AAQueen Posted March 5, 2014 Share Posted March 5, 2014 Hi Everyone, I am hoping that I am posting this in the correct spot. I am pretty sure that something is going on with this computer. My dad called and asked me to come up and see if I could get his antivirus to turn on and I have had no luck. On top of that, it appears as though his antivirus and anti-malware that he has tried have been disabled as he got a notice about that. I am no expert at all with regards to really understanding what these logs show but after reading some of the posts on this forum it looks like you guys recommend running a couple of scans so I am including them on this message and crossing my fingers that I do have this in the right place. HJT Log Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 3:03:12 PM, on 3/5/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16798) FIREFOX: 27.0.1 (en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Brenda\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (file missing) R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (file missing) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (file missing) O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (file missing) O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing) O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (file missing) O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [PC Pitstop Diskmd3 Reminder] C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12696 bytes attach.txt dds.txt Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 This looks like it could get messy. I got a feeling when we try to download some removal tools, they might be blocked in normal mode. I'll post instructions for Safe Mode with Networking in case that should happen. http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7 Restart your computer. When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options screen Using the arrow keys, select the Safe Mode, Then press the enter key on your keyboard to boot into Windows 7 Safe Mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -AdwCleaner-by Xplode Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advertisment. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Scan. After the scan is complete click on "Clean" Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 At this time we only need 1 antivirus on the computer or we could run into trouble. Please uninstall Ask Toolbar Ask Toolbar Updater Java 6 Update 17 Java 6 Update 45 (64-bit) Link to comment Share on other sites More sharing options...
AAQueen Posted March 5, 2014 Author Share Posted March 5, 2014 Thank you so much, Juliet!! I am working on this right now. Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 Link to comment Share on other sites More sharing options...
AAQueen Posted March 5, 2014 Author Share Posted March 5, 2014 Juliet, I was able to get the first program downloaded (ADwCleaner) and I did have to download it in safe mode and run the program. The first time that it ran there was ALOT of items that appeared so I did just as you said and clicked on "Clean". The computer re-started but no log file ever came up so I attempted to run it again. The second time, a few more objects came up and when I clicked on "Clean", it re-started and once it re-booted the log file appeared but when I went to save it to my desktop it just disappeared and I can't find it anywhere. Do I need to run another one? I am working on the second program that you asked me to download now and I have removed the 4 programs that you asked me to. I appreciate your help SO much!! Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 (edited) Look here C:\AdwCleaner[s1].txt You might be able to run scans in normal mode now? Edited March 5, 2014 by Juliet typo Link to comment Share on other sites More sharing options...
AAQueen Posted March 5, 2014 Author Share Posted March 5, 2014 See attached JRT Log JRT.txt Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 Good deal. See signs that the computer is working better? We should be able to work in normal mode now. Try these tools below, if not jump back into safe mode. Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com) There are 6 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click and choose Run as Admin You only need to get one of them to run, not all of them. rkill.exe rkill.com rkill.scr rkill.pif WiNlOgOn.exe uSeRiNiT.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Farbar Recovery Scan Tool (use correct version for your system.....Which system am I using?) and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. Press Scan button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. Link to comment Share on other sites More sharing options...
AAQueen Posted March 5, 2014 Author Share Posted March 5, 2014 Yes ma'am, we are able to work in normal mode now. There are all kinds of Windows errors on reboot or when trying to save a logfile about "bad image", dll error, etc. I am attaching that file from the ADw cleaner now though it doesn't look like the very first one. AdwCleanerR3.txt Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 I think this would had been the first one AdwCleaner[R0].txt - [18222 octets] - [05/03/2014 17:04:46] Doesn't really matter. just continue with the last set of instructions I posted. Link to comment Share on other sites More sharing options...
