Jump to content

HJT Log


AAQueen
 Share

Recommended Posts

Hi Everyone,

 

I am hoping that I am posting this in the correct spot. I am pretty sure that something is going on with this computer. My dad called and asked me to come up and see if I could get his antivirus to turn on and I have had no luck. On top of that, it appears as though his antivirus and anti-malware that he has tried have been disabled as he got a notice about that. I am no expert at all with regards to really understanding what these logs show but after reading some of the posts on this forum it looks like you guys recommend running a couple of scans so I am including them on this message and crossing my fingers that I do have this in the right place.

 

 

 

 

 

HJT Log

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:03:12 PM, on 3/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
FIREFOX: 27.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (file missing)
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (file missing)
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (file missing)
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (file missing)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [PC Pitstop Diskmd3 Reminder] C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12696 bytes

 

attach.txt

dds.txt

Link to comment
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

This looks like it could get messy.

 

I got a feeling when we try to download some removal tools, they might be blocked in normal mode.

 

I'll post instructions for Safe Mode with Networking in case that should happen.

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7

Restart your computer.

When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options screen

 

Using the arrow keys, select the Safe Mode, Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Link to comment
Share on other sites

Juliet,

 

I was able to get the first program downloaded (ADwCleaner) and I did have to download it in safe mode and run the program. The first time that it ran there was ALOT of items that appeared so I did just as you said and clicked on "Clean". The computer re-started but no log file ever came up so I attempted to run it again. The second time, a few more objects came up and when I clicked on "Clean", it re-started and once it re-booted the log file appeared but when I went to save it to my desktop it just disappeared and I can't find it anywhere. Do I need to run another one?

 

I am working on the second program that you asked me to download now and I have removed the 4 programs that you asked me to. I appreciate your help SO much!!

Link to comment
Share on other sites

Good deal.

 

See signs that the computer is working better?

 

 

We should be able to work in normal mode now.

Try these tools below, if not jump back into safe mode.

 

 

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  • rkill.exe
  • rkill.com
  • rkill.scr
  • rkill.pif
  • WiNlOgOn.exe
  • uSeRiNiT.exe
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    Please download Farbar Recovery Scan Tool

     

    (use correct version for your system.....Which system am I using?)

    and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

     

     

     

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to comment
Share on other sites

Yes ma'am, we are able to work in normal mode now. There are all kinds of Windows errors on reboot or when trying to save a logfile about "bad image", dll error, etc. I am attaching that file from the ADw cleaner now though it doesn't look like the very first one.

AdwCleanerR3.txt

Link to comment
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02

Ran by Brenda (administrator) on BRENDA-PC on 05-03-2014 18:26:27

Running from C:\Users\Brenda\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] ()

HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"

HKLM\...\Run: [] - [X]

HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()

HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe

HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)

HKLM-x32\...\Run: [info Center] - C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC)

HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)

HKLM-x32\...\Run: [PC Pitstop Diskmd3 Reminder] - C:\Program Files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe [324280 2010-07-22] (PC Pitstop LLC)

HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\MountPoints2: G - G:\LaunchU3.exe -a

HKU\S-1-5-21-1897920354-356747738-1419999941-1000\...\MountPoints2: {702166e2-4a0f-11e3-afcf-60eb69382610} - G:\LaunchU3.exe -a

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hp-notebook.us.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA653D0B78714CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File

SearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytAzztByCtCtDzy0C0D0BtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByB0AtCyBtAtBtGyD0D0EtCtGtCtAyD0EtGtC0A0AzztGyC0FtD0DtA0F0DtDtD0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0B0DtByDyC0BtGtDtB0B0AtG0D0D0EtBtGtAyCtA0DtGtCtBzz0AyEzz0FzyzzyEyEzz2Q&cr=1077848913&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCtD0E0ByCzytAzztByCtCtDzy0C0D0BtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByB0AtCyBtAtBtGyD0D0EtCtGtCtAyD0EtGtC0A0AzztGyC0FtD0DtA0F0DtDtD0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0B0DtByDyC0BtGtDtB0B0AtG0D0D0EtBtGtAyCtA0DtGtCtBzz0AyEzz0FzyzzyEyEzz2Q&cr=1077848913&ir=

SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\qlqcgxs4.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-05-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-12]

 

Chrome:

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com"

CHR DefaultSearchProvider: "name": "Mysearchdial"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.59\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File

CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12]

CHR Extension: (Google Drive) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]

CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]

CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]

CHR Extension: (Google Wallet) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]

CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]

 

==================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)

S3 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86216 2012-11-15] (PC Pitstop LLC)

S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-13] (Realtek Semiconductor)

S3 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] ()

S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [32768 2008-10-24] (CSR)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-05 18:26 - 2014-03-05 18:26 - 00017558 _____ () C:\Users\Brenda\Desktop\FRST.txt

2014-03-05 18:26 - 2014-03-05 18:26 - 00000000 ____D () C:\FRST

2014-03-05 18:06 - 2014-03-05 18:06 - 02156544 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe

2014-03-05 17:53 - 2014-03-05 17:54 - 00002038 _____ () C:\Users\Brenda\Desktop\Rkill.txt

2014-03-05 17:53 - 2014-03-05 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Brenda\Desktop\rkill.exe

2014-03-05 17:48 - 2014-03-05 17:48 - 00001265 _____ () C:\Users\Brenda\Desktop\AdwCleaner[R3].txt

2014-03-05 17:46 - 2014-03-05 17:46 - 00000000 ____D () C:\Users\Brenda\AppData\Local\adawarebp

2014-03-05 17:37 - 2014-03-05 17:42 - 00007723 _____ () C:\Users\Brenda\Desktop\JRT.txt

2014-03-05 17:27 - 2014-03-05 17:27 - 00000000 ____D () C:\Windows\ERUNT

2014-03-05 17:25 - 2014-03-05 17:25 - 01037734 _____ (Thisisu) C:\Users\Brenda\Desktop\JRT(2).exe

2014-03-05 17:13 - 2014-03-05 17:13 - 01244192 _____ () C:\Users\Brenda\Desktop\AdwCleaner(3).exe

2014-03-05 17:08 - 2014-03-05 17:10 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(2).exe

2014-03-05 17:04 - 2014-03-05 17:48 - 00000000 ____D () C:\AdwCleaner

2014-03-05 17:04 - 2014-03-05 17:04 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(1).exe

2014-03-05 17:02 - 2014-03-05 17:02 - 00862128 _____ (Download Manager Cert ) C:\Users\Brenda\Downloads\SoftwareUpdate.exe

2014-03-05 16:50 - 2014-03-05 16:50 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT(1).exe

2014-03-05 16:47 - 2014-03-05 16:47 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT.exe

2014-03-05 16:44 - 2014-03-05 16:44 - 00000046 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG

2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B

2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge

2014-03-05 16:43 - 2014-03-05 17:44 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-05 16:43 - 2014-03-05 16:44 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites

2014-03-05 16:42 - 2014-03-05 16:43 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe

2014-03-05 16:42 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup.exe

2014-03-05 16:40 - 2014-01-16 11:05 - 01105832 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll

2014-03-05 16:40 - 2014-01-16 11:05 - 00986536 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Downloads\hijackthis.log

2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Desktop\hijackthis.log

2014-03-05 15:02 - 2014-03-05 15:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HijackThis.exe

2014-03-05 15:00 - 2014-03-05 15:01 - 00019867 _____ () C:\Users\Brenda\Desktop\dds.txt

2014-03-05 15:00 - 2014-03-05 15:01 - 00008883 _____ () C:\Users\Brenda\Desktop\attach.txt

2014-03-05 14:58 - 2014-03-05 14:59 - 00688992 ____R (Swearware) C:\Users\Brenda\Downloads\dds.scr

