPCBackup.A potentially unwanted application C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe Win32/MyPCBackup.A potentially unwanted application C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe Win32/MyPCBackup.A potentially unwanted application C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe Win32/MyPCBackup.A potentially unwanted application C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\rhonda\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\rhonda\Downloads\chromeinstall-6u31.exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy potentially unsafe application C:\Users\rhonda\Downloads\gtk2144-setup (1).exe probably a variant of Win32/1AntiVirus potentially unwanted application C:\Users\rhonda\Downloads\gtk2144-setup.exe probably a variant of Win32/1AntiVirus potentially unwanted application C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe Win32/OpenCandy potentially unsafe application C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe Win32/Systweak.B potentially unwanted application C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe Win32/Systweak.B potentially unwanted application C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe Win32/Systweak.B potentially unwanted application C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe Win32/Systweak.B potentially unwanted application C:\Users\rhonda\Downloads\speedupmypc(1).exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\rhonda\Downloads\speedupmypc.exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe Win32/SpeedUpMyPC potentially unwanted application C:\Users\rhonda\Downloads\trojen killer.exe probably a variant of Win32/1AntiVirus potentially unwanted application C:\Users\rhonda\Downloads\winzip155.exe Win32/OpenCandy potentially unsafe application C:\Users\rhonda\Downloads\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe a variant of Win32/OpenInstall potentially unwanted application C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe a variant of Win32/OpenInstall potentially unwanted application C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
  5. It appears my sister has removed Malwarebytes so I'm out of luck with that. But it's not overly important now anyway since mozilla is what is used most of the time. I've kept your attention for long enough anyway, so if we have any other steps go through as far as spyware removal goes it's fine if we move on to taking care of that.
  6. I was able to get rid of adblock under "safe mode". But I was unable to do the GPU thing as you requested because the option is not there to do so: I tried to uninstall and reinstall google, but it did the samething. Also, my sister uses this computer most of the time and she said that she thinks it did happen after she ran Malwarebytes.
  7. It will not pull up anything. Google just stays blank no matter what I click on. Would it help if I remove it and re-install it? No, Google hasn't been working right since the computer started having problems.
  8. Google will not function properly now. When I try and load it, I will get a message that says adblock and several other functions have crashed and Cherome is basically blank and will not load any page:
  9. fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014 Ran by rhonda at 2014-03-11 20:29:30 Run:1 Running from C:\Users\rhonda\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start SearchScopes: HKCU - {1C62AF5F-7774-4071-B6B2-36754841D103} URL = http://search.xfinit...q={searchTerms} BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\rhonda\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.) BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\rhonda\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.) BHO-x32: AccelerateTab - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll (Secure Speed Dial) BHO-x32: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File FF user.js: detected! => C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\user.js FF SearchEngineOrder.1: Ask.com Search FF Homepage: hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff FF SearchPlugin: C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\askcomsearch.xml FF Extension: My Web Search - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2012-01-22] FF Extension: No Name - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\temp [2014-01-09] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14] CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ch" CHR HKCU\...\Chrome\Extension: [ihcgmidjhhnnjikpigolabhacfngibde] - C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [ihcgmidjhhnnjikpigolabhacfngibde] - C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-11-19] S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe Reboot: end ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1C62AF5F-7774-4071-B6B2-36754841D103} => Key deleted successfully. HKCR\CLSID\{1C62AF5F-7774-4071-B6B2-36754841D103} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key deleted successfully. HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully. HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found. C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\user.js => Moved successfully. Firefox SearchEngineOrder.1 deleted successfully. Firefox homepage deleted successfully. C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\askcomsearch.xml => Moved successfully. C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] => Moved successfully. C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\temp => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully. CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ch" ==> The Chrome "Settings" can be used to fix the entry. HKCU\SOFTWARE\Google\Chrome\Extensions\ihcgmidjhhnnjikpigolabhacfngibde => Key deleted successfully. C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh => Key deleted successfully. C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx => Moved successfully. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully. "C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully. "C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcgmidjhhnnjikpigolabhacfngibde => Key deleted successfully. "C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully. "C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found. BackupStack => Service deleted successfully. The system needed a reboot. ==== End of Fixlog ==== Adwcleaner log: # AdwCleaner v3.021 - Report created 11/03/2014 at 20:49:16 # Updated 10/03/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : rhonda - RHONDA-PC # Running from : C:\Users\rhonda\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : APNMCP ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\AskPartnerNetwork Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\ParetoLogic Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\Program Files (x86)\Application Updater Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar Folder Deleted : C:\Program Files (x86)\Secure Speed Dial Folder Deleted : C:\Program Files (x86)\xfin_portal Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\rhonda\AppData\Local\AskPartnerNetwork Folder Deleted : C:\Users\rhonda\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\rhonda\AppData\Local\OpenCandy Folder Deleted : C:\Users\rhonda\AppData\Local\Temp\apn Folder Deleted : C:\Users\rhonda\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\rhonda\AppData\LocalLow\comcasttb Folder Deleted : C:\Users\rhonda\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\rhonda\AppData\LocalLow\Search Settings Folder Deleted : C:\Users\rhonda\AppData\LocalLow\xfin_portal Folder Deleted : C:\Users\rhonda\AppData\Roaming\DriverCure Folder Deleted : C:\Users\rhonda\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\rhonda\AppData\Roaming\ParetoLogic Folder Deleted : C:\Users\rhonda\AppData\Roaming\Slick Savings Folder Deleted : C:\Users\rhonda\AppData\Roaming\Systweak Folder Deleted : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\xfin_portal Folder Deleted : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Folder Deleted : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] Folder Deleted : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\bingp.xml File Deleted : C:\Windows\Tasks\Driver Booster Update.job File Deleted : C:\Windows\System32\Tasks\Driver Booster Update File Deleted : C:\Windows\System32\Tasks\LaunchApp File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} Key Deleted : HKCU\Software\AskPartnerNetwork Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal Key Deleted : HKLM\Software\AskPartnerNetwork Key Deleted : HKLM\Software\ParetoLogic Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\StartNow Toolbar Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search"); Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false); Line Deleted : user_pref("extensions.AVIRA-V7.AUC_clientCache", "{\"AUC_CACHE\":{\"avira.com\":{\"c\":[1],\"ttl\":1393129572},\"msn.com\":{\"c\":[1],\"ttl\":1389982786},\"bing.com\":{\"c\":[1],\"ttl\":1387210527},\"[...] Line Deleted : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1392368832342,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...] Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...] Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\""); Line Deleted : user_pref("extensions.AVIRA-V7.hpr_cr", "\"hxxp://avira.search.ask.com/?tpid=AVIRA-V7&o=APN11079&pf=&trgb=ALL&p2=%5EB0X%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EB0X&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=[...] Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.lastSearchProtectAction", "hxxp://www.msn.com/?pc=Z192&install_date=20110921|hxxp://www.msn.com/?pc=Z192&install_date=20110921||Ask.com"); Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com"); -\\ Google Chrome v33.0.1750.146 [ File : C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [13967 octets] - [11/03/2014 20:44:50] AdwCleaner[s0].txt - [13951 octets] - [11/03/2014 20:49:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14012 octets] ########## JRT log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.2 (02.20.2014:1) OS: Windows 7 Home Premium x64 Ran by rhonda on Tue 03/11/2014 at 21:14:59.28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EAB463C7-096B-4811-A99C-E20DA6F63503} Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\rhonda\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\rhonda\appdata\local\cre" ~~~ FireFox Successfully deleted: [File] C:\Users\rhonda\AppData\Roaming\mozilla\firefox\profiles\08awarrn.default\extensions\[email protected] Successfully deleted the following from C:\Users\rhonda\AppData\Roaming\mozilla\firefox\profiles\08awarrn.default\prefs.js user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id} Emptied folder: C:\Users\rhonda\AppData\Roaming\mozilla\firefox\profiles\08awarrn.default\minidumps [199 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/11/2014 at 21:38:13.64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. I just downloaded the Farbar again and it's the icon that you see right beside the rkill file. The file is called "FRST64". I have it circled. That's what I get when I download the file that you linked.
