Jump to content

Login.Alive.Com redirect


Recommended Posts

Internet Explorer: 10.0.9200.16660
Run by JOANS at 16:12:26 on 2013-10-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3932.2533 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\JOANS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.6\ytdToolbarIE.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.6\ytdToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.6\ytdToolbarIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [skyDrive] "C:\Users\JOANS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [ApplePhotoStreams] "C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [com.apple.dav.bookmarks.daemon] "C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] "C:\Program Files (x86)\Launch Manager\LManager.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DigiDo] "C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe" startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [ContentTransferWMDetector.exe] "C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204



TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4AE7D80E-683D-4060-B807-EF838ADB394E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774}\0516C6D62565 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774}\24279736566516C6C65697B4F414 : DHCPNameServer = 8.8.8.8 209.210.176.8
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774}\2656C6B696E6E2932616E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774}\3416C69656E6475635072796E67637 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{FC51B6F0-250F-4194-BD9D-5F3432B02774}\541676C656026516C6C65697022565 : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] "C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe"

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-5-18 113152]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-11-4 68648]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-11-4 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-9-2 51752]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2012-2-9 78888]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-2 70112]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-19 331264]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-19 435240]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-2 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-2 515968]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-3-19 22800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-12-6 57856]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-2 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-2 106552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-10-04 22:22:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-03 15:31:46 -------- d-----w- C:\Users\JOANS\AppData\Roaming\Malwarebytes
2013-10-03 15:25:45 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-03 15:25:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-30 19:11:40 -------- d-----r- C:\Users\JOANS\Dropbox
2013-09-30 19:02:01 -------- d-----w- C:\Users\JOANS\AppData\Roaming\Dropbox
2013-09-15 14:28:29 -------- d-----w- C:\Users\JOANS\AppData\Roaming\Windows Live Writer
2013-09-15 14:28:29 -------- d-----w- C:\Users\JOANS\AppData\Local\Windows Live Writer
2013-09-12 01:47:51 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
2013-09-12 01:47:51 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-09-08 01:13:06 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-10-04 20:48:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-04 20:48:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-04 19:59:07 152744 ----a-w- C:\Windows\SysWow64\WRusr.dll
2013-10-04 19:59:07 113152 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2013-10-04 19:59:07 103304 ----a-w- C:\Windows\System32\WRusr.dll
2013-08-29 20:34:58 39896 ----a-w- C:\Windows\SysWow64\DiscHandler.exe
2013-08-02 18:14:43 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-08-02 18:14:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 16:14:18.25 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/2/2012 11:52:39 AM
System Uptime: 10/4/2013 3:31:26 PM (1 hours ago)
.
Motherboard: Gateway |  | EG50_HC_HR
Processor: Intel® Celeron® CPU B820 @ 1.70GHz | U3E1 | 1700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 173.589 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - MVP 2
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AUPEO!
Backup Manager V3
Bejeweled 3
Bing Bar
Bonjour
Broadcom Card Reader Driver Installer
Broadcom NetLink Controller
Card & Board Games 3
Card And Board Games 2
Card Games Collection
CCleaner
Chronicles of Albian
Chuzzle Deluxe
Cisco Connect
clear.fi Media
clear.fi Photo
Codecs for Windows 7 Pack 4.0.5
Compatibility Pack for the 2007 Office system
Content Transfer
Cradle of Rome 2
CyberLink MediaEspresso
D3DX10
DigiDo
Dora's World Adventure
eGames GameButler
Elevated Installer
Evernote v. 4.5.2
FATE
Final Drive: Nitro
Fooz Kids
Fooz Kids Platform
Freemake Video Downloader
Galeria de Fotos
Galerie de photos
Galería de fotos
Garmin Express
Garmin Express Tray
Garmin POI Loader
Garmin Update Service
Garmin USB Drivers
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
GIMP 2.8.4
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
Hoyle Board Games 2005
Hoyle Card Games 2005
iCloud
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
Junk Mail filter update
Launch Manager
McAfee AntiVirus
Media Player Codec Pack 4.2.3
Media Player Codec Pack Packages
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Movie Maker
MSN
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
NWZ-E340 WALKMAN Guide
Penguins!
Photo Common
Photo Gallery
Picasa 3
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros Direct Connect
Qualcomm Atheros WiFi Driver Installation
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Shared C Run-time for x64
Skype™ 5.10
Synaptics Pointing Device Driver
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
Video Web Camera
Virtual Villagers 5 - New Believers
Webroot SecureAnywhere
Welcome Center
WildBit Viewer
WildTangent Games App
Windows 7 Codec Pack 4.0.8
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinMend Folder Hidden 1.4.9
WinPcap 4.1.2
YTD Toolbar v7.6
YTD Video Downloader 4.0
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/29/2013 2:48:23 PM, Error: Service Control Manager [7000]  - The McAfee SiteAdvisor Service service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.
9/29/2013 12:13:58 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Gateway.
9/29/2013 12:13:58 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/4/2013 3:30:33 PM, Error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 1 time(s).
10/4/2013 3:18:21 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/4/2013 3:12:59 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.
10/4/2013 12:57:17 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/4/2013 12:54:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FreemakeVideoCapture service to connect.
10/4/2013 12:54:48 PM, Error: Service Control Manager [7000]  - The FreemakeVideoCapture service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/4/2013 12:53:46 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
10/3/2013 7:48:52 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR4.