2014-03-05 14:43 - 2014-03-05 14:44 - 00720171 _____ (PC Pitstop ) C:\Users\Brenda\Downloads\diskmd3-setup-6398.exe

2014-03-05 14:42 - 2014-03-05 14:42 - 00484568 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\driveralert2-setup-6398.exe

2014-03-05 14:17 - 2014-03-05 14:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat

2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\LavasoftStatistics

2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Lavasoft

2014-03-04 16:39 - 2014-03-05 17:46 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\Program Files\Lavasoft

2014-03-04 16:38 - 2014-03-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-03-04 16:36 - 2014-03-04 16:36 - 01727624 _____ () C:\Users\Brenda\Downloads\Adaware_Installer.exe

2014-03-04 16:01 - 2014-03-04 16:01 - 00002034 _____ () C:\Users\Brenda\Desktop\PC Matic.lnk

2014-03-04 16:00 - 2014-03-04 16:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (5).exe

2014-03-04 14:50 - 2014-03-05 17:48 - 00000000 ____D () C:\Users\Brenda\Desktop\kris_files

2014-03-04 14:50 - 2014-03-04 14:50 - 02213299 _____ () C:\Users\Brenda\Desktop\kris.htm

2014-03-04 14:20 - 2014-03-04 14:20 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (4).exe

2014-03-04 14:11 - 2014-03-04 14:11 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (3).exe

2014-03-04 14:06 - 2014-03-04 14:06 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).pkg

2014-03-04 14:05 - 2014-03-04 14:05 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).pkg

2014-03-04 14:02 - 2014-03-04 14:02 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).exe

2014-03-04 14:00 - 2014-03-04 14:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).exe

2014-03-04 13:55 - 2014-03-04 13:55 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398.exe

2014-03-04 13:55 - 2014-03-04 13:55 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398.pkg

2014-02-26 12:17 - 2014-02-28 15:06 - 00775884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-25 19:12 - 2014-02-25 19:13 - 00344352 _____ () C:\Windows\Minidump\022514-19312-01.dmp

2014-02-25 16:59 - 2014-02-25 16:59 - 00344344 _____ () C:\Windows\Minidump\022514-25646-01.dmp

2014-02-23 16:05 - 2014-02-23 16:06 - 00344424 _____ () C:\Windows\Minidump\022314-19390-01.dmp

2014-02-23 15:43 - 2014-02-23 15:43 - 00344264 _____ () C:\Windows\Minidump\022314-16380-01.dmp

2014-02-21 19:32 - 2014-02-21 19:32 - 00343232 _____ () C:\Windows\Minidump\022114-17160-01.dmp

2014-02-21 19:27 - 2014-02-21 19:27 - 00342720 _____ () C:\Windows\Minidump\022114-17191-01.dmp

2014-02-21 16:17 - 2014-02-21 16:17 - 00000000 ____D () C:\Windows\pss

2014-02-21 16:11 - 2014-02-21 16:11 - 00347488 _____ () C:\Windows\Minidump\022114-17581-01.dmp

2014-02-14 20:01 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-13 09:29 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-13 09:29 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-13 09:27 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-13 09:27 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-13 09:27 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-13 09:27 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-13 09:27 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-13 09:27 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-13 09:27 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-13 09:27 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-13 09:27 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-13 09:27 - 2014-02-01 01:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-02-13 09:27 - 2014-02-01 01:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-02-12 17:01 - 2014-03-04 16:31 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-12 17:01 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-12 17:01 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-12 17:01 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-12 17:01 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-12 17:01 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-12 17:01 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-12 17:01 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-12 17:01 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-12 17:01 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-12 17:01 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-12 17:01 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-12 17:01 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-12 17:01 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-12 17:01 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-12 17:01 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-12 17:01 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-12 17:01 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-12 17:01 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-12 17:01 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-12 17:01 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-12 17:01 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-12 17:01 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-12 17:01 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-12 17:01 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-12 17:01 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-12 17:01 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-12 17:01 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-12 13:09 - 2014-02-12 13:09 - 00344048 _____ () C:\Windows\Minidump\021214-17222-01.dmp