  11. Do you want me to put the fixlist file on top of the FRST64 program? Is that how it is supposed to be positioned?
  12. rkill scan: Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/07/2014 11:04:11 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 03/07/2014 11:06:13 PM Execution time: 0 hours(s), 2 minute(s), and 1 seconds(s) FRST.txt log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 01 Ran by rhonda (administrator) on RHONDA-PC on 07-03-2014 23:10:13 Running from C:\Users\rhonda\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (Storage Appliance Corp.) C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe (Storage Appliance Corp.) C:\ProgramData\Clickfree\kooboodle\Kooboodle.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-18] (Realtek Semiconductor) HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] () HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) HKLM-x32\...\Run: [sBAMTray] - C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-08-30] (ThreatTrack Security, Inc.) HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.) HKLM-x32\...\Run: [iObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit) HKLM-x32\...\Run: [] - [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2285344 2013-12-18] (IObit) HKU\S-1-5-21-1852485107-1149319046-1402754336-1000\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-16] (SUPERAntiSpyware) HKU\S-1-5-21-1852485107-1149319046-1402754336-1000\...\Run: [ClickfreeMonitor] - c:\programdata\Clickfree\cfagent.exe [354632 2013-11-29] (Storage Appliance Corp.) HKU\S-1-5-21-1852485107-1149319046-1402754336-1000\...\Run: [Kooboodle] - C:\ProgramData\Clickfree\kooboodle\Kooboodle.exe [1030472 2013-07-19] (Storage Appliance Corp.) HKU\S-1-5-21-1852485107-1149319046-1402754336-1000\...\Run: [spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x38CAC0B77EB7CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.) URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.) URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) SearchScopes: HKCU - DefaultScope {7F4598CA-B41A-4542-A398-27C1D7BD2D49} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - {1C62AF5F-7774-4071-B6B2-36754841D103} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms} SearchScopes: HKCU - {7F4598CA-B41A-4542-A398-27C1D7BD2D49} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - {A1F860D2-0945-43FC-8697-A5A1EC1DAB67} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {EAB463C7-096B-4811-A99C-E20DA6F63503} URL = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000030&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000 BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\rhonda\AppData\Roaming\Slick Savings\Coupons64.dll (Spigot, Inc.) BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll () BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\rhonda\AppData\Roaming\Slick Savings\Coupons.dll (Spigot, Inc.) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: AccelerateTab - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll (Secure Speed Dial) BHO-x32: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll () BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll () BHO-x32: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock) BHO-x32: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky) BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx64.dll () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE64.dll (Spigot, Inc.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll () Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.6\iobitappsToolbarIE.dll (Spigot, Inc.) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKCU - No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: skype-ie-addon-data - No CLSID Value - Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File Handler-x32: skype-ie-addon-data - No CLSID Value - Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{43144CFA-A79C-4D17-A07B-DF5CDC2E9069}: [NameServer]75.75.75.75,75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default FF user.js: detected! => C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\user.js FF DefaultSearchEngine: Yahoo! FF SearchEngineOrder.1: Ask.com Search FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Yahoo! FF Homepage: hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\askcomsearch.xml FF SearchPlugin: C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\searchplugins\yahoo_ff.xml FF Extension: Ads Removal - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-02-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-01-17] FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-01-09] FF Extension: My Web Search - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2012-01-22] FF Extension: AD Block - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-02-28] FF Extension: AccelerateTab - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-03-05] FF Extension: No Name - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\temp [2014-01-09] FF Extension: XFINITY Toolbar - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2014-01-09] FF Extension: Start Page - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-01-17] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\Extensions\[email protected] [2014-02-20] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-09] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: ======= CHR RestoreOnStartup: "hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ch" CHR DefaultSearchKeyword: yahoo.com search CHR DefaultSearchProvider: Yahoo CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=198484&p={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-09-05] CHR Extension: (Ads Removal) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-26] CHR Extension: (Zynga) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde [2013-06-22] CHR Extension: (AccelerateTab) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak [2014-03-05] CHR Extension: (AD Block) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-02-28] CHR Extension: (Norton Identity Protection) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-09] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-02-15] CHR Extension: (Google Wallet) - C:\Users\rhonda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKCU\...\Chrome\Extension: [ihcgmidjhhnnjikpigolabhacfngibde] - C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2014-02-20] CHR HKLM-x32\...\Chrome\Extension: [ihcgmidjhhnnjikpigolabhacfngibde] - C:\Users\rhonda\AppData\Local\CRE\ihcgmidjhhnnjikpigolabhacfngibde.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-07-26] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-28] CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-19] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-11-19] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264488 2013-09-18] (Systweak Software, (www.systweak.com)) R2 CFUACProxy_hddv2usb3; C:\ProgramData\Clickfree\HDDV2USB3\UACProxy.exe [84296 2013-05-16] (Storage Appliance Corp.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] () R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation) R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-08-30] (ThreatTrack Security, Inc.) R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-08-30] (ThreatTrack Security, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2503504 2014-03-04] () S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] ==================== Drivers (Whitelisted) ==================== R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2014-01-09] (Zemana Ltd.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-09] (Symantec Corporation) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140307.001\IDSvia64.sys [524504 2014-03-05] (Symantec Corporation) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\ENG64.SYS [126040 2014-03-01] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140307.023\EX64.SYS [2099288 2014-03-01] (Symantec Corporation) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) R1 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-09] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com) S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129432 2011-08-22] (ZTE Incorporated) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 TMAgent; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-07 23:10 - 2014-03-07 23:10 - 00028511 _____ () C:\Users\rhonda\Desktop\FRST.txt 2014-03-07 23:10 - 2014-03-07 23:10 - 00000000 ____D () C:\FRST 2014-03-07 23:08 - 2014-03-07 23:08 - 02156544 _____ (Farbar) C:\Users\rhonda\Desktop\FRST64.exe 2014-03-07 23:04 - 2014-03-07 23:06 - 00002784 _____ () C:\Users\rhonda\Desktop\Rkill.txt 2014-03-07 23:02 - 2014-03-07 23:02 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\rhonda\Desktop\rkill.exe 2014-03-07 14:35 - 2014-03-07 14:35 - 00046322 _____ () C:\Users\rhonda\Downloads\Mad Vapes - Reward Program.htm 2014-03-07 14:35 - 2014-03-07 14:35 - 00000000 ____D () C:\Users\rhonda\Downloads\Mad Vapes - Reward Program_files 2014-03-07 14:34 - 2014-03-07 14:34 - 00045775 _____ () C:\Users\rhonda\Downloads\e juice.htm 2014-03-07 14:34 - 2014-03-07 14:34 - 00000000 ____D () C:\Users\rhonda\Downloads\e juice_files 2014-03-07 12:52 - 2014-03-07 12:52 - 00000316 _____ () C:\Windows\PFRO.log 2014-03-06 10:02 - 2014-03-07 12:52 - 00000056 _____ () C:\Windows\setupact.log 2014-03-06 10:02 - 2014-03-06 10:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-05 17:14 - 2014-03-05 17:14 - 00002941 _____ () C:\Users\rhonda\Desktop\HiJackThis.lnk 2014-03-05 17:14 - 2014-03-05 17:14 - 00000000 ____D () C:\Users\rhonda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-03-05 17:11 - 2014-03-05 17:12 - 01402880 _____ () C:\Users\rhonda\Desktop\HijackThis.msi 2014-03-04 11:28 - 2014-03-07 13:00 - 00003158 _____ () C:\Windows\System32\Tasks\Advanced System Optimizer 2014-02-17 10:40 - 2014-02-17 10:40 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Users\Default\AppData\Local\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\ProgramData\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Program Files\WinZip 2014-02-17 10:07 - 2014-02-17 10:14 - 00000000 ____D () C:\9481374f8c049f51497b20cbb3 2014-02-14 22:28 - 2014-02-14 