10/3/2013 7:33:52 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
10/3/2013 7:09:43 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
10/3/2013 12:11:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
10/2/2013 8:44:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/2/2013 8:44:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
10/2/2013 6:01:35 PM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/1/2013 3:22:19 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
10/1/2013 3:22:19 PM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Replies 102
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello and :welcome:


P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JOANS [Admin rights]
Mode : Scan -- Date : 10/04/2013 17:19:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD3200BPVT-22JJ5T0 +++++
--- User ---
[MBR] 8983386beb8747c839525f4de321fb15
[bSP] f53e75f84a16dd16378f9eb1e67d42b1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10042013_171908.txt >>

 

 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Copies of all of the logs from phase two instructions:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
JOANS :: JOANS-PC [administrator]

10/5/2013 6:00:13 AM
mbar-log-2013-10-05 (06-00-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 260449
Time elapsed: 1 hour(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by JOANS on Sat 10/05/2013 at  7:42:08.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] application updater
Successfully deleted: [service] application updater

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{73607BCA-ED59-43FA-A813-74155E59542D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

 

~~~ Files

Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\JOANS\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\JOANS\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Users\JOANS\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\JOANS\appdata\local\{149314C5-C774-4DAD-AA7E-DEF715FDA108}
Successfully deleted: [Empty Folder] C:\Users\JOANS\appdata\local\{39DE7C7D-E70E-4132-B985-A16F839A8D8A}
Successfully deleted: [Empty Folder] C:\Users\JOANS\appdata\local\{3A7443DD-2327-4AC4-85F3-602B0981DFA7}
Successfully deleted: [Empty Folder] C:\Users\JOANS\appdata\local\{58B238C6-75AB-4C19-A559-60B9466ECD00}
Successfully deleted: [Folder] "C:\Users\JOANS\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/05/2013 at  7:49:41.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.006 - Report created 05/10/2013 at 08:27:04
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JOANS - JOANS-PC
# Running from : C:\Users\JOANS\Desktop\Step 5\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found C:\Program Files (x86)\Common Files\spigot

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\Search Settings
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

*************************

AdwCleaner[R0].txt - [2024 octets] - [05/10/2013 08:27:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2084 octets] ##########

Eset Scan results:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Users\JOANS\AppData\Local\Temp\FreemakeVideoDownloader_3.5.1.0.exe Win32/OpenCandy application

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by JOANS at 2013-10-05 13:08:35
Running from C:\Users\JOANS\Desktop\Step 7
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 clear.fi SDK - MVP 2 (x32 Version: 2.0.1415)
 clear.fi SDK- Movie 2 (x32 Version: 2.0.1406)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar Updater (HKCU Version: 1.2.3.33066)
AUPEO! (x32 Version: 1.08)
Backup Manager V3 (x32 Version: 3.0.0.100)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bejeweled 3 (x32)
Bing Bar (x32 Version: 7.0.765.0)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 15.0.6.2)
Broadcom NetLink Controller (Version: 15.0.7.1)
Card & Board Games 3 (x32)
Card And Board Games 2 (x32)
Card Games Collection (x32)
CCleaner (Version: 4.00)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco Connect (x32 Version: 1.4.11266.0)
clear.fi Media (x32 Version: 2.00.3003)
clear.fi Photo (x32 Version: 2.00.3003)
Codecs for Windows 7 Pack 4.0.5 (x32 Version: 4.0.5)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Content Transfer (x32 Version: 1.2.0.07300)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink MediaEspresso (x32 Version: 6.5.3318_45364)
D3DX10 (x32 Version: 15.4.2368.0902)
DigiDo (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
eGames GameButler (x32)
Elevated Installer (x32 Version: 2.1.13)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5866)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Fooz Kids (x32 Version: 3.0.8)
Fooz Kids Platform (x32 Version: 2.1)
Freemake Video Downloader (x32 Version: 3.5.1)
Galeria de Fotos (x32 Version: 16.4.3505.0912)
Galería de fotos (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin POI Loader (x32 Version: 2.7.1)
Garmin Update Service (x32 Version: 2.1.13)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Gateway Games (x32 Version: 1.0.2.5)
Gateway MyBackup (x32 Version: 3.0.0.100)
Gateway Power Management (x32 Version: 6.00.3010)
Gateway Recovery Management (x32 Version: 5.00.3507)
Gateway Registration (x32 Version: 1.04.3506)
Gateway ScreenSaver (x32 Version: 1.1.0915.2011)
Gateway Social Networks (x32 Version: 3.0.3106)
Gateway Updater (x32 Version: 1.02.3501)
GIMP 2.8.4 (Version: 2.8.4)
Google Drive (x32 Version: 1.11.4865.2530)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hoyle Board Games 2005 (x32 Version: 1.0.0.0)
Hoyle Card Games 2005 (x32 Version: 1.2.0.0)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3501)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2653)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
IrfanView (remove only) (x32 Version: 4.36)
iTunes (Version: 11.1.1.11)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Launch Manager (x32 Version: 5.1.13)
McAfee SiteAdvisor (x32 Version: 3.6.196)
Media Player Codec Pack 4.2.3 (x32 Version: 4.2.3)
Media Player Codec Pack Packages (HKCU)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works 6-9 Converter (x32 Version: 14.0.6120.5002)
Movie Maker (x32 Version: 16.4.3505.0912)
MSN (x32 Version: 10.50.0679.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero Control Center 10 (x32 Version: 10.6.13200.0.12)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800)
Nero Core Components 10 (x32 Version: 2.0.20500.9.16)
Nero DiscSpeed 10 (x32 Version: 6.4.10500.1.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Express 10 (x32 Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)
Nero StartSmart 10 (x32 Version: 10.6.10600.4.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Update (x32 Version: 11.0.10022.15.0)
NOOK for PC (x32 Version: 2.5.6.9575)
NWZ-E340 WALKMAN Guide (x32 Version: 2.0.00.07010)
Penguins! (x32 Version: 2.2.0.98)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Picasa 3 (x32 Version: 3.9)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Qualcomm Atheros Direct Connect (x32 Version: 3.0)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.0)
QuickTime (x32 Version: 7.74.80.86)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.3.41.5)
Torchlight (x32 Version: 2.2.0.98)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Video Web Camera (x32 Version: 1.5.2108.00)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Welcome Center (x32 Version: 1.02.3507)
WildBit Viewer (x32 Version: 5.12)
WildTangent Games App (x32 Version: 4.0.10.2)
Windows 7 Codec Pack 4.0.8 (x32 Version: 4.0.8)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinMend Folder Hidden 1.4.9 (x32)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
YTD Toolbar v7.6 (x32 Version: 7.6)
YTD Video Downloader 4.0 (x32 Version: 4.0)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

05-10-2013 00:31:48 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2013-05-18 09:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02351D2B-7DE6-4A0E-B9B4-6F2B1A92DB8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04] (Google Inc.)
Task: {098F9049-F519-43A0-8A23-A678EBB59919} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1E5CD313-740E-49B2-8136-19B793048144} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {1F0DAFD4-D048-4026-B93D-88F01A70CA40} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {2C623F7C-C7F7-49E5-806E-6B5E1C8178BE} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {2E1DA578-1BC7-4A9F-8E42-7145D24E3B03} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3156841C-2AC0-4A39-AA7C-D98CBAEFF8E8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3A856728-FE33-4BCC-9905-101D8C328A17} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-18] (CyberLink)
Task: {427DCAF9-727C-4163-B150-7D909196CAC1} - System32\Tasks\RealCreateProcessScheduledTask7130883S-1-5-21-2183701590-1873992799-1918826727-1000 => c:\program files (x86)\real\realplayer\realplay.exe [2013-08-02] (RealNetworks, Inc.)