AAQueen Posted March 5, 2014 Author Share Posted March 5, 2014 Ok, here are the FRST and Additional files from the latest scan. I tired to copy and paste them, but for some reason it won't give me the option to paste once I reply to your messages so I'm attaching them again. Hope thats ok. FRST.txt Addition.txt Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02 Ran by Brenda (administrator) on BRENDA-PC on 05-03-2014 18:26:27 Running from C:\Users\Brenda\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] () HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company) HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe" HKLM\...\Run: [] - [X] HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] () HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software) HKLM-x32\...\Run: [info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [PC Pitstop Diskmd3 Reminder] - C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe [324280 2010-07-22] (PC Pitstop LLC) HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\MountPoints2: {702166e2-4a0f-11e3-afcf-60eb69382610} - G:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hp-notebook.us.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA653D0B78714CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytAzztByCtCtDzy0C0D0BtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByB0AtCyBtAtBtGyD0D0EtCtGtCtAyD0EtGtC0A0AzztGyC0FtD0DtA0F0DtDtD0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0B0DtByDyC0BtGtDtB0B0AtG0D0D0EtBtGtAyCtA0DtGtCtBzz0AyEzz0FzyzzyEyEzz2Q&cr=1077848913&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytAzztByCtCtDzy0C0D0BtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByB0AtCyBtAtBtGyD0D0EtCtGtCtAyD0EtGtC0A0AzztGyC0FtD0DtA0F0DtDtD0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0B0DtByDyC0BtGtDtB0B0AtG0D0D0EtBtGtAyCtA0DtGtCtBzz0AyEzz0FzyzzyEyEzz2Q&cr=1077848913&ir= SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\qlqcgxs4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-15] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-12] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: "name": "Mysearchdial" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12] CHR Extension: (Google Drive) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12] CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12] CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12] CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21] CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software) S3 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2012-11-15] (PC Pitstop LLC) S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor) S3 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software) S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] () S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge) S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-05 18:26 - 2014-03-05 18:26 - 00017558 _____ () C:\Users\Brenda\Desktop\FRST.txt 2014-03-05 18:26 - 2014-03-05 18:26 - 00000000 ____D () C:\FRST 2014-03-05 18:06 - 2014-03-05 18:06 - 02156544 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe 2014-03-05 17:53 - 2014-03-05 17:54 - 00002038 _____ () C:\Users\Brenda\Desktop\Rkill.txt 2014-03-05 17:53 - 2014-03-05 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Brenda\Desktop\rkill.exe 2014-03-05 17:48 - 2014-03-05 17:48 - 00001265 _____ () C:\Users\Brenda\Desktop\AdwCleaner[R3].txt 2014-03-05 17:46 - 2014-03-05 17:46 - 00000000 ____D () C:\Users\Brenda\AppData\Local\adawarebp 2014-03-05 17:37 - 2014-03-05 17:42 - 00007723 _____ () C:\Users\Brenda\Desktop\JRT.txt 2014-03-05 17:27 - 2014-03-05 17:27 - 00000000 ____D () C:\Windows\ERUNT 2014-03-05 17:25 - 2014-03-05 17:25 - 01037734 _____ (Thisisu) C:\Users\Brenda\Desktop\JRT(2).exe 2014-03-05 17:13 - 2014-03-05 17:13 - 01244192 _____ () C:\Users\Brenda\Desktop\AdwCleaner(3).exe 2014-03-05 17:08 - 2014-03-05 17:10 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(2).exe 2014-03-05 17:04 - 2014-03-05 17:48 - 00000000 ____D () C:\AdwCleaner 2014-03-05 17:04 - 2014-03-05 17:04 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(1).exe 2014-03-05 17:02 - 2014-03-05 17:02 - 00862128 _____ (Download Manager Cert ) C:\Users\Brenda\Downloads\SoftwareUpdate.exe 2014-03-05 16:50 - 2014-03-05 16:50 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT(1).exe 2014-03-05 16:47 - 2014-03-05 16:47 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT.exe 2014-03-05 16:44 - 2014-03-05 16:44 - 00000046 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG 2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B 2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge 2014-03-05 16:43 - 2014-03-05 17:44 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-05 16:43 - 2014-03-05 16:44 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-03-05 16:42 - 2014-03-05 16:43 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe 2014-03-05 16:42 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup.exe 2014-03-05 16:40 - 2014-01-16 11:05 - 01105832 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2014-03-05 16:40 - 2014-01-16 11:05 - 00986536 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Downloads\hijackthis.log 2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Desktop\hijackthis.log 2014-03-05 15:02 - 2014-03-05 15:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HijackThis.exe 2014-03-05 15:00 - 2014-03-05 15:01 - 00019867 _____ () C:\Users\Brenda\Desktop\dds.txt 2014-03-05 15:00 - 2014-03-05 15:01 - 00008883 _____ () C:\Users\Brenda\Desktop\attach.txt 2014-03-05 14:58 - 2014-03-05 14:59 - 00688992 ____R (Swearware) C:\Users\Brenda\Downloads\dds.scr 2014-03-05 14:43 - 2014-03-05 14:44 - 00720171 _____ (PC Pitstop ) C:\Users\Brenda\Downloads\diskmd3-setup-6398.exe 2014-03-05 14:42 - 2014-03-05 14:42 - 00484568 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\driveralert2-setup-6398.exe 2014-03-05 14:17 - 2014-03-05 14:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat 2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\LavasoftStatistics 2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Lavasoft 2014-03-04 16:39 - 2014-03-05 17:46 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-04 16:38 - 2014-03-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-03-04 16:36 - 2014-03-04 16:36 - 01727624 _____ () C:\Users\Brenda\Downloads\Adaware_Installer.exe 2014-03-04 16:01 - 2014-03-04 16:01 - 00002034 _____ () C:\Users\Brenda\Desktop\PC Matic.lnk 2014-03-04 16:00 - 2014-03-04 16:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (5).exe 2014-03-04 14:50 - 2014-03-05 17:48 - 00000000 ____D () C:\Users\Brenda\Desktop\kris_files 2014-03-04 14:50 - 2014-03-04 14:50 - 02213299 _____ () C:\Users\Brenda\Desktop\kris.htm 2014-03-04 14:20 - 2014-03-04 14:20 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (4).exe 2014-03-04 14:11 - 2014-03-04 14:11 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (3).exe 2014-03-04 14:06 - 2014-03-04 14:06 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).pkg 2014-03-04 14:05 - 2014-03-04 14:05 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).pkg 2014-03-04 14:02 - 2014-03-04 14:02 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).exe 2014-03-04 14:00 - 2014-03-04 14:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).exe 2014-03-04 13:55 - 2014-03-04 13:55 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398.exe 2014-03-04 13:55 - 2014-03-04 13:55 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398.pkg 2014-02-26 12:17 - 2014-02-28 15:06 - 00775884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 19:12 - 2014-02-25 19:13 - 00344352 _____ () C:\Windows\Minidump\022514-19312-01.dmp 2014-02-25 16:59 - 2014-02-25 16:59 - 00344344 _____ () C:\Windows\Minidump\022514-25646-01.dmp 2014-02-23 16:05 - 2014-02-23 16:06 - 00344424 _____ () C:\Windows\Minidump\022314-19390-01.dmp 2014-02-23 15:43 - 2014-02-23 15:43 - 00344264 _____ () C:\Windows\Minidump\022314-16380-01.dmp 2014-02-21 19:32 - 2014-02-21 19:32 - 00343232 _____ () C:\Windows\Minidump\022114-17160-01.dmp 2014-02-21 19:27 - 2014-02-21 19:27 - 00342720 _____ () C:\Windows\Minidump\022114-17191-01.dmp 2014-02-21 16:17 - 2014-02-21 16:17 - 00000000 ____D () C:\Windows\pss 2014-02-21 16:11 - 2014-02-21 16:11 - 00347488 _____ () C:\Windows\Minidump\022114-17581-01.dmp 2014-02-14 20:01 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-13 09:29 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 09:29 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 09:27 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 09:27 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 09:27 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 09:27 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 09:27 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 09:27 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 09:27 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-13 09:27 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 09:27 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 09:27 - 2014-02-01 01:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-02-13 09:27 - 2014-02-01 01:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-02-12 17:01 - 2014-03-04 16:31 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 17:01 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 