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 00:24 - 2014-02-14 00:24 - 00000208 _____ () C:\Windows\SysWOW64\lanss_v111_lnsscomm.csv 2014-02-13 00:02 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 00:02 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 00:01 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 00:01 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 00:01 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 00:01 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 00:01 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 00:01 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-13 00:01 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 00:01 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 00:01 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 00:01 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 00:01 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-13 00:01 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-13 00:01 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 00:01 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 00:01 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 00:01 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-13 00:01 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-13 00:01 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 00:01 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 00:01 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 00:01 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-13 00:01 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 00:01 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 00:01 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-13 00:01 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-13 00:01 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 00:01 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 00:01 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 00:01 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 00:01 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 00:01 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-13 00:01 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 00:01 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-13 00:00 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 00:00 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 00:00 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 00:00 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 00:00 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 00:00 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-12 12:33 - 2014-02-12 08:10 - 00001194 _____ () C:\Users\rhonda\Desktop\Norton Installation Files - Copy.lnk 2014-02-12 08:27 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 08:27 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 08:27 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 08:27 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 08:27 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 08:27 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 08:27 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 08:27 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 08:27 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 08:27 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 08:27 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 08:27 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 08:26 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 08:26 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 08:26 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 08:26 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 08:26 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 08:26 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 08:26 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 08:26 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 08:26 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 08:26 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 08:26 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 08:26 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 08:26 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 08:26 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 08:26 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 08:26 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll ==================== One Month Modified Files and Folders ======= 2014-03-07 23:10 - 2014-03-07 23:10 - 00028511 _____ () C:\Users\rhonda\Desktop\FRST.txt 2014-03-07 23:10 - 2014-03-07 23:10 - 00000000 ____D () C:\FRST 2014-03-07 23:10 - 2011-09-19 18:54 - 01795093 _____ () C:\Windows\WindowsUpdate.log 2014-03-07 23:08 - 2014-03-07 23:08 - 02156544 _____ (Farbar) C:\Users\rhonda\Desktop\FRST64.exe 2014-03-07 23:06 - 2014-03-07 23:04 - 00002784 _____ () C:\Users\rhonda\Desktop\Rkill.txt 2014-03-07 23:02 - 2014-03-07 23:02 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\rhonda\Desktop\rkill.exe 2014-03-07 22:59 - 2012-04-19 16:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-07 22:54 - 2013-06-22 14:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-07 22:22 - 2014-01-09 20:53 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite 2014-03-07 17:23 - 2014-01-09 20:54 - 00000000 ____D () C:\Users\rhonda\AppData\Roaming\ID Vault 2014-03-07 15:01 - 2013-12-04 10:21 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-03-07 14:35 - 2014-03-07 14:35 - 00046322 _____ () C:\Users\rhonda\Downloads\Mad Vapes - Reward Program.htm 2014-03-07 14:35 - 2014-03-07 14:35 - 00000000 ____D () C:\Users\rhonda\Downloads\Mad Vapes - Reward Program_files 2014-03-07 14:34 - 2014-03-07 14:34 - 00045775 _____ () C:\Users\rhonda\Downloads\e juice.htm 2014-03-07 14:34 - 2014-03-07 14:34 - 00000000 ____D () C:\Users\rhonda\Downloads\e juice_files 2014-03-07 13:01 - 2009-07-13 23:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-07 13:00 - 2014-03-04 11:28 - 00003158 _____ () C:\Windows\System32\Tasks\Advanced System Optimizer 2014-03-07 13:00 - 2013-10-11 12:51 - 00000286 _____ () C:\Windows\Tasks\Driver Booster Update.job 2014-03-07 13:00 - 2009-07-13 23:45 - 00015328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-07 12:59 - 2013-06-22 14:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-07 12:53 - 2011-09-20 00:59 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-03-07 12:52 - 2014-03-07 12:52 - 00000316 _____ () C:\Windows\PFRO.log 2014-03-07 12:52 - 2014-03-06 10:02 - 00000056 _____ () C:\Windows\setupact.log 2014-03-07 12:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-07 10:13 - 2013-05-28 14:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-03-07 09:23 - 2013-11-01 13:49 - 00000000 ____D () C:\Program Files (x86)\VIPRE 2014-03-07 06:11 - 2011-09-19 19:01 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3AE09C85-92B7-4BAF-B46B-2E550FDECFCF} 2014-03-07 02:00 - 2013-09-17 10:53 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3534355d-0df4-4e5e-9608-bd04a11b3060.job 2014-03-06 10:02 - 2014-03-06 10:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-06 05:11 - 2013-11-19 19:38 - 00000000 ____D () C:\ProgramData\ProductData 2014-03-06 05:08 - 2013-02-14 03:23 - 00001058 _____ () C:\Windows\SysWOW64\CountScans.XML 2014-03-05 19:46 - 2013-12-04 10:44 - 00000000 ____D () C:\Program Files (x86)\Advanced System Optimizer 3 2014-03-05 17:15 - 2011-09-19 18:54 - 00000000 ____D () C:\Users\rhonda\AppData\Local\VirtualStore 2014-03-05 17:14 - 2014-03-05 17:14 - 00002941 _____ () C:\Users\rhonda\Desktop\HiJackThis.lnk 2014-03-05 17:14 - 2014-03-05 17:14 - 00000000 ____D () C:\Users\rhonda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis 2014-03-05 17:14 - 2011-09-21 10:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-03-05 17:12 - 2014-03-05 17:11 - 01402880 _____ () C:\Users\rhonda\Desktop\HijackThis.msi 2014-03-05 13:12 - 2013-08-26 19:17 - 00000000 ____D () C:\Program Files (x86)\Secure Speed Dial 2014-03-05 13:06 - 2013-12-04 10:45 - 00000460 _____ () C:\Windows\Tasks\ASOService.job 2014-03-05 11:47 - 2013-12-04 10:45 - 00000462 _____ () C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job 2014-03-05 11:47 - 2013-12-04 10:21 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-03-05 09:01 - 2013-08-26 17:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-04 11:28 - 2013-12-04 10:45 - 00002982 _____ () C:\Windows\System32\Tasks\ASOService 2014-03-04 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2014-03-04 02:57 - 2013-12-09 16:08 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-03 14:04 - 2012-01-23 20:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-03-02 01:03 - 2013-12-16 14:01 - 00000000 ____D () C:\Users\rhonda\Documents\ppeanutt_files 2014-03-02 01:03 - 2013-12-16 14:01 - 00000000 ____D () C:\Users\rhonda\Documents\brooke20_files 2014-03-02 01:03 - 2013-12-13 19:16 - 00000000 ____D () C:\Users\rhonda\Documents\hhunter_files 2014-03-02 01:03 - 2013-12-11 18:34 - 00000000 ____D () C:\Users\rhonda\Documents\Fisher & Paykel SleepStyle 200 Series CPAP Machine_files 2014-03-02 01:03 - 2013-10-25 14:03 - 00000000 ____D () C:\Users\rhonda\Documents\FastTech - Gadgets and Electronics_files 2014-03-02 01:03 - 2013-10-25 14:00 - 00000000 ____D () C:\Users\rhonda\Documents\$45.16 INNOKIN iTaste MVP 5-in-1 Voltage Adjustable Rechargeable 2600mAh Mechanical LCD Electronic Cigarettes Set - black with iClear 16 atomizers at FastTech - Worldwide Free Shipping_files 2014-03-02 01:03 - 2013-10-20 16:30 - 00000000 ____D () C:\Users\rhonda\Documents\BookVIP.com - Cheapest Vacation Packages To The Most Popular Destinations_files 2014-03-02 01:03 - 2013-10-16 12:24 - 00000000 ____D () C:\Users\rhonda\Documents\Big and Tall Jersey Knit Shorts Top Sellers for Men KingSizeDirect_files 2014-03-02 01:03 - 2013-10-08 13:02 - 00000000 ____D () C:\Users\rhonda\Documents\Hunting lease for deer season 30 ac. Haralson Co._files 2014-03-02 01:03 - 2013-10-04 17:13 - 00000000 ____D () C:\Users\rhonda\Documents\High-quality 128MB 128 MB Memory Card for Wii GameCube Game White New items in GainGame-Outlet store on eBay!