2014-02-07 11:24 - 2014-02-07 11:24 - 00344432 _____ () C:\Windows\Minidump\020714-22635-01.dmp

2014-02-06 20:09 - 2014-02-06 20:09 - 00363112 _____ () C:\Windows\Minidump\020614-27612-01.dmp

2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys

 

==================== One Month Modified Files and Folders =======

 

2014-03-05 18:26 - 2014-03-05 18:26 - 00017558 _____ () C:\Users\Brenda\Desktop\FRST.txt

2014-03-05 18:26 - 2014-03-05 18:26 - 00000000 ____D () C:\FRST

2014-03-05 18:24 - 2013-01-12 09:17 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D227139-819E-4ED9-AFD3-1409FFC73967}

2014-03-05 18:06 - 2014-03-05 18:06 - 02156544 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe

2014-03-05 17:54 - 2014-03-05 17:53 - 00002038 _____ () C:\Users\Brenda\Desktop\Rkill.txt

2014-03-05 17:53 - 2014-03-05 17:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Brenda\Desktop\rkill.exe

2014-03-05 17:53 - 2009-07-14 00:13 - 00783270 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-05 17:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-05 17:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-05 17:49 - 2010-07-08 03:30 - 01588408 _____ () C:\Windows\WindowsUpdate.log

2014-03-05 17:48 - 2014-03-05 17:48 - 00001265 _____ () C:\Users\Brenda\Desktop\AdwCleaner[R3].txt

2014-03-05 17:48 - 2014-03-05 17:04 - 00000000 ____D () C:\AdwCleaner

2014-03-05 17:48 - 2014-03-04 14:50 - 00000000 ____D () C:\Users\Brenda\Desktop\kris_files

2014-03-05 17:46 - 2014-03-05 17:46 - 00000000 ____D () C:\Users\Brenda\AppData\Local\adawarebp

2014-03-05 17:46 - 2014-03-04 16:39 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2014-03-05 17:46 - 2013-03-22 19:46 - 00000000 ____D () C:\ProgramData\Kodak

2014-03-05 17:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-05 17:46 - 2009-07-13 23:51 - 00060702 _____ () C:\Windows\setupact.log

2014-03-05 17:44 - 2014-03-05 16:43 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job

2014-03-05 17:44 - 2013-01-12 13:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-05 17:42 - 2014-03-05 17:37 - 00007723 _____ () C:\Users\Brenda\Desktop\JRT.txt

2014-03-05 17:27 - 2014-03-05 17:27 - 00000000 ____D () C:\Windows\ERUNT

2014-03-05 17:25 - 2014-03-05 17:25 - 01037734 _____ (Thisisu) C:\Users\Brenda\Desktop\JRT(2).exe

2014-03-05 17:19 - 2013-01-12 12:47 - 00000000 ____D () C:\ProgramData\PCPitstop

2014-03-05 17:13 - 2014-03-05 17:13 - 01244192 _____ () C:\Users\Brenda\Desktop\AdwCleaner(3).exe

2014-03-05 17:10 - 2014-03-05 17:08 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(2).exe

2014-03-05 17:04 - 2014-03-05 17:04 - 01244192 _____ () C:\Users\Brenda\Downloads\AdwCleaner(1).exe

2014-03-05 17:02 - 2014-03-05 17:02 - 00862128 _____ (Download Manager Cert ) C:\Users\Brenda\Downloads\SoftwareUpdate.exe

2014-03-05 16:50 - 2014-03-05 16:50 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT(1).exe

2014-03-05 16:47 - 2014-03-05 16:47 - 00000000 _____ () C:\Users\Brenda\Downloads\JRT.exe

2014-03-05 16:44 - 2014-03-05 16:44 - 00000046 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG

2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B

2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge

2014-03-05 16:44 - 2014-03-05 16:43 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites

2014-03-05 16:44 - 2014-02-14 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-05 16:43 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe

2014-03-05 16:42 - 2014-03-05 16:42 - 00667648 _____ ( ) C:\Users\Brenda\Downloads\ZipExtractorSetup.exe

2014-03-05 16:39 - 2010-05-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Java

2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Downloads\hijackthis.log

2014-03-05 15:03 - 2014-03-05 15:03 - 00012698 _____ () C:\Users\Brenda\Desktop\hijackthis.log

2014-03-05 15:02 - 2014-03-05 15:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HijackThis.exe

2014-03-05 15:02 - 2013-01-06 09:18 - 00000000 ____D () C:\Users\Brenda\AppData\Local\VirtualStore

2014-03-05 15:01 - 2014-03-05 15:00 - 00019867 _____ () C:\Users\Brenda\Desktop\dds.txt

2014-03-05 15:01 - 2014-03-05 15:00 - 00008883 _____ () C:\Users\Brenda\Desktop\attach.txt

2014-03-05 14:59 - 2014-03-05 14:58 - 00688992 ____R (Swearware) C:\Users\Brenda\Downloads\dds.scr

2014-03-05 14:44 - 2014-03-05 14:43 - 00720171 _____ (PC Pitstop ) C:\Users\Brenda\Downloads\diskmd3-setup-6398.exe

2014-03-05 14:44 - 2013-01-12 12:47 - 00000000 ____D () C:\Program Files (x86)\PCPitstop

2014-03-05 14:42 - 2014-03-05 14:42 - 00484568 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\driveralert2-setup-6398.exe

2014-03-05 14:17 - 2014-03-05 14:17 - 00000000 ____D () C:\ProgramData\PCPitstopDat

2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\LavasoftStatistics

2014-03-05 14:04 - 2014-03-05 14:04 - 00000000 ____D () C:\Users\Brenda\AppData\Roaming\Lavasoft

2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection

2014-03-04 16:39 - 2014-03-04 16:39 - 00000000 ____D () C:\Program Files\Lavasoft

2014-03-04 16:38 - 2014-03-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\ProgramData\Lavasoft

2014-03-04 16:37 - 2014-03-04 16:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2014-03-04 16:36 - 2014-03-04 16:36 - 01727624 _____ () C:\Users\Brenda\Downloads\Adaware_Installer.exe

2014-03-04 16:31 - 2014-02-12 17:01 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-03-04 16:01 - 2014-03-04 16:01 - 00002034 _____ () C:\Users\Brenda\Desktop\PC Matic.lnk

2014-03-04 16:00 - 2014-03-04 16:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (5).exe

2014-03-04 15:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-04 15:25 - 2013-04-22 16:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-03-04 14:50 - 2014-03-04 14:50 - 02213299 _____ () C:\Users\Brenda\Desktop\kris.htm

2014-03-04 14:20 - 2014-03-04 14:20 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (4).exe

2014-03-04 14:11 - 2014-03-04 14:11 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (3).exe

2014-03-04 14:06 - 2014-03-04 14:06 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).pkg

2014-03-04 14:05 - 2014-03-04 14:05 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).pkg

2014-03-04 14:02 - 2014-03-04 14:02 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (2).exe

2014-03-04 14:00 - 2014-03-04 14:00 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398 (1).exe

2014-03-04 13:55 - 2014-03-04 13:55 - 01488520 _____ (PC Pitstop LLC ) C:\Users\Brenda\Downloads\pcmatic-setup-6398.exe

2014-03-04 13:55 - 2014-03-04 13:55 - 01179795 _____ () C:\Users\Brenda\Downloads\pcmatic-setup-6398.pkg

2014-03-04 13:05 - 2013-01-12 12:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-03 11:31 - 2013-01-05 18:41 - 00474182 _____ () C:\Windows\PFRO.log

2014-02-28 15:06 - 2014-02-26 12:17 - 00775884 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-25 19:13 - 2014-02-25 19:12 - 00344352 _____ () C:\Windows\Minidump\022514-19312-01.dmp