Task: {4F3DA3B8-2B5D-42F7-BC76-FFABD409623C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50900D23-DE24-4D40-A2B8-BD9D449C9A73} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6A5244B1-1648-4598-9B7C-00019C1786D3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7562B73D-C2D7-463E-94B3-4727FD77556F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7A50EDF1-B195-4C40-B61F-4EACAC87E030} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7E767D5E-1CB2-493F-9582-4E576EC6C95B} - System32\Tasks\ReclaimerUpdateXML_JOANS => C:\Users\JOANS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-07-15] (RealNetworks, Inc.)
Task: {827EAC53-A465-41DE-9245-D2E1F76401B8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {934CECD0-A26C-45E2-B54D-6EBB0C5EFFD7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {98152A5B-8D76-43A0-A041-EFC9CB98A7B9} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {A2F7C177-C32A-41D0-BEA7-42D15B76AB0A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B36159E8-1293-4023-8151-F24ACF346FAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04] (Google Inc.)
Task: {B9A98E11-9F93-4560-84D4-CEE06D647E2B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {C0330DB0-8B5E-4CBF-875E-B9DB1DE91194} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D3710A82-F3E3-4BE8-9BE9-05A6AFD6C5B9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E6DC5218-61BB-4454-AE52-CB7D963F6BB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-19 00:02 - 2012-02-14 10:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-11-10 12:41 - 2011-10-17 15:04 - 00022896 _____ () C:\Program Files (x86)\TWC\DigiDo\AffinegyServicePS.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-11-10 12:41 - 2010-08-11 21:29 - 00325632 _____ () C:\Program Files (x86)\TWC\DigiDo\QtXml4.dll
2012-11-10 12:41 - 2010-08-11 21:29 - 01954304 _____ () C:\Program Files (x86)\TWC\DigiDo\QtCore4.dll
2012-11-10 12:41 - 2010-08-11 21:29 - 07187456 _____ () C:\Program Files (x86)\TWC\DigiDo\QtGui4.dll
2012-11-10 12:41 - 2010-08-11 21:29 - 00847360 _____ () C:\Program Files (x86)\TWC\DigiDo\QtNetwork4.dll
2012-11-10 12:41 - 2011-10-17 14:49 - 00333824 _____ () C:\Program Files (x86)\TWC\DigiDo\DigiDoFlavor.dll
2012-11-10 12:41 - 2010-12-09 19:34 - 00119808 _____ () C:\Program Files (x86)\TWC\DigiDo\imageformats\qjpeg4.dll
2013-10-05 07:28 - 2013-10-05 07:28 - 00098816 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32api.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00110080 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\pywintypes27.dll
2013-10-05 07:28 - 2013-10-05 07:28 - 00364544 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\pythoncom27.dll
2013-10-05 07:28 - 2013-10-05 07:28 - 00044032 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_socket.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 01153024 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_ssl.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00320512 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32com.shell.shell.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00711680 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_hashlib.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 01175040 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._core_.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00805888 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._gdi_.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00811008 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._windows_.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 01062400 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._controls_.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00735232 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._misc_.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00128512 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_elementtree.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00127488 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\pyexpat.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00557056 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\pysqlite2._sqlite.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00087040 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_ctypes.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00119808 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32file.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00108544 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32security.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00018432 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32event.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00038912 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32inet.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00122368 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._wizard.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00686080 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\unicodedata.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00026624 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\_multiprocessing.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00070656 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\wx._html2.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00010240 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\select.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00025600 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32pdh.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00504832 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\windows._cacheinvalidation.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00011264 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32crypt.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00035840 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32process.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00017408 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32profile.pyd
2013-10-05 07:28 - 2013-10-05 07:28 - 00022528 _____ () C:\Users\JOANS\AppData\Local\Temp\_MEI25002\win32ts.pyd
2012-11-10 12:41 - 2011-10-17 14:54 - 01686016 _____ () C:\Program Files (x86)\TWC\DigiDo\gateways\ArrisTG852GLOC.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2013-08-14 10:34 - 2013-08-14 10:34 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll
2012-03-18 23:21 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-02 12:58 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-17 06:24 - 2013-07-10 13:12 - 00066712 _____ () C:\ProgramData\MSNDynFiles\coresvc.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/05/2013 08:16:58 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-04 05:11:59.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-04 05:11:59.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-04 05:11:59.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-03 08:43:10.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-03 08:43:10.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-03 08:43:10.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 3932.36 MB
Available physical RAM: 1353.54 MB
Total Pagefile: 7862.9 MB
Available Pagefile: 5224.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:279.99 GB) (Free:172.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F404D98E)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by JOANS (administrator) on JOANS-PC on 05-10-2013 13:05:13
Running from C:\Users\JOANS\Desktop\Step 7
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Users\JOANS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Affinegy, Inc.) C:\Program Files (x86)\TWC\DigiDo\DigiDo.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-13] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-04] (Google Inc.)
HKCU\...\Run: [skyDrive] - C:\Users\JOANS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-15] (Microsoft Corporation)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - "C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"
HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
MountPoints2: {a3310ae5-394f-11e2-9146-dc0ea1bc28f2} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289816 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1106512 2012-03-02] (Dritek System Inc.)
HKLM-x32\...\Run: [DigiDo] - C:\Program Files (x86)\TWC\DigiDo\TrayApp.exe [1458544 2011-10-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-08-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162408 2011-09-12] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162408 2011-09-12] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/default.aspx?mypg=1&lc=1033
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {9B0DD403-BD90-4458-BFF7-816CD61BB0BA} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {E3BCD9B7-18ED-490D-977F-C07B32455DAE} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanbblidcdbjeikekgeniapdeppcbo\7.15.12.0_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: () - C:\Users\JOANS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR HKLM-x32\...\Chrome\Extension: [aaaanbblidcdbjeikekgeniapdeppcbo] - C:\Users\JOANS\AppData\Local\APN\GoogleCRXs\aaaanbblidcdbjeikekgeniapdeppcbo_7.15.12.0.crx
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

S2 0147541380983405mcinstcleanup; C:\Windows\TEMP\014754~1.EXE [833616 2013-01-30] (McAfee, Inc.)