_files 2014-03-02 01:03 - 2013-10-03 10:14 - 00000000 ____D () C:\Users\rhonda\Documents\AT&T Factory Unlocked iPhone 4 16GB_files 2014-03-02 01:03 - 2013-09-15 12:07 - 00000000 ____D () C:\Users\rhonda\Documents\Advanced Mobile Care Android Security for Mobile_files 2014-03-02 01:03 - 2013-09-08 13:01 - 00000000 ____D () C:\Users\rhonda\Documents\electronic cigarette eBay_files 2014-03-02 01:03 - 2013-09-05 09:25 - 00000000 ____D () C:\Users\rhonda\Documents\Home - Kooboodle Photos_files 2014-03-02 01:03 - 2013-02-16 16:37 - 00000000 ____D () C:\Users\rhonda\Documents\Wellness 101 - Optimal Health Through Wellness Wellness Mama_files 2014-03-02 01:03 - 2013-02-06 14:28 - 00000000 ____D () C:\Users\rhonda\Documents\Aguila SuperExtra Ammo 22 Long Rifle Subsonic 38 Grain Lead Hollow_files 2014-03-02 01:03 - 2013-02-05 19:01 - 00000000 ____D () C:\Users\rhonda\Documents\(13) Bobby Brantley_files 2014-03-02 01:03 - 2013-01-31 15:18 - 00000000 ____D () C:\Users\rhonda\Documents\Ammunition Cheap Ammo Reload Affordable Custom Ammo Gun_files 2014-03-02 01:03 - 2013-01-21 20:36 - 00000000 ____D () C:\Users\rhonda\Documents\Woman Within®_files 2014-03-02 01:03 - 2013-01-21 18:41 - 00000000 ____D () C:\Users\rhonda\Documents\Ammo To Go_files 2014-03-02 01:03 - 2013-01-20 23:27 - 00000000 ____D () C:\Users\rhonda\Documents\d and m vapes_files 2014-03-02 01:03 - 2013-01-19 14:58 - 00000000 ____D () C:\Users\rhonda\Documents\.357 Magnum 158gr Plated Semi-Wadcutter 100pk_files 2014-03-02 01:03 - 2013-01-19 14:33 - 00000000 ____D () C:\Users\rhonda\Documents\Advanced Bullets - Temple, GA_files 2014-03-02 01:03 - 2013-01-19 12:21 - 00000000 ____D () C:\Users\rhonda\Documents\justins scope_files 2014-03-02 01:03 - 2013-01-13 18:57 - 00000000 ____D () C:\Users\rhonda\Documents\RHONDAS PICTURES DO NOT TOUCH_files 2014-03-02 01:03 - 2013-01-13 18:55 - 00000000 ____D () C:\Users\rhonda\Documents\RHONDAS PICTURES DONT TOUCH_files 2014-03-02 01:03 - 2012-12-26 03:25 - 00000000 ____D () C:\Users\rhonda\Documents\christmas at justins 2012_files 2014-03-02 01:03 - 2012-12-05 23:40 - 00000000 ____D () C:\Users\rhonda\Documents\Specials Vaperite.com_files 2014-03-02 01:03 - 2012-12-05 23:34 - 00000000 ____D () C:\Users\rhonda\Documents\115ml HC Unflavored E-liquid [Z8 HC Unflavored 115ml] - $17.99 Healthcabin Electronic Cigarettes - Wholesale and Retail_files 2014-03-02 01:03 - 2012-12-05 23:28 - 00000000 ____D () C:\Users\rhonda\Documents\Anodized Pawn CE4 Drip Tip Drip Tips Vaperite.com_files 2014-03-02 01:03 - 2012-12-05 07:31 - 00000000 ____D () C:\Users\rhonda\Documents\Create a Custom T-Shirt - Vistaprint - Business Cards - Full Color Printing - Digital Printing Company Vistaprint_files 2014-03-02 01:03 - 2012-12-04 19:24 - 00000000 ____D () C:\Users\rhonda\Documents\(15) Facebook_files 2014-03-02 01:03 - 2012-09-07 19:18 - 00000000 ____D () C:\Users\rhonda\Documents\(78) Rhonda Hurley Pickel Cw_files 2014-03-02 01:03 - 2012-09-06 11:24 - 00000000 ____D () C:\Users\rhonda\Documents\Electronic Cigarettes E Cigarettes E Liquid Site - Electronic Cigarette Video_files 2014-03-02 01:03 - 2012-08-29 17:10 - 00000000 ____D () C:\Users\rhonda\Documents\Opry Member Trace Adkins - Opry.com_files 2014-03-02 01:03 - 2012-07-19 22:42 - 00000000 ____D () C:\Users\rhonda\Documents\e cig_files 2014-03-02 01:03 - 2012-07-18 13:44 - 00000000 ____D () C:\Users\rhonda\Documents\(39) Facebook_files 2014-03-02 01:03 - 2012-05-24 20:20 - 00000000 ____D () C:\Users\rhonda\Documents\cameras_files 2014-02-28 20:32 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-27 14:38 - 2013-12-04 10:45 - 00000432 _____ () C:\Windows\Tasks\ASO-OneClickCare.job 2014-02-27 14:35 - 2014-01-24 22:58 - 00000000 ____D () C:\Users\rhonda\AppData\Local\CrashDumps 2014-02-22 09:34 - 2013-12-10 00:05 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-02-21 13:00 - 2012-04-19 16:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-21 12:59 - 2012-04-19 16:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-21 12:59 - 2011-09-20 19:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-20 11:25 - 2013-05-28 14:06 - 00000000 ____D () C:\Program Files\My Dell 2014-02-20 11:25 - 2011-09-20 18:43 - 00000000 ____D () C:\ProgramData\PCDr 2014-02-17 10:40 - 2014-02-17 10:40 - 00002205 _____ () C:\Users\Public\Desktop\WinZip.lnk 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Users\Default\AppData\Local\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Users\Default User\AppData\Local\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\ProgramData\WinZip 2014-02-17 10:40 - 2014-02-17 10:40 - 00000000 ____D () C:\Program Files\WinZip 2014-02-17 10:40 - 2013-01-17 03:38 - 00000000 ____D () C:\Windows\Patches 2014-02-17 10:14 - 2014-02-17 10:07 - 00000000 ____D () C:\9481374f8c049f51497b20cbb3 2014-02-17 10:14 - 2013-08-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 10:07 - 2011-09-20 00:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-16 12:19 - 2013-08-01 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-16 03:49 - 2013-06-22 14:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-16 03:48 - 2013-06-22 14:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-14 22:28 - 2014-02-14 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 00:24 - 2014-02-14 