2014-02-25 19:12 - 2013-08-05 18:09 - 473036828 _____ () C:\Windows\MEMORY.DMP

2014-02-25 19:12 - 2013-08-05 18:09 - 00000000 ____D () C:\Windows\Minidump

2014-02-25 16:59 - 2014-02-25 16:59 - 00344344 _____ () C:\Windows\Minidump\022514-25646-01.dmp

2014-02-25 13:01 - 2010-05-15 00:07 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2014-02-25 13:01 - 2010-05-14 23:35 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-02-23 16:06 - 2014-02-23 16:05 - 00344424 _____ () C:\Windows\Minidump\022314-19390-01.dmp

2014-02-23 15:43 - 2014-02-23 15:43 - 00344264 _____ () C:\Windows\Minidump\022314-16380-01.dmp

2014-02-21 19:32 - 2014-02-21 19:32 - 00343232 _____ () C:\Windows\Minidump\022114-17160-01.dmp

2014-02-21 19:27 - 2014-02-21 19:27 - 00342720 _____ () C:\Windows\Minidump\022114-17191-01.dmp

2014-02-21 16:17 - 2014-02-21 16:17 - 00000000 ____D () C:\Windows\pss

2014-02-21 16:11 - 2014-02-21 16:11 - 00347488 _____ () C:\Windows\Minidump\022114-17581-01.dmp

2014-02-20 19:44 - 2013-01-12 13:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-20 19:44 - 2013-01-12 13:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 19:44 - 2013-01-12 13:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-17 14:00 - 2013-01-12 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-17 10:50 - 2013-07-24 11:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-17 10:48 - 2013-02-05 19:11 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-13 16:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-02-12 13:09 - 2014-02-12 13:09 - 00344048 _____ () C:\Windows\Minidump\021214-17222-01.dmp

2014-02-07 11:24 - 2014-02-07 11:24 - 00344432 _____ () C:\Windows\Minidump\020714-22635-01.dmp

2014-02-06 20:09 - 2014-02-06 20:09 - 00363112 _____ () C:\Windows\Minidump\020614-27612-01.dmp

2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys

 

Some content of TEMP:

====================

C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-28 16:55

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02

Ran by Brenda at 2014-03-05 18:27:00

Running from C:\Users\Brenda\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

 

==================== Installed Programs ======================

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft)

AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden

AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\{5EE20277-6E60-422C-93E4-35E732F885E6}) (Version: 12.0.9.149 - Adobe Systems, Inc)

aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden

aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden

aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden

AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cardo Upgrades (HKLM-x32\...\{6536E094-5367-4742-B066-A8450F93427B}) (Version: 3.0.19 - Cardo Systems)

center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 7.0.2216 - CyberLink Corp.) Hidden

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)

CyberLink MediaShow (x32 Version: 4.1.3419 - CyberLink Corp.) Hidden

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)

CyberLink PowerDVD 8 (x32 Version: 8.0.1.1110 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}) (Version: 65.156.32827 - Google, Inc.)

Google Drive (HKLM-x32\...\{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}) (Version: 1.9.4536.8202 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden

HP Game Console (x32 Version: - WildTangent) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)

HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)

HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden

HP Software Framework (HKLM-x32\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)

HP User Guides 0183 (HKLM-x32\...\{BC146E5F-A2B0-40DB-90E7-2833807E98DF}) (Version: 1.01.0001 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)

ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)

Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden

PC Matic 1.1.0.50 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.50 - PC Pitstop LLC)

PC Pitstop DiskMD 3 (HKLM-x32\...\{D39144D1-46C1-44A9-B9EF-EE2B4A5EC00B}_is1) (Version: 3.0.0.2 - PC Pitstop)

PC Pitstop Driver Alert2 2.0.0.0 (HKLM-x32\...\PC Pitstop Driver Alert2_is1) (Version: 2.0.0.0 - PC Pitstop LLC)

PC Pitstop Info Center 1.0.0.16 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.16 - PC Pitstop LLC.)