R2 AffinegyService; C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe [580464 2011-10-17] (Affinegy, Inc.)
S3 DCDhcpService; C:\Program Files (x86)\Gateway\WDAgent\DCDhcpService.exe [111776 2012-01-18] (Atheros Communication Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-05-14] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-13] (Synaptics Incorporated)
U0 SR;
U2 srservice;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-05 13:04 - 2013-10-05 13:04 - 00000000 ____D C:\FRST
2013-10-05 12:41 - 2013-10-05 13:04 - 00000000 ____D C:\Users\JOANS\Desktop\Step 7
2013-10-05 08:35 - 2013-10-05 08:35 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 08:33 - 2013-10-05 12:49 - 00000000 ____D C:\Users\JOANS\Desktop\Step 6
2013-10-05 08:26 - 2013-10-05 08:32 - 00000000 ____D C:\AdwCleaner
2013-10-05 07:42 - 2013-10-05 07:42 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 07:29 - 2013-10-05 07:29 - 00000000 ____D C:\Program Files\McAfee
2013-10-05 06:00 - 2013-10-05 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-04 17:42 - 2013-08-09 22:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-04 17:42 - 2013-08-09 22:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-04 17:42 - 2013-08-09 22:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-04 17:42 - 2013-08-09 22:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-04 17:42 - 2013-08-09 22:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-04 17:42 - 2013-08-09 22:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-04 17:42 - 2013-08-09 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-04 17:42 - 2013-08-09 20:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-04 17:42 - 2013-08-09 20:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-04 17:42 - 2013-08-09 20:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-04 17:42 - 2013-08-09 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-04 17:42 - 2013-08-09 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-04 17:42 - 2013-08-09 19:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-04 17:42 - 2013-08-09 19:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-04 16:58 - 2013-10-04 16:58 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 16:57 - 2013-10-04 16:57 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-04 16:38 - 2013-10-05 08:31 - 00000000 ____D C:\Users\JOANS\Desktop\Malwarebites
2013-10-04 15:23 - 2013-10-04 15:23 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-04 15:22 - 2013-10-04 15:23 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 13:22 - 2013-08-07 18:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-04 13:22 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-04 13:22 - 2013-08-01 19:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-04 13:22 - 2013-08-01 19:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-04 13:22 - 2013-08-01 19:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-04 13:22 - 2013-08-01 19:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-04 13:22 - 2013-08-01 19:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-04 13:22 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-04 13:22 - 2013-08-01 19:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-04 13:22 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-04 13:22 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-04 13:22 - 2013-08-01 18:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-04 13:22 - 2013-08-01 18:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-04 13:22 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-04 13:22 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-04 13:22 - 2013-08-01 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-04 13:22 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-04 13:22 - 2013-08-01 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-04 13:22 - 2013-08-01 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-04 13:22 - 2013-08-01 17:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-04 13:22 - 2013-08-01 17:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-04 13:22 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-04 13:22 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-04 13:22 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-04 13:22 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-04 13:22 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-04 13:22 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-04 10:12 - 2013-10-04 10:12 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Nero
2013-10-03 08:31 - 2013-10-03 08:31 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Malwarebytes
2013-10-03 08:25 - 2013-10-04 12:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 08:25 - 2013-10-03 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-30 12:11 - 2013-10-04 08:15 - 00000000 ___RD C:\Users\JOANS\Dropbox
2013-09-30 12:02 - 2013-10-04 12:26 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-30 12:02 - 2013-10-04 08:15 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Dropbox
2013-09-15 07:28 - 2013-09-15 07:28 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Windows Live Writer
2013-09-15 07:28 - 2013-09-15 07:28 - 00000000 ____D C:\Users\JOANS\AppData\Local\Windows Live Writer
2013-09-07 18:13 - 2013-10-04 12:31 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-09-07 18:13 - 2013-09-07 18:13 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-09-07 18:13 - 2013-09-07 18:13 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe

==================== One Month Modified Files and Folders =======

2013-10-05 13:04 - 2013-10-05 13:04 - 00000000 ____D C:\FRST
2013-10-05 13:04 - 2013-10-05 12:41 - 00000000 ____D C:\Users\JOANS\Desktop\Step 7
2013-10-05 13:01 - 2012-06-02 12:49 - 01100315 _____ C:\Windows\WindowsUpdate.log
2013-10-05 12:49 - 2013-10-05 08:33 - 00000000 ____D C:\Users\JOANS\Desktop\Step 6
2013-10-05 12:48 - 2012-03-19 00:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 12:39 - 2012-11-04 07:43 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-05 08:35 - 2013-10-05 08:35 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-05 08:32 - 2013-10-05 08:26 - 00000000 ____D C:\AdwCleaner
2013-10-05 08:31 - 2013-10-04 16:38 - 00000000 ____D C:\Users\JOANS\Desktop\Malwarebites
2013-10-05 07:42 - 2013-10-05 07:42 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 07:37 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 07:37 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 07:29 - 2013-10-05 07:29 - 00000000 ____D C:\Program Files\McAfee
2013-10-05 07:29 - 2013-03-18 14:40 - 00000000 ___RD C:\Users\JOANS\Google Drive
2013-10-05 07:29 - 2012-12-06 07:24 - 00000000 ___RD C:\Users\JOANS\SkyDrive
2013-10-05 07:29 - 2012-11-02 13:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-05 07:29 - 2012-11-02 13:04 - 00000000 ____D C:\ProgramData\McAfee
2013-10-05 07:28 - 2013-08-05 06:50 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000
2013-10-05 07:28 - 2013-08-05 06:50 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2183701590-1873992799-1918826727-1000
2013-10-05 07:28 - 2013-03-30 12:43 - 00049048 _____ C:\Windows\PFRO.log
2013-10-05 07:28 - 2013-03-26 18:25 - 00023818 _____ C:\Windows\setupact.log