17:01 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 17:01 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 17:01 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 17:01 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 17:01 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 17:01 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 17:01 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 17:01 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 17:01 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 17:01 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 17:01 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 17:01 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 17:01 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 17:01 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 17:01 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 17:01 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 17:01 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 17:01 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 17:01 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 17:01 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 17:01 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 17:01 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 17:01 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 17:01 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 17:01 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 17:01 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-12 13:09 - 2014-02-12 13:09 - 00344048 _____ () C:\Windows\Minidump\021214-17222-01.dmp 2014-02-07 11:24 - 2014-02-07 11:24 - 00344432 _____ () C:\Windows\Minidump\020714-22635-01.dmp 2014-02-06 20:09 - 2014-02-06 20:09 - 00363112 _____ () C:\Windows\Minidump\020614-27612-01.dmp 2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys ==================== One Month Modified Files and Folders ======= 2014-03-05 18:26 - 2014-03-05 18:26 - 00017558 _____ () C:\Users\Brenda\Desktop\FRST.txt 2014-03-05 18:26 - 2014-03-05 18:26 - 00000000 ____D () C:\FRST 2014-03-05 18:24 - 2013-01-12 09:17 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D227139-819E-4ED9-AFD3-1409FFC73967} 2014-03-05 18:06 - 2014-03-05 18:06 - 02156544 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe 2014-03-05 17:54 - 2014-03-05 17:53 - 00002038 _____ () C:\Users\Brenda\Desktop\Rkill.txt 2014-03-05 17:53 - 2014-03-05 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Brenda\Desktop\rkill.exe 2014-03-05 17:53 - 2009-07-14 00:13 - 00783270 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-05 17:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-05 17:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-05 17:49 - 2010-07-08 03:30 - 01588408 _____ () C:\Windows\WindowsUpdate.log 2014-03-05 17:48 - 2014-03-05 17:48 - 00001265 _____ () C:\Users\Brenda\Desktop\AdwCleaner[R3].txt 2014-03-05 17:48 - 2014-03-05 17:04 - 00000000 ____D () C:\AdwCleaner 2014-03-05 17:48 - 2014-03-04 14:50 - 00000000 ____D () C:\Users\Brenda\Desktop\kris_files 2014-03-05 17:46 - 2014-03-05 17:46 - 00000000 ____D () C:\Users\Brenda\AppData\Local\adawarebp 2014-03-05 17:46 - 2014-03-04 16:39 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-03-05 17:46 - 2013-03-22 19:46 - 00000000 ____D () C:\ProgramData\Kodak 2014-03-05 17:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-05 17:46 - 2009-07-13 23:51 - 00060702 _____ () C:\Windows\setupact.log 2014-03-05 17:44 - 2014-03-05 16:43 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job 2014-03-05 17:44 - 2013-01-12 13:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-05 17:42 - 2014-03-05 17:37 - 00007723 _____ () C:\Users\Brenda\Desktop\JRT.txt 2014-03-05 17:27 - 2014-03-05 17:27 - 00000000 ____D () C:\Windows\ERUNT 2014-03-05 17:25 - 2014-03-05 17:25 - 01037734 _____ (Thisisu) C:\Users\Brenda\Desktop\JRT(2).exe 2014-03-05 17:19 - 2013-01-12 12:47 - 00000000 ____D () C:\ProgramData\PCPitstop 2014-03-05 17:13 - 2014-03-05 17:13 - 01244192 _____ () C:\Users\Brenda\Desktop\AdwCleaner(3).exe 2014-03-05 17:10 - 2014-03-05 17:08 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(2).exe 2014-03-05 17:04 - 2014-03-05 17:04 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(1).exe 2014-03-05 17:02 - 2014-03-05 17:02 - 00862128 _____ (Download Manager Cert ) C:\Users\Brenda\Downloads\SoftwareUpdate.exe 2014-03-05 16:50 - 2014-03-05 16:50 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT(1).exe 2014-03-05 16:47 - 2014-03-05 16:47 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT.exe 2014-03-05 16:44 - 2014-03-05 16:44 - 00000046 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG 2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B 2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge 2014-03-05 16:44 - 2014-03-05 16:43 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-03-05 16:44 - 2014-02-14 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-05 16:43 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe 2014-03-05 16:42 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup.exe 2014-03-05 16:39 - 2010-05-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Downloads\hijackthis.log 2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Desktop\hijackthis.log 2014-03-05 15:02 - 2014-03-05 15:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HijackThis.exe 2014-03-05 15:02 - 2013-01-06 09:18 - 00000000 ____D () C:\Users\Brenda\AppData\Local\VirtualStore 2014-03-05 15:01 - 2014-03-05 15:00 - 00019867 _____ () C:\Users\Brenda\Desktop\dds.txt 2014-03-05 15:01 - 2014-03-05 15:00 - 00008883 _____ () C:\Users\Brenda\Desktop\attach.txt 2014-03-05 14:59 - 2014-03-05 14:58 - 00688992 ____R (Swearware) C:\Users\Brenda\Downloads\dds.scr 2014-03-05 14:44 - 2014-03-05 14:43 - 00720171 _____ (PC Pitstop ) C:\Users\Brenda\Downloads\diskmd3-setup-6398.exe 2014-03-05 14:44 - 2013-01-12 12:47 - 00000000 ____D () C:\Program Files (x86)\PCPitstop 2014-03-05 14:42 - 2014-03-05 14:42 - 00484568 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\driveralert2-setup-6398.exe 2014-03-05 14:17 - 2014-03-05 14:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat 2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\LavasoftStatistics 2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Lavasoft 2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\Program Files\Lavasoft 2014-03-04 16:38 - 2014-03-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-03-04 16:36 - 2014-03-04 16:36 - 01727624 _____ () C:\Users\Brenda\Downloads\Adaware_Installer.exe 2014-03-04 16:31 - 2014-02-12 17:01 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-03-04 16:01 - 2014-03-04 16:01 - 00002034 _____ () C:\Users\Brenda\Desktop\PC Matic.lnk 2014-03-04 16:00 - 2014-03-04 16:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (5).exe 2014-03-04 15:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-04 15:25 - 2013-04-22 16:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-03-04 14:50 - 2014-03-04 14:50 - 02213299 _____ () C:\Users\Brenda\Desktop\kris.htm 2014-03-04 14:20 - 2014-03-04 14:20 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (4).exe 2014-03-04 14:11 - 2014-03-04 14:11 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (3).exe 2014-03-04 14:06 - 2014-03-04 14:06 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).pkg 2014-03-04 14:05 - 2014-03-04 14:05 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).pkg 2014-03-04 14:02 - 2014-03-04 14:02 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).exe 2014-03-04 14:00 - 2014-03-04 14:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).exe 2014-03-04 13:55 - 2014-03-04 13:55 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398.exe 2014-03-04 13:55 - 2014-03-04 13:55 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398.pkg 2014-03-04 13:05 - 2013-01-12 12:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-03 11:31 - 2013-01-05 18:41 - 00474182 _____ () C:\Windows\PFRO.log 2014-02-28 15:06 - 2014-02-26 12:17 - 00775884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 19:13 - 2014-02-25 19:12 - 00344352 _____ () C:\Windows\Minidump\022514-19312-01.dmp 2014-02-25 19:12 - 2013-08-05 18:09 - 473036828 _____ () C:\Windows\MEMORY.DMP 2014-02-25 19:12 - 2013-08-05 18:09 - 00000000 ____D () C:\Windows\Minidump 2014-02-25 16:59 - 2014-02-25 16:59 - 00344344 _____ () C:\Windows\Minidump\022514-25646-01.dmp 2014-02-25 13:01 - 2010-05-15 00:07 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-02-25 13:01 - 2010-05-14 23:35 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-02-23 16:06 - 2014-02-23 16:05 - 00344424 _____ () C:\Windows\Minidump\022314-19390-01.dmp 2014-02-23 15:43 - 2014-02-23 15:43 - 00344264 _____ () C:\Windows\Minidump\022314-16380-01.dmp 2014-02-21 19:32 - 2014-02-21 19:32 - 00343232 _____ () C:\Windows\Minidump\022114-17160-01.dmp 2014-02-21 19:27 - 2014-02-21 19:27 - 00342720 _____ () C:\Windows\Minidump\022114-17191-01.dmp 2014-02-21 16:17 - 2014-02-21 16:17 - 00000000 ____D () C:\Windows\pss 2014-02-21 16:11 - 2014-02-21 16:11 - 00347488 _____ () C:\Windows\Minidump\022114-17581-01.dmp 2014-02-20 19:44 - 2013-01-12 13:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-20 19:44 - 2013-01-12 13:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-20 19:44 - 2013-01-12 13:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-17 