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.18 - Hewlett-Packard Company)

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden

PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden

Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)

TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/29/2013 6.0.1.6873) (HKLM\...\3BE1619FF33796DE6A3369EF68DAE6A0057FFF8E) (Version: 03/29/2013 6.0.1.6873 - Realtek Semiconductor Corp.)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) (HKLM\...\A2B4E54A0A70EB7790D303E86DE5D4B06DFC5B28) (Version: 06/19/2012 6.0.1.6662 - Realtek Semiconductor Corp.)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/16/2013 6.0.1.6971) (HKLM\...\3AC33DD91192BCC628A51E2918C6C1669BAD1C2B) (Version: 07/16/2013 6.0.1.6971 - Realtek Semiconductor Corp.)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (09/13/2013 6.0.1.7040) (HKLM\...\95277BD995B6DAA6FA9D43483C6816836638EB08) (Version: 09/13/2013 6.0.1.7040 - Realtek Semiconductor Corp.)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION

Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

 

==================== Restore Points =========================

 

02-03-2014 20:12:32 PC Pitstop Restore Point

04-03-2014 00:32:54 PC Pitstop Restore Point

04-03-2014 18:06:16 Windows Update

04-03-2014 21:37:06 AA11

05-03-2014 21:38:44 Removed Java 6 Update 17

05-03-2014 21:39:38 Removed Java 6 Update 45 (64-bit)

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {7DFF1E66-78E7-4E2A-9861-9F726C463917} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {80FADD49-CB42-4A0E-8DB8-711033201E34} - System32\Tasks\Hewlett-Packard\HP Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2010-03-24] (Hewlett-Packard)

Task: {C3CD73F1-A142-4364-AFA8-F142CA11167B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)

Task: {D21C6551-819D-4033-8E69-0301AC53F533} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-25] (AVAST Software)

Task: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {F6DAF9A0-3BA2-4F2D-87F3-5526DEFEE15B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

==================== Loaded Modules (whitelisted) =============

 

2014-01-23 16:09 - 2014-01-23 16:09 - 00702744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

2014-01-23 16:30 - 2014-01-23 16:30 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll

2014-01-23 16:30 - 2014-01-23 16:30 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 03720040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareServiceKernel.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll

2014-01-23 16:30 - 2014-01-23 16:30 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 02595144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_regex-vc100-mt-1_55.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00602984 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareActivation.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00291192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareApplicationUpdater.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareGamingMode.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareReset.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTime.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00268152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdater.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDefinitionsUpdaterScheduler.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareIgnoreList.dll

2014-01-23 16:29 - 2014-01-23 16:29 - 00253800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareQuarantine.dll

20

Link to comment
Share on other sites

I posted the logs to make it easier to read.

 

At the bottom if you click on more reply options it should allow you to copy and paste the logs in.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM\...\Run: [] - [X]

URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File

SearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=

SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl

SearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl

BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File

CHR DefaultSearchProvider: "name": "Mysearchdial"

R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)

2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge

2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys

C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe

Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION

Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION

Task: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

Reboot:

end

Your computer should reboot.

Please post the fixlist.txt when finished

Link to comment
Share on other sites

Juliet, I have the fixlist file saved on the desktop next to the FRST files. What do I need to do now? The computer didn't reboot so I must have missed a step.