2013-10-05 07:28 - 2012-11-04 07:43 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-05 07:28 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 07:23 - 2012-11-02 13:46 - 00000000 ___RD C:\Users\JOANS\Desktop\Anti Virus
2013-10-05 07:08 - 2013-10-05 06:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-05 05:45 - 2012-11-28 04:40 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\U3
2013-10-05 05:45 - 2009-07-13 22:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 17:51 - 2012-11-02 11:55 - 00000000 ___RD C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-04 17:51 - 2012-11-02 11:55 - 00000000 ___RD C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-04 17:50 - 2009-07-13 21:45 - 00316712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-04 17:41 - 2013-08-14 08:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-04 17:41 - 2009-07-13 19:34 - 00000686 _____ C:\Windows\win.ini
2013-10-04 17:38 - 2012-11-03 08:46 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-04 17:30 - 2012-11-23 07:59 - 00000000 ___RD C:\Users\JOANS\Desktop\Data 02.14.13
2013-10-04 16:58 - 2013-10-04 16:58 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 16:57 - 2013-10-04 16:57 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-04 16:47 - 2013-05-13 20:04 - 00037376 ___SH C:\Users\JOANS\Thumbs.db
2013-10-04 15:36 - 2012-12-11 20:19 - 00000000 ____D C:\Users\JOANS\AppData\Local\Apple Computer
2013-10-04 15:23 - 2013-10-04 15:23 - 00001790 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-04 15:23 - 2013-10-04 15:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 15:23 - 2013-09-01 08:56 - 00000000 ____D C:\Program Files\iTunes
2013-10-04 15:23 - 2013-09-01 08:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-04 15:22 - 2013-09-01 08:56 - 00000000 ____D C:\Program Files\iPod
2013-10-04 13:48 - 2012-03-19 00:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-04 13:48 - 2012-03-19 00:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-04 13:48 - 2012-03-19 00:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-04 12:53 - 2012-11-02 11:52 - 00000000 ____D C:\Users\JOANS
2013-10-04 12:51 - 2013-10-03 08:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-04 12:51 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-10-04 12:51 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-10-04 12:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\TAPI
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\com
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sppui
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Setup
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ras
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\oobe
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\manifeststore
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\icsxml
2013-10-04 12:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ias
2013-10-04 12:43 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\addins
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-10-04 12:43 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\uk-UA
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\th-TH
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sk-SK
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ro-RO
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lv-LV
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lt-LT
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\hr-HR
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\et-EE
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\com
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-04 12:43 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-10-04 12:42 - 2011-02-11 20:12 - 00000000 ____D C:\Windows\DeployWinRE2
2013-10-04 12:42 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-10-04 12:42 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\bg-BG
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas
2013-10-04 12:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
2013-10-04 12:36 - 2013-02-21 20:46 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-10-04 12:36 - 2012-12-11 20:15 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-10-04 12:36 - 2012-12-07 07:05 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-10-04 12:36 - 2012-06-02 12:53 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-04 12:36 - 2012-03-19 00:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-10-04 12:36 - 2012-03-19 00:12 - 00000000 ____D C:\Windows\system32\Macromed
2013-10-04 12:36 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2013-10-04 12:36 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-10-04 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2013-10-04 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\spp
2013-10-04 12:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-04 12:34 - 2012-12-06 07:39 - 00000000 ____D C:\Windows\fr
2013-10-04 12:34 - 2012-03-19 00:00 - 00000000 ____D C:\Windows\oem
2013-10-04 12:34 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\ShellNew
2013-10-04 12:34 - 2009-07-13 21:45 - 00000000 ____D C:\Windows\Setup
2013-10-04 12:33 - 2013-05-16 17:40 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-04 12:33 - 2013-03-01 07:02 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\WildBit Viewer
2013-10-04 12:33 - 2013-02-10 06:54 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\IrfanView
2013-10-04 12:33 - 2012-12-29 09:39 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\MediaPlayerCodecPackPackages
2013-10-04 12:33 - 2012-12-06 07:41 - 00000000 ____D C:\Windows\en
2013-10-04 12:33 - 2012-12-06 07:39 - 00000000 ____D C:\Windows\es
2013-10-04 12:33 - 2012-11-28 21:36 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\SNS
2013-10-04 12:33 - 2012-11-28 06:54 - 00000000 ___RD C:\Users\JOANS\Desktop\Extras
2013-10-04 12:33 - 2012-11-05 15:46 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\clear.fiMVPSDK20
2013-10-04 12:33 - 2012-11-02 20:36 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\WildTangent
2013-10-04 12:33 - 2012-11-02 13:44 - 00000000 ___RD C:\Users\JOANS\Desktop\Joan's Games
2013-10-04 12:33 - 2012-11-02 12:43 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\MSN6
2013-10-04 12:33 - 2012-11-02 11:52 - 00000000 ___RD C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-04 12:33 - 2012-11-02 11:52 - 00000000 ___RD C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-04 12:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Branding
2013-10-04 12:33 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-04 12:32 - 2013-08-17 06:24 - 00000000 ____D C:\ProgramData\MSNDynFiles
2013-10-04 12:32 - 2012-12-02 07:06 - 00000000 ____D C:\ProgramData\Real
2013-10-04 12:32 - 2012-11-04 07:43 - 00000000 ____D C:\Users\JOANS\AppData\Local\Google
2013-10-04 12:32 - 2012-11-03 12:20 - 00000000 ____D C:\Users\JOANS\AppData\Local\clear.fi
2013-10-04 12:32 - 2012-06-02 13:08 - 00000000 ____D C:\ProgramData\CyberLink
2013-10-04 12:32 - 2012-03-18 23:28 - 00000000 ____D C:\ProgramData\WildTangent
2013-10-04 12:31 - 2013-09-07 18:13 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2013-10-04 12:31 - 2013-07-19 07:21 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-10-04 12:31 - 2013-05-29 06:15 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-04 12:31 - 2013-05-16 17:40 - 00000000 ____D C:\Program Files\WinPcap