14:00 - 2013-01-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 10:50 - 2013-07-24 11:47 - 00000000 ____D () C:\Windows\system32\MRT 2014-02-17 10:48 - 2013-02-05 19:11 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-02-13 16:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-02-12 13:09 - 2014-02-12 13:09 - 00344048 _____ () C:\Windows\Minidump\021214-17222-01.dmp 2014-02-07 11:24 - 2014-02-07 11:24 - 00344432 _____ () C:\Windows\Minidump\020714-22635-01.dmp 2014-02-06 20:09 - 2014-02-06 20:09 - 00363112 _____ () C:\Windows\Minidump\020614-27612-01.dmp 2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys Some content of TEMP: ==================== C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-28 16:55 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02 Ran by Brenda at 2014-03-05 18:27:00 Running from C:\Users\Brenda\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft) AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.) Adobe Shockwave Player 12.0 (HKLM-x32\...\{5EE20277-6E60-422C-93E4-35E732F885E6}) (Version: 12.0.9.149 - Adobe Systems, Inc) aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.) Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden Cardo Upgrades (HKLM-x32\...\{6536E094-5367-4742-B066-A8450F93427B}) (Version: 3.0.19 - Cardo Systems) center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.) CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.) Hidden CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.) CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden Google Chrome (HKLM-x32\...\{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}) (Version: 65.156.32827 - Google, Inc.) Google Drive (HKLM-x32\...\{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}) (Version: 1.9.4536.8202 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP Game Console (x32 Version: - WildTangent) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent) HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard) HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden HP Software Framework (HKLM-x32\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HP User Guides 0183 (HKLM-x32\...\{BC146E5F-A2B0-40DB-90E7-2833807E98DF}) (Version: 1.01.0001 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company) ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd) Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden PC Matic 1.1.0.50 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.50 - PC Pitstop LLC) PC Pitstop DiskMD 3 (HKLM-x32\...\{D39144D1-46C1-44A9-B9EF-EE2B4A5EC00B}_is1) (Version: 3.0.0.2 - PC Pitstop) PC Pitstop Driver Alert2 2.0.0.0 (HKLM-x32\...\PC Pitstop Driver Alert2_is1) (Version: 2.0.0.0 - PC Pitstop LLC) PC Pitstop Info Center 1.0.0.16 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.16 - PC Pitstop LLC.) Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company) Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/29/2013 6.0.1.6873) (HKLM\...\3BE1619FF33796DE6A3369EF68DAE6A0057FFF8E) (Version: 03/29/2013 6.0.1.6873 - Realtek Semiconductor Corp.) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\A2B4E54A0A70EB7790D303E86DE5D4B06DFC5B28) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/16/2013 6.0.1.6971) (HKLM\...\3AC33DD91192BCC628A51E2918C6C1669BAD1C2B) (Version: 07/16/2013 6.0.1.6971 - Realtek Semiconductor Corp.) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (09/13/2013 6.0.1.7040) (HKLM\...\95277BD995B6DAA6FA9D43483C6816836638EB08) (Version: 09/13/2013 6.0.1.7040 - Realtek Semiconductor Corp.) Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Restore Points ========================= 02-03-2014 20:12:32 PC Pitstop Restore Point 04-03-2014 00:32:54 PC Pitstop Restore Point 04-03-2014 18:06:16 Windows Update 04-03-2014 21:37:06 AA11 05-03-2014 21:38:44 Removed Java 6 Update 17 05-03-2014 21:39:38 Removed Java 6 Update 45 (64-bit) ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {7DFF1E66-78E7-4E2A-9861-9F726C463917} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] () Task: {80FADD49-CB42-4A0E-8DB8-711033201E34} - System32\Tasks\Hewlett-Packard\HP Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2010-03-24] (Hewlett-Packard) Task: {C3CD73F1-A142-4364-AFA8-F142CA11167B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated) Task: {D21C6551-819D-4033-8E69-0301AC53F533} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software) Task: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {F6DAF9A0-3BA2-4F2D-87F3-5526DEFEE15B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-01-23 16:09 - 2014-01-23 16:09 - 00702744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe 2014-01-23 16:30 - 2014-01-23 16:30 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 03720040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 02595144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00602984 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00291192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00268152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00253800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll 20 Link to comment Share on other sites More sharing options...