Edited by AAQueen
Link to comment
Share on other sites

Ok, just tried again and this time, the computer did reboot and generate the following file:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
Ran by Brenda at 2014-03-06 14:01:30 Run:1
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] - [X]
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
SearchScopes: HKLM - DefaultScope {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2A44E6C8-9075-499D-B972-F79CFF9C2333} URL = http://start.mysearc...=1077848913&ir=
SearchScopes: HKLM - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {70391386-5D94-48FB-B46E-E41955FEDD5B} URL = http://www.ask.com/w...}&l=dis&o=ushpl
BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR DefaultSearchProvider: "name": "Mysearchdial"
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)
2014-03-05 16:44 - 2014-03-05 16:44 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-02-05 18:13 - 2014-02-05 18:13 - 00058256 _____ (Quiknowledge) C:\Windows\system32\Drivers\qknfd.sys
C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe
Quiknowledge (HKLM-x32\...\Quiknowledge) (Version: 1.9.0.1 - Quiknowledge) <==== ATTENTION
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION
Task: {EA169ABC-7915-4EAE-8788-CA00C84D0289} - System32\Tasks\Digital Sites => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Brenda\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
Reboot:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A44E6C8-9075-499D-B972-F79CFF9C2333} => Key deleted successfully.
HKCR\CLSID\{2A44E6C8-9075-499D-B972-F79CFF9C2333} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.
HKCR\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key deleted successfully.
HKCR\CLSID\{70391386-5D94-48FB-B46E-E41955FEDD5B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key deleted successfully.
HKCR\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@TelevisionFanatic.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found.
CHR DefaultSearchProvider: "name": "Mysearchdial" ==> The Chrome "Settings" can be used to fix the entry.
qknfd => Unable to stop service
qknfd => Service deleted successfully.
C:\Program Files\Quiknowledge => Moved successfully.
C:\Windows\system32\Drivers\qknfd.sys => Moved successfully.
C:\Users\Brenda\AppData\Local\Temp\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA169ABC-7915-4EAE-8788-CA00C84D0289} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA169ABC-7915-4EAE-8788-CA00C84D0289} => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.
C:\Windows\Tasks\Digital Sites.job => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

 

Link to comment
Share on other sites

This looks good now, let's go after remnants.

 

Tell me how the computer is now?

 

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

Going to run the new scans now but wanted to let you know that everytime the computer boots there is an error box that pops up saying there is a Windows.... "Bad Image" and it takes forever to re-boot.

Link to comment
Share on other sites

Downloaded TFC from the link that you provided and saved it to my desktop. I am running Windows 7 so I right clicked and went to Run As Administrator and get the following message:

 

 

C:\Users\Brenda\Desktop\TFC.exe is not a valid Win32 application

Link to comment
Share on other sites

Is that happening with other apps too, or is it just TFC? Delete that copy, reboot and download a new one (it shouldn't matter where you save it). Then try once more.

 

if it still continues to do that just skip it and continue with that last scan.

Link to comment
Share on other sites

Result of ESET Scan

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39bprtct.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39impipe.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39reghk.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\AppIntegrator64.exe.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\AppIntegratorStub64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\Hpg64.dll.vir Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\NP39Stub.dll.vir Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\17c07be4-e606-4dfd-86e9-4bc0592bbd94.exe06-03-2014_14-01-35 a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Brenda\Downloads\SoftwareUpdate.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe a variant of Win32/InstallCore.KT potentially unwanted application
C:\Users\Brenda\Downloads\ZipExtractorSetup.exe a variant of Win32/InstallCore.KT potentially unwanted application

Link to comment
Share on other sites

Thats pretty good actually considering where we came from

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe

C:\Users\Brenda\Downloads\SoftwareUpdate.exe

C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe

C:\Users\Brenda\Downloads\ZipExtractorSetup.exe

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Please give me an update on how the computer is now.

Link to comment
Share on other sites

New Fixlist Log

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
Ran by Brenda at 2014-03-06 19:51:12 Run:2
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
C:\Users\Brenda\Downloads\SoftwareUpdate.exe
C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe
C:\Users\Brenda\Downloads\ZipExtractorSetup.exe
Reboot:
end
*****************

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll => Moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll => Moved successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe => Moved successfully.
C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe => Moved successfully.
C:\Users\Brenda\Downloads\SoftwareUpdate.exe => Moved successfully.
C:\Users\Brenda\Downloads\ZipExtractorSetup(1).exe => Moved successfully.
C:\Users\Brenda\Downloads\ZipExtractorSetup.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...