00:24 - 00000208 _____ () C:\Windows\SysWOW64\lanss_v111_lnsscomm.csv 2014-02-12 08:10 - 2014-02-12 12:33 - 00001194 _____ () C:\Users\rhonda\Desktop\Norton Installation Files - Copy.lnk 2014-02-12 08:10 - 2014-01-09 21:02 - 00001194 _____ () C:\Users\rhonda\Desktop\Norton Installation Files.lnk 2014-02-12 08:10 - 2014-01-09 21:02 - 00000000 ____D () C:\Users\rhonda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-02-12 08:10 - 2014-01-09 21:01 - 00000000 ____D () C:\ProgramData\Norton 2014-02-08 13:19 - 2013-04-03 12:35 - 00000000 ____D () C:\Users\rhonda\another madd face_files 2014-02-08 13:16 - 2011-09-19 18:54 - 00000000 ____D () C:\Users\rhonda 2014-02-06 14:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-02-06 07:16 - 2014-02-13 00:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 06:30 - 2014-02-13 00:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 06:30 - 2014-02-13 00:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 06:12 - 2014-02-13 00:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 06:07 - 2014-02-13 00:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 06:06 - 2014-02-13 00:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 05:57 - 2014-02-13 00:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 05:56 - 2014-02-13 00:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 05:52 - 2014-02-13 00:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 05:49 - 2014-02-13 00:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 05:48 - 2014-02-13 00:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 05:48 - 2014-02-13 00:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 05:38 - 2014-02-13 00:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 05:32 - 2014-02-13 00:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 05:20 - 2014-02-13 00:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 05:17 - 2014-02-13 00:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 05:11 - 2014-02-13 00:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 05:01 - 2014-02-13 00:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 05:00 - 2014-02-13 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 04:57 - 2014-02-13 00:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 04:57 - 2014-02-13 00:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 04:52 - 2014-02-13 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 04:52 - 2014-02-13 00:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 04:50 - 2014-02-13 00:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 04:49 - 2014-02-13 00:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 04:47 - 2014-02-13 00:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 04:46 - 2014-02-13 00:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 04:25 - 2014-02-13 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 04:25 - 2014-02-13 00:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 04:24 - 2014-02-13 00:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 04:22 - 2014-02-13 00:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 04:13 - 2014-02-13 00:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 04:09 - 2014-02-13 00:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 04:03 - 2014-02-13 00:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 03:55 - 2014-02-13 00:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 03:41 - 2014-02-13 00:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 03:40 - 2014-02-13 00:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 03:36 - 2014-02-13 00:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 03:34 - 2014-02-13 00:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 00:59 ==================== End Of Log ============================ Additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014 01 Ran by rhonda at 2014-03-07 23:11:02 Running from C:\Users\rhonda\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC} AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D} AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A} ==================== Installed Programs ====================== ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden AccelerateTab (HKLM-x32\...\AccelerateTab_is1) (Version: 2.0 - AccelerateTab) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Advanced System Optimizer (HKLM-x32\...\{A1E21995-127E-4B7F-8C4D-CB04AA8A58EF}_is1) (Version: 3.5.1000.15564 - Systweak Software) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.1.0 - IObit) AntiLogger SDK version 1.6.6.296 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.6.6.296 - Zemana Ltd.) AVG 2014 (Version: 14.0.3629 - AVG Technologies) Hidden Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{D6E46FC2-B513-4B7D-8C8C-352F4735C541}) (Version: 12.54.02 - Broadcom Corporation) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.) Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.) Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - ‭Canon Inc.) Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navig
  13. Sorry, I'm here. I was a little busy yesterday, but I'm following your directions now.
×
×
  • Create New...