Juliet Posted March 5, 2014 Share Posted March 5, 2014 I posted the logs to make it easier to read. At the bottom if you click on more reply options it should allow you to copy and paste the logs in. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start HKLM\...\Run: [] - [X] URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir= SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl SearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File CHR DefaultSearchProvider: "name": "Mysearchdial" R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge) 2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge 2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION Task: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:5C321E34 Reboot: end Your computer should reboot. Please post the fixlist.txt when finished Link to comment Share on other sites More sharing options...
AAQueen Posted March 6, 2014 Author Share Posted March 6, 2014 (edited) Juliet, I have the fixlist file saved on the desktop next to the FRST files. What do I need to do now? The computer didn't reboot so I must have missed a step. Edited March 6, 2014 by AAQueen Link to comment Share on other sites More sharing options...
Juliet Posted March 6, 2014 Share Posted March 6, 2014 It should had rebooted the computer. Can you post the log it created? Link to comment Share on other sites More sharing options...
AAQueen Posted March 6, 2014 Author Share Posted March 6, 2014 It didn't reboot it. I have each of those files beside one another. Link to comment Share on other sites More sharing options...
AAQueen Posted March 6, 2014 Author Share Posted March 6, 2014 Ok, just tried again and this time, the computer did reboot and generate the following file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02Ran by Brenda at 2014-03-06 14:01:30 Run:1Running from C:\Users\Brenda\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************startHKLM\...\Run: [] - [X]URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No FileSearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushplSearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushplSearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushplBHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileToolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileFF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No FileCHR DefaultSearchProvider: "name": "Mysearchdial"R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sysC:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exeQuiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTIONZip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTIONTask: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:5C321E34Reboot:end*****************HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => Value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A44E6C8-9075-499D-B972-F79CFF9C2333} => Key deleted successfully.HKCR\CLSID\{2A44E6C8-9075-499D-B972-F79CFF9C2333} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.HKCR\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.HKCR\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key deleted successfully.HKCR\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.HKLM\Software\Wow6432Node\MozillaPlugins\@TelevisionFanatic.com/Plugin => Key deleted successfully.C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found.CHR DefaultSearchProvider: "name": "Mysearchdial" ==> The Chrome "Settings" can be used to fix the entry.qknfd => Unable to stop serviceqknfd => Service deleted successfully.C:\Program Files\Quiknowledge => Moved successfully.C:\Windows\system32\Drivers\qknfd.sys => Moved successfully.C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA169ABC-7915-4EAE-8788-CA00C84D0289} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA169ABC-7915-4EAE-8788-CA00C84D0289} => Key deleted successfully.C:\Windows\System32\Tasks\Digital Sites => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.C:\Windows\Tasks\Digital Sites.job => Moved successfully.C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.The system needed a reboot.==== End of Fixlog ==== Link to comment Share on other sites More sharing options...