2013-10-04 12:31 - 2013-04-15 07:39 - 00000000 ____D C:\Program Files\DIFX
2013-10-04 12:31 - 2013-03-26 15:33 - 00000000 ____D C:\Program Files\CCleaner
2013-10-04 12:31 - 2013-03-01 07:01 - 00000000 ____D C:\Program Files (x86)\WildBit Viewer
2013-10-04 12:31 - 2013-02-25 18:19 - 00000000 ____D C:\Program Files\GIMP 2
2013-10-04 12:31 - 2013-02-10 06:54 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-10-04 12:31 - 2012-12-11 20:14 - 00000000 ____D C:\Program Files\Bonjour
2013-10-04 12:31 - 2012-12-06 07:30 - 00000000 ____D C:\Program Files\Windows Live
2013-10-04 12:31 - 2012-12-06 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-10-04 12:31 - 2012-12-02 07:08 - 00000000 ____D C:\Program Files (x86)\Real
2013-10-04 12:31 - 2012-11-19 09:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-04 12:31 - 2012-11-19 09:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-04 12:31 - 2012-11-18 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-10-04 12:31 - 2012-11-18 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft ActiveSync
2013-10-04 12:31 - 2012-11-03 11:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-04 12:31 - 2012-11-02 14:47 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2013-10-04 12:31 - 2012-11-02 12:35 - 00000000 ____D C:\Program Files (x86)\MSN
2013-10-04 12:31 - 2012-06-02 13:11 - 00000000 ____D C:\Program Files (x86)\Video Web Camera
2013-10-04 12:31 - 2012-06-02 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-04 12:31 - 2012-06-02 13:05 - 00000000 ____D C:\Program Files (x86)\Social Networks
2013-10-04 12:31 - 2012-06-02 13:01 - 00000000 ____D C:\Program Files\Synaptics
2013-10-04 12:31 - 2012-06-02 12:57 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2013-10-04 12:31 - 2012-03-19 00:13 - 00000000 ____D C:\Program Files (x86)\SymSilent
2013-10-04 12:31 - 2012-03-19 00:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-10-04 12:31 - 2012-03-18 23:23 - 00000000 ____D C:\Program Files\Broadcom
2013-10-04 12:31 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Windows NT
2013-10-04 12:31 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-04 12:30 - 2013-05-16 17:40 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-10-04 12:30 - 2013-05-15 22:18 - 00000000 ____D C:\b8f07dacb6bf616481
2013-10-04 12:30 - 2013-03-29 05:48 - 00000000 ____D C:\Program Files (x86)\Folder Hidden
2013-10-04 12:30 - 2013-02-28 17:07 - 00000000 ____D C:\hotfix
2013-10-04 12:30 - 2013-02-16 18:19 - 00000000 ____D C:\Program Files (x86)\AUPEO!
2013-10-04 12:30 - 2013-01-09 17:22 - 00000000 ____D C:\Program Files (x86)\GIMP 2
2013-10-04 12:30 - 2012-12-11 20:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-10-04 12:30 - 2012-12-11 20:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-10-04 12:30 - 2012-06-02 13:00 - 00000000 ____D C:\Program Files (x86)\Atheros
2013-10-04 12:30 - 2012-03-19 00:00 - 00000000 ___HD C:\OEM
2013-10-04 12:30 - 2012-03-18 23:28 - 00000000 ____D C:\Program Files (x86)\Gateway Games
2013-10-04 12:26 - 2013-09-30 12:02 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-04 12:17 - 2012-12-15 08:42 - 00000000 _RSHD C:\Winmend~Folder~Hidden
2013-10-04 12:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-10-04 10:32 - 2012-11-04 07:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-04 10:12 - 2013-10-04 10:12 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Nero
2013-10-04 08:15 - 2013-09-30 12:11 - 00000000 ___RD C:\Users\JOANS\Dropbox
2013-10-04 08:15 - 2013-09-30 12:02 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Dropbox
2013-10-03 08:31 - 2013-10-03 08:31 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Malwarebytes
2013-10-03 08:25 - 2013-10-03 08:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-02 16:56 - 2012-11-30 08:02 - 00568320 ___SH C:\Users\JOANS\Documents\Thumbs.db
2013-09-29 06:45 - 2012-12-11 20:15 - 00000000 ____D C:\Users\JOANS\AppData\Local\Apple
2013-09-16 17:15 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-16 06:18 - 2013-03-18 15:54 - 00023552 _____ C:\Users\JOANS\Desktop\POL LINKS.xls
2013-09-15 07:28 - 2013-09-15 07:28 - 00000000 ____D C:\Users\JOANS\AppData\Roaming\Windows Live Writer
2013-09-15 07:28 - 2013-09-15 07:28 - 00000000 ____D C:\Users\JOANS\AppData\Local\Windows Live Writer
2013-09-15 07:28 - 2012-12-06 07:19 - 00000000 ____D C:\Users\JOANS\AppData\Local\Windows Live
2013-09-08 12:49 - 2013-08-16 05:41 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2183701590-1873992799-1918826727-1000
2013-09-08 12:49 - 2013-08-16 05:41 - 00003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2183701590-1873992799-1918826727-1000
2013-09-07 18:13 - 2013-09-07 18:13 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2013-09-07 18:13 - 2013-09-07 18:13 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2013-09-07 18:13 - 2012-12-05 17:05 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2013-09-07 18:13 - 2012-12-05 17:05 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2013-09-07 18:13 - 2012-12-05 17:05 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2013-09-05 15:53 - 2013-02-25 21:10 - 00000000 ____D C:\Users\JOANS\.gimp-2.8

Files to move or delete:
====================
C:\Users\JOANS\msndata.dat

Some content of TEMP:
====================
C:\Users\JOANS\AppData\Local\Temp\FreemakeVideoDownloader_3.5.1.0.exe
C:\Users\JOANS\AppData\Local\Temp\lowproc.exe
C:\Users\JOANS\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\JOANS\AppData\Local\Temp\nsd4A4C.tmp.tbInst.dll
C:\Users\JOANS\AppData\Local\Temp\ntdll_dump.dll
C:\Users\JOANS\AppData\Local\Temp\stubhelper.dll
C:\Users\JOANS\AppData\Local\Temp\WRupdate348131.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 08:41

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

The scanner had trouble reading your Chrome configuration which is odd. You may need to run a disk check on your system.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

I deleted Chrome prior to starting this session because it was acting up, probably because of a virus.

You said that I "might" want to run a disk check of my system because of a problem reading Chrome.

 

Question:

Do you want me to -

Go ahead and run the disk check?  

Automatically fix file system errors?  

Scan for and attempt recovery of bad sectors?

Link to post
Share on other sites

  • Root Admin

Yes, please.

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows XP the disk check log is in the Event Logs under Application with a heading source of  Winlogon
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk

How to Run a Chkdsk Function on Windows XP

How to view and manage event logs in Event Viewer in Windows XP

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Check a Drive for Errors with "chkdsk" in Windows 8

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

Link to post
Share on other sites

Here is a heads up regarding the Combofix instruction website. They have a "download" button at the top of the instructions that I assumed to be the Combofix.exe. It was not. it was a trojan that installed a bunch of stuff on my machine and changed my IE browser default address. I have deleted all of this and should be able to correct  the browser address.  -  Just thought you should know as no doubt other users are falling into the same trap.

I ran the check disk and the Combofix log is below.

Cheers,

jharpj

*********************************************************************************

 

ComboFix 13-10-04.02 - JOANS 10/06/2013   8:27.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3932.2184 [GMT -7:00]
Running from: c:\users\JOANS\Desktop\Step 7.1 Combofix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\JOANS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_ctypes.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_elementtree.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_hashlib.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_multiprocessing.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_socket.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\_ssl.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\msvcp100.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\msvcr100.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\pyexpat.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\pysqlite2._sqlite.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\python27.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\pythoncom27.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\PyWinTypes27.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\select.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\unicodedata.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32api.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32com.shell.shell.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32crypt.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32event.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32file.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32inet.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32pdh.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32process.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32profile.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32security.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\win32ts.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\windows._cacheinvalidation.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._controls_.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._core_.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._gdi_.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._html2.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._misc_.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._windows_.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wx._wizard.pyd
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxbase294u_net_vc90.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxbase294u_vc90.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxmsw294u_adv_vc90.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxmsw294u_core_vc90.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxmsw294u_html_vc90.dll
c:\users\JOANS\AppData\Local\Temp\_MEI22042\wxmsw294u_webview_vc90.dll
c:\users\JOANS\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\windows\SysWow64\msnphoto.scr
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 15:36 . 2013-10-06 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 14:54 . 2013-10-06 15:04 -------- d-----w- c:\program files\DivX
2013-10-06 14:54 . 2013-10-06 14:54 42297 ----a-w- c:\windows\system32\uninstall.exe
2013-10-06 14:54 . 2013-10-06 15:04 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2013-10-06 14:54 . 2013-10-06 14:54 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-10-06 14:54 . 2013-10-06 14:54 -------- d-----w- c:\windows\SysWow64\Extensions
2013-10-06 14:54 . 2013-10-06 15:04 -------- d-----w- c:\program files (x86)\DSP-worx
2013-10-06 14:54 . 2013-10-06 15:04 -------- d-----w- c:\programdata\DivX
2013-10-06 14:54 . 2013-10-06 14:54 -------- d-----w- c:\users\JOANS\AppData\Roaming\LavFilters
2013-10-06 14:54 . 2013-10-06 14:54 -------- d-----w- c:\users\JOANS\AppData\Roaming\CDXReader
2013-10-06 14:54 . 2013-10-06 14:54 -------- d-----w- c:\programdata\Babylon
2013-10-06 14:19 . 2013-10-06 14:19 -------- d--h--w- c:\programdata\Common Files
2013-10-06 14:19 . 2013-10-06 14:19 -------- d-----w- c:\users\JOANS\AppData\Roaming\DigitalSite
2013-10-05 20:04 . 2013-10-05 20:04 -------- d-----w- C:\FRST
2013-10-05 15:35 . 2013-10-05 15:35 -------- d-----w- c:\program files (x86)\ESET
2013-10-05 15:26 . 2013-10-05 15:32 -------- d-----w- C:\AdwCleaner
2013-10-05 15:25 . 2013-09-16 07:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4B7578C-4E13-4413-8358-8FC162286596}\mpengine.dll
2013-10-05 14:42 . 2013-10-05 14:42 -------- d-----w- c:\windows\ERUNT
2013-10-05 13:00 . 2013-10-05 14:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-04 23:57 . 2013-10-04 23:57 -------- d-----w- c:\program files (x86)\ERUNT
2013-10-04 22:22 . 2013-10-04 22:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 17:12 . 2013-10-04 17:12 -------- d-----w- c:\users\JOANS\AppData\Roaming\Nero
2013-10-03 15:31 . 2013-10-03 15:31 -------- d-----w- c:\users\JOANS\AppData\Roaming\Malwarebytes
2013-10-03 15:25 . 2013-10-03 15:25 -------- d-----w- c:\programdata\Malwarebytes
2013-10-03 15:25 . 2013-10-04 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-30 19:11 . 2013-10-04 15:15 -------- d-----r- c:\users\JOANS\Dropbox
2013-09-30 19:02 . 2013-10-04 15:15 -------- d-----w- c:\users\JOANS\AppData\Roaming\Dropbox
2013-09-15 14:28 . 2013-09-15 14:28 -------- d-----w- c:\users\JOANS\AppData\Local\Windows Live Writer
2013-09-15 14:28 . 2013-09-15 14:28 -------- d-----w- c:\users\JOANS\AppData\Roaming\Windows Live Writer
2013-09-08 01:13 . 2013-10-04 19:31 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-05 00:38 . 2012-11-03 15:46 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-10-04 20:48 . 2012-03-19 07:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-04 20:48 . 2012-03-19 07:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 23:31 . 2012-12-20 14:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-09-11 23:30 . 2012-12-20 14:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-09-11 23:30 . 2012-12-20 14:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-09-11 23:30 . 2012-12-20 14:09 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-29 20:34 . 2013-08-29 20:34 39896 ----a-w- c:\windows\SysWow64\DiscHandler.exe
2013-08-07 11:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 18:14 . 2012-12-18 19:59 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-08-02 18:14 . 2012-12-18 19:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-08-02 01:48 . 2013-10-04 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-26 13:24 . 2013-07-26 13:24 412336 ----a-w- c:\windows\system32\swscale-lav-2.dll
2013-07-26 13:24 . 2013-07-26 13:24 225456 ----a-w- c:\windows\system32\libbluray.dll
2013-07-26 13:24 . 2013-07-26 13:24 1527984 ----a-w- c:\windows\system32\LAVVideo.ax
2013-07-26 13:24 . 2013-07-26 13:24 6485168 ----a-w- c:\windows\system32\avcodec-lav-55.dll
2013-07-26 13:24 . 2013-07-26 13:24 524976 ----a-w- c:\windows\system32\LAVSplitter.ax
2013-07-26 13:24 . 2013-07-26 13:24 374960 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2013-07-26 13:24 . 2013-07-26 13:24 296624 ----a-w- c:\windows\system32\avutil-lav-52.dll
2013-07-26 13:24 . 2013-07-26 13:24 280240 ----a-w- c:\windows\system32\LAVAudio.ax
2013-07-26 13:24 . 2013-07-26 13:24 245936 ----a-w- c:\windows\system32\avfilter-lav-3.dll
2013-07-26 13:24 . 2013-07-26 13:24 160944 ----a-w- c:\windows\system32\avresample-lav-1.dll
2013-07-26 13:24 . 2013-07-26 13:24 1205424 ----a-w- c:\windows\system32\avformat-lav-55.dll
2013-07-26 13:24 . 2013-07-26 13:24 6275760 ----a-w- c:\windows\SysWow64\avcodec-lav-55.dll
2013-07-26 13:24 . 2013-07-26 13:24 431792 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2013-07-26 13:24 . 2013-07-26 13:24 394416 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2013-07-26 13:24 . 2013-07-26 13:24 288944 ----a-w- c:\windows\SysWow64\avutil-lav-52.dll
2013-07-26 13:24 . 2013-07-26 13:24 245936 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2013-07-26 13:24 . 2013-07-26 13:24 235184 ----a-w- c:\windows\SysWow64\avfilter-lav-3.dll
2013-07-26 13:24 . 2013-07-26 13:24 190640 ----a-w- c:\windows\SysWow64\libbluray.dll
2013-07-26 13:24 . 2013-07-26 13:24 150192 ----a-w- c:\windows\SysWow64\avresample-lav-1.dll
2013-07-26 13:24 . 2013-07-26 13:24 1239216 ----a-w- c:\windows\SysWow64\avformat-lav-55.dll
2013-07-26 13:24 . 2013-07-26 13:24 1190064 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2013-07-25 09:25 . 2013-08-14 13:59 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 13:59 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 13:59 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 13:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 14:00 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 13:59 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 14:00 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 14:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 14:00 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 13:59 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 14:00 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 14:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 14:00 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 14:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 13:28 222832 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 13:28 222832 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 13:28 222832 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-04 39408]
"SkyDrive"="c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-15 257136]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-09-04 1315144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2012-01-05 289816]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-02 1106512]
"DigiDo"="c:\program files (x86)\TWC\DigiDo\TrayApp.exe" [2011-10-17 1458544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-08-02 295512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Gateway\WDAgent\DCDhcpService.exe;c:\program files (x86)\Gateway\WDAgent\DCDhcpService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-19 20:48]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 14:43]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 13:28 261744 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 13:28 261744 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 13:28 261744 ----a-w- c:\users\JOANS\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 23:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-20 440600]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-08 1829768]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\TWC\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-10-06  08:46:46 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-06 15:46
.
Pre-Run: 184,262,270,976 bytes free
Post-Run: 187,987,800,064 bytes free
.
- - End Of File - - BE39E610BB9A0FCB7A7FBEA7B426F571

Link to post
Share on other sites

  • Root Admin

Yes, unfortunately most sites run advertising that they have no control over to support their site.  I did provide you a direct link though in my instructions to make sure that did not happen to you.

 

Let me have you run JRT and AdwCleaner again but this time when you run AdwCleaner tell it to CLEAN

 

Then run the following and reboot.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then run MBAM and check for updates and do a Quick Scan and post back the log.

 

Link to post
Share on other sites

My IE still get redirected to login.live.com even though I went into tools, deleted the incorrect address and pasted in the correct one.

Below is the MBAM log.

********************************************************************

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.07.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

JOANS :: JOANS-PC [administrator]

Protection: Disabled

10/7/2013 11:31:04 AM

mbam-log-2013-10-07 (11-31-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210359

Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

It looks like you may have missed my request to have you run these tools again so I'll ask again.

 

 

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

 

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it or simply uncheck the item.  Then click on the CLEAN button.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Link to post
Share on other sites

I did run the two cleaners but guess I forgot to post their logs which you'll find below.

Sorry,

jharpj

# AdwCleaner v3.006 - Report created 07/10/2013 at 10:39:31

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : JOANS - JOANS-PC

# Running from : C:\Users\JOANS\Desktop\Malwarebites\Step 5\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\JOANS\AppData\LocalLow\searchgol

Folder Deleted : C:\Users\JOANS\Documents\optimizer pro

File Deleted : C:\Windows\System32\Uninstall.exe

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\5255d988b134ba40

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

*************************

AdwCleaner[R1].txt - [2171 octets] - [07/10/2013 10:37:33]

AdwCleaner[s0].txt - [2065 octets] - [07/10/2013 10:39:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2125 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.4 (10.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by JOANS on Mon 10/07/2013 at 10:24:38.16

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2183701590-1873992799-1918826727-1000\Software\SweetIM

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\JOANS\AppData\Roaming\digitalsite"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 10/07/2013 at 10:32:28.38

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Thank you for asking.

MSN which is my internet provider has continued to have no problems. IE which I use a lot for searching and keeping favorite places continues to go to "login.live.com" and also frequently runs veeeery slow. In other words, no change.

I am old and also veeeery slow and hope the lack of success isn't due to me not following the instruction properly.

Thank you again.

Jharpj

Link to post
Share on other sites

  • Root Admin

I don't think anything is specifically blocking or holding the web page to login.live.com it is probably the default home page you have set at the moment.  

 

Please visit the following site and let them assist you in resetting IE

 

How to reset Internet Explorer settings

Link to post
Share on other sites

  • Root Admin

No Sir.  We've had some go on for weeks sometimes.  It all depends on what the issue is and if there is a chance of fixing it or not.

 

Let me get a new log again.  Delete you current logs from FRST.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Okay, I went through the FARBAR thing again. Made sure FABAR tool, frst.txt and addition.txt were deleted. Downloaded and ran a new tool. The result was a new frst.txt but no addition.txt.

Keeping in mind that IE is no longer being redirected I keep coming back to the idea that my IE has corrupt files but searching MS help pages indicate I can't delete, only turn off IE because it is a part of windows. Therefore am unable to find a way to replace the old IE files with new ones. I realize this does not come under the heading of virus removal but if you have any ideas on how to replace the old IE files other than updating from win 7 to win 8 or reinstalling the hard drive - please let me know.

By the way, I did update from IE-10 to IE-11/beta but nothing changed !

Thanks much,

Jharpj

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.