Juliet Posted March 6, 2014 Share Posted March 6, 2014 This looks good now, let's go after remnants. Tell me how the computer is now? Please Run TFC by OldTimer to clear temporary files: Download TFC from here http://oldtimer.geekstogo.com/TFC.exe and save it to your desktop. Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. ~~~~~~~~~~~~~~~~~~~~~~~~~ Go here to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish Link to comment Share on other sites More sharing options...
AAQueen Posted March 6, 2014 Author Share Posted March 6, 2014 Going to run the new scans now but wanted to let you know that everytime the computer boots there is an error box that pops up saying there is a Windows.... "Bad Image" and it takes forever to re-boot. Link to comment Share on other sites More sharing options...
AAQueen Posted March 6, 2014 Author Share Posted March 6, 2014 Downloaded TFC from the link that you provided and saved it to my desktop. I am running Windows 7 so I right clicked and went to Run As Administrator and get the following message: C:\Users\Brenda\Desktop\TFC.exe is not a valid Win32 application Link to comment Share on other sites More sharing options...
Juliet Posted March 6, 2014 Share Posted March 6, 2014 Is that happening with other apps too, or is it just TFC? Delete that copy, reboot and download a new one (it shouldn't matter where you save it). Then try once more. if it still continues to do that just skip it and continue with that last scan. Link to comment Share on other sites More sharing options...
AAQueen Posted March 7, 2014 Author Share Posted March 7, 2014 Result of ESET Scan C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39bprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\NP39Stub.dll.vir Win32/Toolbar.MyWebSearch.T potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\FRST\Quarantine\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe06-03-2014_14-01-35 a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationC:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Brenda\Downloads\SoftwareUpdate.exe a variant of Win32/AirAdInstaller.A potentially unwanted applicationC:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe a variant of Win32/InstallCore.KT potentially unwanted applicationC:\Users\Brenda\Downloads\ZipExtractorSetup.exe a variant of Win32/InstallCore.KT potentially unwanted application Link to comment Share on other sites More sharing options...
Juliet Posted March 7, 2014 Share Posted March 7, 2014 Thats pretty good actually considering where we came from Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) start C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe C:\Users\Brenda\Downloads\SoftwareUpdate.exe C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe C:\Users\Brenda\Downloads\ZipExtractorSetup.exe Reboot: end Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Please give me an update on how the computer is now. Link to comment Share on other sites More sharing options...
AAQueen Posted March 7, 2014 Author Share Posted March 7, 2014 New Fixlist Log Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02Ran by Brenda at 2014-03-06 19:51:12 Run:2Running from C:\Users\Brenda\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************startC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dllC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dllC:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exeC:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exeC:\Users\Brenda\Downloads\SoftwareUpdate.exeC:\Users\Brenda\Downloads\ZipExtractorSetup(1).exeC:\Users\Brenda\Downloads\ZipExtractorSetup.exeReboot:end***************** C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll => Moved successfully.C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll => Moved successfully.C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe => Moved successfully.C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe => Moved successfully.C:\Users\Brenda\Downloads\SoftwareUpdate.exe => Moved successfully.C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe => Moved successfully.C:\Users\Brenda\Downloads\ZipExtractorSetup.exe => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts