Successfully blocked access to malicious website

snickers99 · April 12, 2014

Hi...keep getting the same popup:

Successfully blocked access to a potentially malicious website: 162.210.192.22

Type: outgoing

Port: 51610, process: firefox.exe

Started last night and I ran a 'quick scan' and removed everything it found. Hoped that would do it but tonight it's back. Sometimes the website ends in 26 instead of 22.

Also, often when I click on any link on a page, a new tab will open and grand poker's facebook login appears. Not sure if that's related but that also just started happening last night and continues today.

Here's FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2014
Ran by Mike (administrator) on UPSTAIRSHP on 11-04-2014 20:40:01
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [CPN Notifier] - C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2636680476-179157487-1729060321-1003\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\user.js

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Video Download Toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-04-08]
FF Extension: DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Youtube To MP3 PRO converter - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2013-12-21]
FF Extension: Yontoo - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\plugin@yontoo.com.xpi [2013-02-19]
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 20:40 - 2014-04-11 20:40 - 00020537 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-04-11 20:39 - 2014-04-11 20:40 - 00000000 ____D () C:\FRST
2014-04-11 20:38 - 2014-04-11 20:38 - 02157056 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 19:28 - 2014-03-13 02:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 19:28 - 2014-03-13 02:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 19:28 - 2014-03-13 02:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 19:28 - 2014-03-13 02:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 19:28 - 2014-03-13 01:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 19:28 - 2014-03-13 01:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 19:28 - 2014-03-13 00:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:28 - 2014-03-13 00:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:28 - 2014-03-12 23:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-09 19:28 - 2014-03-12 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-09 19:28 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 19:28 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 19:28 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 19:28 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 19:28 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 19:28 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 19:28 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 19:28 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 19:28 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 19:28 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 19:28 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 19:28 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 19:27 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt
2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt
2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-22 18:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-22 18:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-22 18:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-22 18:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe
2014-03-22 18:32 - 2014-03-22 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-12 18:43 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 18:43 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 18:43 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 18:43 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 18:43 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 18:43 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 18:43 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 18:43 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-11 20:40 - 2014-04-11 20:40 - 00020537 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-04-11 20:40 - 2014-04-11 20:39 - 00000000 ____D () C:\FRST
2014-04-11 20:38 - 2014-04-11 20:38 - 02157056 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-04-11 20:37 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Word
2014-04-11 20:23 - 2013-07-26 21:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 20:09 - 2012-06-13 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-11 20:02 - 2010-02-20 06:10 - 01063656 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 19:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:59 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:52 - 2013-07-26 21:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 19:52 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 19:51 - 2009-07-14 00:51 - 00097161 _____ () C:\Windows\setupact.log
2014-04-10 19:58 - 2010-03-21 17:41 - 00416770 _____ () C:\Windows\PFRO.log
2014-04-10 19:56 - 2013-04-08 20:47 - 00000000 ____D () C:\Program Files (x86)\Minibar
2014-04-10 19:31 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Banking
2014-04-10 19:02 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 18:54 - 2010-03-23 21:45 - 00000000 ____D () C:\Users\postgres
2014-04-09 21:10 - 2010-03-22 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 21:09 - 2013-08-14 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:07 - 2010-03-22 19:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 20:44 - 2011-07-22 18:15 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-04-09 20:44 - 2011-07-22 18:15 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-04-09 19:43 - 2010-03-21 21:47 - 00000000 ____D () C:\Unzipped
2014-04-09 19:41 - 2012-11-27 20:34 - 00000000 ____D () C:\Users\Mike\dwhelper
2014-04-08 19:27 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Travel
2014-04-08 19:27 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Excel
2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt
2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt
2014-04-06 21:49 - 2010-03-23 20:01 - 00000000 ___RD () C:\Del Monte
2014-04-06 08:41 - 2010-03-27 08:39 - 00000687 _____ () C:\Windows\ULead32.ini
2014-04-05 18:07 - 2010-03-21 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FileZilla
2014-04-05 17:25 - 2010-03-24 18:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\PrimoPDF
2014-04-04 22:17 - 2010-03-21 22:01 - 00000000 ____D () C:\Users\Mike\Documents\House
2014-04-04 20:43 - 2011-10-29 08:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-04 20:43 - 2010-04-05 19:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-04 20:42 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate
2014-04-04 20:42 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant
2014-04-03 15:18 - 2013-07-26 21:09 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 15:18 - 2013-07-26 21:09 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 03:01 - 2012-04-30 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 03:01 - 2011-01-26 21:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:01 - 2011-01-26 21:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-30 11:52 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Big Heart Pet
2014-03-29 18:56 - 2010-03-23 21:51 - 00000000 ____D () C:\Poker
2014-03-29 10:13 - 2010-03-21 17:17 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-29 10:13 - 2010-03-21 17:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-03-22 18:38 - 2013-12-21 00:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-22 18:37 - 2010-03-22 21:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe
2014-03-22 18:33 - 2014-03-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-21 16:26 - 2010-03-21 21:41 - 00000000 ____D () C:\Users\Mike\Documents\Quicken
2014-03-13 19:45 - 2009-07-14 00:45 - 00451976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 19:43 - 2013-01-20 14:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 19:43 - 2013-01-20 14:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 02:33 - 2014-04-09 19:28 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 02:33 - 2014-04-09 19:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 02:33 - 2014-04-09 19:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 02:32 - 2014-04-09 19:28 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 02:32 - 2014-04-09 19:28 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 02:32 - 2014-04-09 19:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 02:32 - 2014-04-09 19:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 02:32 - 2014-04-09 19:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 02:32 - 2014-04-09 19:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 02:31 - 2014-04-09 19:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 01:10 - 2014-04-09 19:28 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 01:10 - 2014-04-09 19:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 01:09 - 2014-04-09 19:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 00:57 - 2014-04-09 19:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 00:47 - 2014-04-09 19:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:59 - 2014-04-09 19:28 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-12 23:51 - 2014-04-09 19:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\aacenc3.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.0.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Users\Mike\AppData\Local\Temp\ffmpeg13.exe
C:\Users\Mike\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Mike\AppData\Local\Temp\helper.exe
C:\Users\Mike\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe
C:\Users\Mike\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\lowproc.exe
C:\Users\Mike\AppData\Local\Temp\npp.5.9.6.2.Installer.exe
C:\Users\Mike\AppData\Local\Temp\ose00000.exe
C:\Users\Mike\AppData\Local\Temp\Relay.dll
C:\Users\Mike\AppData\Local\Temp\RelayL.dll
C:\Users\Mike\AppData\Local\Temp\Resource.exe
C:\Users\Mike\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Mike\AppData\Local\Temp\sp44614.exe
C:\Users\Mike\AppData\Local\Temp\sp46257.exe
C:\Users\Mike\AppData\Local\Temp\sp49905.exe.exe
C:\Users\Mike\AppData\Local\Temp\sp53904.exe
C:\Users\Mike\AppData\Local\Temp\sp58915.exe
C:\Users\Mike\AppData\Local\Temp\sqlite3.exe
C:\Users\Mike\AppData\Local\Temp\stubhelper.dll
C:\Users\Mike\AppData\Local\Temp\uninst.exe
C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mike\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe
C:\Users\Mike\AppData\Local\Temp\vqnmbu23.dll
C:\Users\Mike\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Mike\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 20:17

==================== End Of Log ============================

And here's additional.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2014
Ran by Mike at 2014-04-11 20:40:37
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

4Free Video Converter 2 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version: - 4Free Studio)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any Video Converter 3.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Attachmate myEXTRA! Enterprise 7.11 (HKLM-x32\...\{ACA93BC6-A0E1-4032-BFD5-50D42BF64570}) (Version: 2002.0.0.0002 - Attachmate)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Cake Poker 2.0 (HKLM-x32\...\Cake Poker 2.0) (Version: 2.0.1.2856 - Cake Poker N.V.)
Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Cisco AnyConnect VPN Client (HKLM-x32\...\{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}) (Version: 2.5.1025 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.63.10.WIN.FullTilt.COM - )
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech)
honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juicy Stakes 2.0 (HKLM-x32\...\Juicy Stakes 2.0) (Version: 2.0.1.6793 - Juicy Stakes)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaCoder 0.8.23.5530 (HKLM-x32\...\MediaCoder) (Version: 0.8.23.5530 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mihov Image Resizer 1.2 (remove only) (HKLM-x32\...\Mihov Image Resizer) (Version: - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MozBackup 1.4.10 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PokerDIY Tourney Manager (HKCU\...\3974447472.www.pokerdiy.com) (Version: - www.pokerdiy.com)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - )
PokerTracker 3 (remove only) (HKLM-x32\...\PokerTracker3) (Version: - )
PostgreSQL 8.3 (HKLM-x32\...\{B823632F-3B72-4514-8861-B961CE263224}) (Version: 8.3 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PrimoPDF -- by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5.0.0.19 - Nitro PDF Software)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.4.14 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Replace! 5.01 (HKLM-x32\...\Replace!) (Version: 5.01 - Andrea Novero)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 4.15 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.5 - SourceTec Software Co., LTD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UMPlayer 0.98 [P4] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
Universal Replayer (HKCU\...\Universal Replayer) (Version: - Universal Replayer)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)
Video Download Button (HKLM-x32\...\Video Download Button) (Version: - )
Video Download Toolbar 3.0.0.0 (HKLM-x32\...\Video Download Toolbar_is1) (Version: - Sakysoft s.r.l. uninominale)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION

==================== Restore Points =========================

29-03-2014 12:49:54 Windows Update
02-04-2014 22:31:22 Windows Update
03-04-2014 07:00:26 Windows Update
06-04-2014 12:20:11 Windows Update
09-04-2014 23:28:59 Windows Update
10-04-2014 01:06:20 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {027DFDBB-975B-4B0B-A76D-23A428A7B368} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-03-25] (Hewlett-Packard)
Task: {1FD9F65A-525D-4C77-89C7-A4C32D18E676} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2266A9B0-1B75-4980-A4D1-B4CF28DDF9EB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {28F78A8E-DFA2-4B74-8D84-5A69FAA4C0BA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {3923B924-06D4-4BDE-8683-57E15A015C6C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {3EF2FB85-616F-4D76-9169-A7BEFB9EECE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4443BD2B-650A-402E-8DDB-28A36091E991} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {519A1AF4-7190-4BC4-A7FE-ABF3388155FE} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {5DF6D90D-C3BD-4D09-ADED-854F1AD21DAF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {60DF3353-0F6C-4A63-8CB1-A0EA9899C0D1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {99A6EB2B-3FEB-4BC2-B1EC-13144C02B24F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {A2F14AA8-B33B-4CC4-9716-8241CC32F2E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A78CEEC4-52BE-4049-9675-FBF86F24939C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {C5F3608B-8497-4954-B484-D58965A3CCDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D41C9172-7EB7-42DF-98DD-F2F5B97CB56C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {E18AEDC4-14A8-4390-815B-8D5A138120F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-26] (Google Inc.)
Task: {E46B3B8D-FC6A-4431-BCE5-B2ED0111B7E7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2636680476-179157487-1729060321-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EBC04249-E796-407C-B92B-9A0EE1971557} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {F82BBBD8-8220-40D6-8364-D9D634CFB5FE} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {FDAD03C8-DA14-4728-8E6E-7FA337E705B3} - System32\Tasks\HPCeeScheduleForMike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2010-03-24 18:42 - 2009-07-30 21:58 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-09-14 20:17 - 2009-09-14 20:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2008-09-19 03:03 - 2008-09-19 03:03 - 00167936 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\LIBPQ.dll
2010-01-15 18:16 - 2009-10-02 17:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2006-11-06 18:18 - 2006-11-06 18:18 - 00963584 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\libxml2.dll
2005-07-20 06:48 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.3\bin\zlib1.dll
2008-02-04 22:43 - 2008-02-04 22:43 - 00027136 _____ () C:\Program Files (x86)\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll
2014-03-22 18:33 - 2014-03-22 18:33 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-22 18:33 - 2014-03-22 18:33 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-22 18:33 - 2014-03-22 18:33 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-04-11 20:06 - 2014-04-11 20:06 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID
AlternateDataStreams: C:\Program Files (x86)\Juicy Stakes 2.0:MID
AlternateDataStreams: C:\ProgramData\Temp:2D6E5D55

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2014 08:37:40 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/10/2014 07:54:52 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/09/2014 08:22:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/09/2014 08:20:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/09/2014 08:02:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/08/2014 07:32:49 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/07/2014 06:28:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/07/2014 06:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/07/2014 05:45:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (04/06/2014 03:46:46 PM) (Source: Application Hang) (User: )
Description: The program PDR.exe version 7.0.100.3503 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d68

Start Time: 01cf51d00ef56582

Termination Time: 13

Application Path: c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe

Report Id:

System errors:
=============
Error: (04/03/2014 03:17:32 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (04/03/2014 03:17:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (03/10/2014 04:58:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.167.1579.0).

Error: (03/10/2014 04:58:26 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.167.1493.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (03/10/2014 06:40:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.167.1493.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.4.0304.00

   Source Path: 4.4.0304.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (02/05/2014 10:49:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (01/21/2014 07:28:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: )
Description: The CrystalSysInfo service failed to start due to the following error:
%%2

Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: )
Description: The CrystalSysInfo service failed to start due to the following error:
%%2

Error: (01/12/2014 07:49:12 PM) (Source: Service Control Manager) (User: )
Description: The CrystalSysInfo service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (04/11/2014 08:37:40 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/10/2014 07:54:52 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/09/2014 08:22:54 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8

Error: (04/09/2014 08:20:59 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/09/2014 08:02:28 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/08/2014 07:32:49 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/07/2014 06:28:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8

Error: (04/07/2014 06:26:28 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/07/2014 05:45:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (04/06/2014 03:46:46 PM) (Source: Application Hang)(User: )
Description: PDR.exe7.0.100.3503d6801cf51d00ef5658213c:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 6007.08 MB
Available physical RAM: 3300.67 MB
Total Pagefile: 12012.34 MB
Available Pagefile: 9069.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.63 GB) (Free:672.62 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.78 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=921 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thanks for any help! I have Malwarebytes Pro, if you need further information. Let me know if you need something else. Thanks!

AdvancedSetup · April 15, 2014

Hello and :welcome:

Please read the following and post back the logs when ready.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Quick Scan with Malwarebytes
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post back the report.
Make sure that everything is checked, and click Remove Selected if anything is found.

STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thanks

snickers99 · April 15, 2014

Thanks for your help in this...really appreciated it.

Ran through the steps...didn't have any problems. Except am I right in assuming "Quick Scan" is now called "Hyper Scan"? There wasn't an option for Quick Scan anymore...at least I couldn't find one. The Hyper Scan found nothing, BTW.

Below is the log from RogueKiller:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 04/15/2014 18:01:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 2 ¤¤¤
[FF][PUP] jawq4ln3.default : Yontoo
[FF][PUP] jawq4ln3.default : Video Download Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65M2B0 +++++
--- User ---
[MBR] d74fcb39b74548fdd4e2cfb03561cf6f
[bSP] dea94089843d8b9c54e6828526a6923a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942730 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930917888 | Size: 11037 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04152014_180112.txt >>

AdvancedSetup · April 15, 2014

The new one is called Threat Scan = Quick Scan, but not an issue.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

snickers99 · April 17, 2014

Did the steps above.

Logs from Anti-Rootkit:

------------------------------------------------

MBAR-LOG:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16866
Mike :: UPSTAIRSHP [administrator]

4/16/2014 5:08:23 PM
mbar-log-2014-04-16 (17-08-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 321175
Time elapsed: 35 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

-------------------------------------------------------------

System Log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16866

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 6298877952, free: 3709337600

Downloaded database version: v2014.04.10.07
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1930711040

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1930917888 Numsec = 22603776

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

snickers99 · April 17, 2014

Thought I would post each log from each step in a different post but I guess I can't post multiple posts in a short period so....

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mike on Wed 04/16/2014 at 17:46:28.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\minibar"
Successfully deleted: [Folder] "C:\Program Files (x86)\file type helper"
Successfully deleted: [Folder] "C:\Program Files (x86)\minibar"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0803187B-568C-4E9F-8EC3-ECFCDEB0828C}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{0BE4BEAE-293E-4ABD-9D08-823DF9BCFD35}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{149144A5-E39C-43A0-A291-CF5746BD3B0F}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{1535FE0A-FF4D-4341-931E-9B9F6458E467}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{16714065-45C6-4A58-BC4A-D8658BF16793}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{20A3637C-9070-4053-A153-3EACB2DD719C}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{245328C4-4DE9-4481-90BD-FEAE918A4520}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{271239FB-54D9-4745-9918-C51BEDF2EA6D}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{2E33C56E-7C44-446A-9ED8-FD8F3E444BB8}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{36646D18-D730-4C59-84BB-573B1926CA57}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{48B070C8-88DB-4834-80B0-2D882F5D0BC0}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{4EB61855-90EC-4C45-BD62-58DA9F147CF5}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{6D869931-9B7D-45F0-95E4-3796F1EDEEDF}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{71B4A051-4969-476A-A8BE-D0764A8799D6}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{7B8D99B7-EDAB-47FE-ADDC-A24D1C5EA26E}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{80CC93DD-51AF-4AE6-9953-B51BE7A166B0}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{814A6F59-3A0A-443B-BFA6-246E3064D954}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{82138770-9FA6-43CF-9570-3F6564EA0BBE}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{8652877F-142D-4366-A988-6AE19CE16E15}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{873CDA94-025E-4456-963A-8DFAB2052D4B}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{92ED3265-B6B1-4595-B3AE-EB39812A40CA}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{A9E8954A-69F9-4DA2-9D8F-22956EF49196}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{B2AB214E-E8A7-464F-99DB-D076C1A3F7C2}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C5E861BF-9D25-40BF-BE28-F681CEE60CCE}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C6084ACF-DC3E-4791-ADE3-1C2AC4C06C81}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{C615BF77-8F81-4F0C-BE99-2997756F8E71}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{CEE34C73-54DE-4170-B4A4-687F437A3E53}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{DEED33D2-580C-4386-A711-44392D1FB0D9}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{DFF3C826-DBC0-4501-93E5-4C6C8E3C8717}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{FE1819B4-0533-49E4-AB2C-A620F8B0C616}

~~~ FireFox

Successfully deleted: [File] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\user.js
Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\extensions\{97a78363-b868-4b48-ac91-a783a31215af}
Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\prefs.js

user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Video Download Toolbar\",\"description\":\"Video Download Toolbar\",\"button\":{\"tooltip\":\"Download Video\
user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEDElEQVQ4jX3QfVDSdxwH8N9W3bZ/2h9rV9dtzWtddsmJ
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\jawq4ln3.default\minidumps [113 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/16/2014 at 17:52:30.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------------------------------------------------------------------------------

Adwcleaner:

# AdwCleaner v3.023 - Report created 16/04/2014 at 18:08:00
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - UPSTAIRSHP
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mike\AppData\Local\Minibar
Folder Deleted : C:\Users\Mike\AppData\Local\TempDir
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\postgres\AppData\LocalLow\Fast Free Converter
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\plugin@yontoo.com.xpi

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKCU\Software\Minibar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\prefs.js ]

Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEDElEQVQ4jX3QfVDSdxwH8N9W3bZ/2h9rV9dtzWtddsmJKTUZIpiSEUoG4hBQ8QkMcSgTM[...]
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader");
Line Deleted : user_pref("extentions.y2layers.installId", "c1b7c02d-2d16-4b76-aa1d-ef2bf34fed06");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3198 octets] - [16/04/2014 18:00:10]
AdwCleaner[s0].txt - [3112 octets] - [16/04/2014 18:08:00]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3172 octets] ##########

-----------------------------------------------------------------------------------------------------------------------------------------------------------

ESET Log:

C:\Users\Mike\AppData\Local\Temp\7932D96.tmp   multiple threats
C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe   a variant of Win32/InstallCore.AG potentially unwanted application
C:\Users\Mike\AppData\Local\Temp\uninst.exe   a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe   Win32/Somoto.O potentially unwanted application
C:\Users\Mike\AppData\Local\Temp\ICReinstall\cnet2_MediaCoder-0_8_13_5266_zip.exe   a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Mike\AppData\Local\Temp\is357113909\FunmoodsLatest.exe   a variant of Win32/Toolbar.Funmoods potentially unwanted application
C:\Users\Mike\AppData\Local\Temp\is357113909\GiantSavings_US.exe   Win32/Toolbar.CrossRider.B potentially unwanted application
C:\Users\Mike\Downloads\MediaCoder-0.8.23.5530.exe   Win32/OpenCandy potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by Mike (administrator) on UPSTAIRSHP on 16-04-2014 20:11:03
Running from C:\Users\Mike\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Juicy Stakes 2.0\PokerNotifier.exe
HKU\S-1-5-21-2636680476-179157487-1729060321-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2636680476-179157487-1729060321-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
ShortcutTarget: iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {B3BD77A2-B2EC-484D-B39A-9FC8342723CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: DownloadHelper - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Youtube To MP3 PRO converter - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi [2013-12-21]
FF Extension: Adblock Plus - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\jawq4ln3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-26]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pgsql-8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 20:11 - 2014-04-16 20:11 - 00009452 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\Malware Stuff
2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-04-16 20:08 - 2014-04-16 20:08 - 02158592 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2014-04-16 18:16 - 2014-04-16 18:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-16 18:15 - 2014-04-16 18:15 - 02347384 _____ (ESET) C:\Users\Mike\Downloads\esetsmartinstaller_enu.exe
2014-04-16 18:00 - 2014-04-16 18:08 - 00000000 ____D () C:\AdwCleaner
2014-04-16 17:59 - 2014-04-16 17:59 - 01426178 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-04-16 17:52 - 2014-04-16 17:52 - 00008191 _____ () C:\Users\Mike\Desktop\JRT.txt
2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 17:44 - 2014-04-16 17:45 - 01016261 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2014-04-16 17:08 - 2014-04-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-16 17:07 - 2014-04-16 17:44 - 00000000 ____D () C:\Users\Mike\Desktop\mbar
2014-04-16 17:06 - 2014-04-16 17:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Mike\Desktop\mbar-1.07.0.1009.exe
2014-04-15 18:01 - 2014-04-15 18:01 - 00002969 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_04152014_180112.txt
2014-04-15 17:58 - 2014-04-15 18:03 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-04-15 17:57 - 2014-04-15 17:57 - 04527616 _____ () C:\Users\Mike\Desktop\RogueKillerX64.exe
2014-04-15 17:51 - 2014-04-15 17:51 - 00000000 ____D () C:\Windows\ERDNT
2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\postgres\Desktop\NTREGOPT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\postgres\Desktop\ERUNT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\Mike\Desktop\ERUNT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-15 17:48 - 2014-04-15 17:48 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Desktop\erunt-setup.exe
2014-04-15 17:43 - 2014-04-15 17:47 - 00002040 _____ () C:\Users\Mike\Desktop\Rkill.txt
2014-04-15 17:43 - 2014-04-15 17:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mike\Desktop\rkill.exe
2014-04-14 20:04 - 2014-04-14 20:03 - 00000346 _____ () C:\Users\Mike\Desktop\buffet.txt
2014-04-14 19:05 - 2014-04-16 19:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 19:04 - 2014-04-16 17:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 19:04 - 2014-04-14 19:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 19:04 - 2014-04-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 19:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-11 20:39 - 2014-04-16 20:11 - 00000000 ____D () C:\FRST
2014-04-11 20:38 - 2014-04-16 20:10 - 02158592 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 19:28 - 2014-03-13 02:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 19:28 - 2014-03-13 02:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 19:28 - 2014-03-13 02:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 19:28 - 2014-03-13 02:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-09 19:28 - 2014-03-13 02:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 19:28 - 2014-03-13 02:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 19:28 - 2014-03-13 01:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 19:28 - 2014-03-13 01:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 19:28 - 2014-03-13 01:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-09 19:28 - 2014-03-13 00:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 19:28 - 2014-03-13 00:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 19:28 - 2014-03-12 23:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-09 19:28 - 2014-03-12 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-09 19:28 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 19:28 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 19:28 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 19:28 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 19:28 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 19:28 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 19:28 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 19:28 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 19:28 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 19:28 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 19:28 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 19:28 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 19:28 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 19:27 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt
2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt
2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-22 18:37 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-22 18:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-22 18:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-22 18:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe
2014-03-22 18:32 - 2014-03-22 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-04-16 20:11 - 2014-04-16 20:11 - 00009452 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-04-16 20:11 - 2014-04-11 20:39 - 00000000 ____D () C:\FRST
2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\Malware Stuff
2014-04-16 20:10 - 2014-04-16 20:10 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2014-04-16 20:10 - 2014-04-11 20:38 - 02158592 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-04-16 20:08 - 2014-04-16 20:08 - 02158592 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2014-04-16 19:48 - 2014-04-14 19:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 19:23 - 2013-07-26 21:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 19:02 - 2010-02-20 06:10 - 01219414 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 18:17 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 18:17 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 18:16 - 2014-04-16 18:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-16 18:15 - 2014-04-16 18:15 - 02347384 _____ (ESET) C:\Users\Mike\Downloads\esetsmartinstaller_enu.exe
2014-04-16 18:09 - 2013-07-26 21:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 18:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 18:09 - 2009-07-14 00:51 - 00097441 _____ () C:\Windows\setupact.log
2014-04-16 18:08 - 2014-04-16 18:00 - 00000000 ____D () C:\AdwCleaner
2014-04-16 17:59 - 2014-04-16 17:59 - 01426178 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2014-04-16 17:52 - 2014-04-16 17:52 - 00008191 _____ () C:\Users\Mike\Desktop\JRT.txt
2014-04-16 17:46 - 2014-04-16 17:46 - 00000000 ____D () C:\Windows\ERUNT
2014-04-16 17:45 - 2014-04-16 17:44 - 01016261 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2014-04-16 17:44 - 2014-04-16 17:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-16 17:44 - 2014-04-16 17:07 - 00000000 ____D () C:\Users\Mike\Desktop\mbar
2014-04-16 17:07 - 2014-04-14 19:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-16 17:06 - 2014-04-16 17:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Mike\Desktop\mbar-1.07.0.1009.exe
2014-04-15 20:15 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Word
2014-04-15 18:25 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Excel
2014-04-15 18:25 - 2010-03-21 21:47 - 00000000 ____D () C:\Unzipped
2014-04-15 18:18 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Big Heart Pet
2014-04-15 18:17 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 18:03 - 2014-04-15 17:58 - 00000000 ____D () C:\Users\Mike\Desktop\RK_Quarantine
2014-04-15 18:01 - 2014-04-15 18:01 - 00002969 _____ () C:\Users\Mike\Desktop\RKreport[0]_S_04152014_180112.txt
2014-04-15 17:57 - 2014-04-15 17:57 - 04527616 _____ () C:\Users\Mike\Desktop\RogueKillerX64.exe
2014-04-15 17:51 - 2014-04-15 17:51 - 00000000 ____D () C:\Windows\ERDNT
2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\postgres\Desktop\NTREGOPT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000886 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\postgres\Desktop\ERUNT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000867 _____ () C:\Users\Mike\Desktop\ERUNT.lnk
2014-04-15 17:50 - 2014-04-15 17:50 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-15 17:48 - 2014-04-15 17:48 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Desktop\erunt-setup.exe
2014-04-15 17:47 - 2014-04-15 17:43 - 00002040 _____ () C:\Users\Mike\Desktop\Rkill.txt
2014-04-15 17:43 - 2014-04-15 17:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mike\Desktop\rkill.exe
2014-04-15 17:36 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Travel
2014-04-15 17:25 - 2013-07-07 08:41 - 00027648 ___SH () C:\Users\Mike\Documents\Thumbs.db
2014-04-14 20:03 - 2014-04-14 20:04 - 00000346 _____ () C:\Users\Mike\Desktop\buffet.txt
2014-04-14 19:04 - 2014-04-14 19:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 19:04 - 2014-04-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 19:04 - 2012-07-21 12:06 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Malwarebytes
2014-04-14 19:04 - 2012-07-21 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-12 19:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 12:21 - 2012-06-13 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-12 12:21 - 2011-07-22 18:15 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2014-04-11 20:59 - 2011-10-29 08:23 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-11 20:59 - 2011-07-22 18:15 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2014-04-11 20:59 - 2010-04-05 19:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-11 20:57 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HpUpdate
2014-04-11 20:57 - 2010-03-29 19:28 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\HP Support Assistant
2014-04-11 20:06 - 2014-04-11 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-10 19:58 - 2010-03-21 17:41 - 00416770 _____ () C:\Windows\PFRO.log
2014-04-10 19:31 - 2010-03-21 22:02 - 00000000 ____D () C:\Users\Mike\Documents\Banking
2014-04-10 18:54 - 2010-03-23 21:45 - 00000000 ____D () C:\Users\postgres
2014-04-09 21:10 - 2010-03-22 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 21:09 - 2013-08-14 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:07 - 2010-03-22 19:47 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 19:41 - 2012-11-27 20:34 - 00000000 ____D () C:\Users\Mike\dwhelper
2014-04-07 17:41 - 2014-04-07 17:41 - 00000537 _____ () C:\Users\Mike\Downloads\CBOAACK_20140407171026.txt
2014-04-07 17:41 - 2014-04-07 17:41 - 00000536 _____ () C:\Users\Mike\Downloads\BOAACK_20140407171025.txt
2014-04-06 21:49 - 2010-03-23 20:01 - 00000000 ___RD () C:\Del Monte
2014-04-06 08:41 - 2010-03-27 08:39 - 00000687 _____ () C:\Windows\ULead32.ini
2014-04-05 18:07 - 2010-03-21 17:17 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\FileZilla
2014-04-05 17:25 - 2010-03-24 18:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\PrimoPDF
2014-04-04 22:17 - 2010-03-21 22:01 - 00000000 ____D () C:\Users\Mike\Documents\House
2014-04-03 15:18 - 2013-07-26 21:09 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 15:18 - 2013-07-26 21:09 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-14 19:04 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2012-07-21 12:06 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 03:01 - 2012-04-30 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 03:01 - 2011-01-26 21:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:01 - 2011-01-26 21:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-29 18:56 - 2010-03-23 21:51 - 00000000 ____D () C:\Poker
2014-03-29 10:13 - 2010-03-21 17:17 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-29 10:13 - 2010-03-21 17:17 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-03-22 18:39 - 2014-03-22 18:39 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Oracle
2014-03-22 18:38 - 2013-12-21 00:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-22 18:37 - 2014-03-22 18:37 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-22 18:37 - 2010-03-22 21:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-22 18:34 - 2014-03-22 18:34 - 00921000 _____ (Oracle Corporation) C:\Users\Mike\Downloads\jxpiinstall(1).exe
2014-03-22 18:33 - 2014-03-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-21 16:26 - 2010-03-21 21:41 - 00000000 ____D () C:\Users\Mike\Documents\Quicken

Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\aacenc3.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.0.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v4.1.exe
C:\Users\Mike\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Users\Mike\AppData\Local\Temp\ffmpeg13.exe
C:\Users\Mike\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Mike\AppData\Local\Temp\helper.exe
C:\Users\Mike\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mike\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe
C:\Users\Mike\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\lowproc.exe
C:\Users\Mike\AppData\Local\Temp\npp.5.9.6.2.Installer.exe
C:\Users\Mike\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Mike\AppData\Local\Temp\ose00000.exe
C:\Users\Mike\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike\AppData\Local\Temp\Relay.dll
C:\Users\Mike\AppData\Local\Temp\RelayL.dll
C:\Users\Mike\AppData\Local\Temp\Resource.exe
C:\Users\Mike\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Mike\AppData\Local\Temp\sp44614.exe
C:\Users\Mike\AppData\Local\Temp\sp46257.exe
C:\Users\Mike\AppData\Local\Temp\sp49905.exe.exe
C:\Users\Mike\AppData\Local\Temp\sp53904.exe
C:\Users\Mike\AppData\Local\Temp\sp58915.exe
C:\Users\Mike\AppData\Local\Temp\sqlite3.exe
C:\Users\Mike\AppData\Local\Temp\stubhelper.dll
C:\Users\Mike\AppData\Local\Temp\uninst.exe
C:\Users\Mike\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mike\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Mike\AppData\Local\Temp\video-download-toolbar-setup-silent.exe
C:\Users\Mike\AppData\Local\Temp\vqnmbu23.dll
C:\Users\Mike\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Mike\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 20:17

==================== End Of Log ============================

AdvancedSetup · April 17, 2014

Please go into Control Panel, Add/Remove and uninstall ALL versions of JAVA
Then run the following

Please download JavaRa-1.16 and save it to your computer.

Double click to open the zip file and then select all and choose Copy.
Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
Quit all browsers and other running applications.
Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Then run the following and Restart the computer.

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

After the reboot run the following

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

snickers99 · April 17, 2014

JavaRa Log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Apr 17 17:31:52 2014

Found and removed: C:\Program Files (x86)\Java\jre6

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

---------------------------------------------------------------------------------------------------------------------

ComboFix log attached.

Thanks!

ComboFix.txt

AdvancedSetup · April 18, 2014

Please start MBAM and go to the History, Application Logs and find the past couple of Protection logs. Open each and then copy to clipboard and paste back here or export them please and post here.

snickers99 · April 18, 2014

4/14/14:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/14/2014 7:05:06 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Update, 4/14/2014 7:05:10 PM, SYSTEM, UPSTAIRSHP, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 4/14/2014 7:05:14 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.3.4.9, 2014.4.10.7,
Protection, 4/14/2014 7:05:14 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/14/2014 7:05:45 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/14/2014 7:05:48 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49509, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49509, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/14/2014 7:41:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.22, static.datafastguru.info, 49518, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 4/14/2014 8:05:18 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.4.10.7, 2014.4.14.9,
Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/14/2014 8:05:19 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/14/2014 8:05:22 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,

(end)

==========================================================================================================

4/15/14:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/15/2014 4:53:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/15/2014 4:53:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/15/2014 4:53:11 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/15/2014 4:55:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Update, 4/15/2014 5:16:03 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.14.9, 2014.4.15.11,
Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/15/2014 5:16:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/15/2014 5:16:07 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49498, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49498, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/15/2014 5:59:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49517, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/15/2014 6:01:14 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, IP, 162.210.192.26, static.datafastguru.info, 49585, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

========================================================================================

4/16/14:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/16/2014 4:51:32 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/16/2014 4:53:28 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Update, 4/16/2014 5:48:08 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.15.11, 2014.4.16.10,
Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/16/2014 5:48:10 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/16/2014 5:48:30 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/16/2014 5:48:30 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/16/2014 5:48:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/16/2014 6:09:33 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/16/2014 6:12:02 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Update, 4/16/2014 7:48:13 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.16.10, 2014.4.16.11,
Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/16/2014 7:48:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/16/2014 7:49:11 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/16/2014 7:49:11 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/16/2014 7:49:16 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,

(end)

================================================

4/17/14:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/17/2014 5:16:21 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/17/2014 5:17:04 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/17/2014 6:03:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/17/2014 6:03:58 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Protection, 4/17/2014 7:49:02 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/17/2014 7:49:03 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/17/2014 7:49:03 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/17/2014 7:49:26 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Update, 4/17/2014 8:00:46 PM, SYSTEM, UPSTAIRSHP, Scheduler, Malware Database, 2014.4.16.11, 2014.4.17.7,
Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/17/2014 8:00:47 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/17/2014 8:00:51 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,

(end)

===========================================================================================

4/18/14:

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Starting,
Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malware Protection, Started,
Protection, 4/18/2014 3:02:38 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/18/2014 3:02:50 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,
Update, 4/18/2014 3:09:13 PM, SYSTEM, UPSTAIRSHP, Manual, Malware Database, 2014.4.17.7, 2014.4.18.7,
Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Starting,
Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopping,
Protection, 4/18/2014 3:09:15 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Stopped,
Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Refresh, Success,
Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Starting,
Protection, 4/18/2014 3:09:18 PM, SYSTEM, UPSTAIRSHP, Protection, Malicious Website Protection, Started,

(end)

AdvancedSetup · April 18, 2014

The logs show that you're no longer having outgoing IP blocks which is a good thing. Looks like that has been cleared up now.

Are there still any signs of an infection or other issues then before we finish up here?

snickers99 · April 19, 2014

The logs show that you're no longer having outgoing IP blocks which is a good thing. Looks like that has been cleared up now.

Are there still any signs of an infection or other issues then before we finish up here?

Wanted to do some normal Internetting before responding. No issues last night or today! Awesome. Thank you so much!! Looks like I'm good!

AdvancedSetup · April 20, 2014

Please download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

snickers99 · April 20, 2014

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.4.0)
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

AdvancedSetup · April 21, 2014

Please check for updates to your Flash player from Adobe.

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

Turn off all active protection software including your antivirus.
Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

Remove the rest of the tools used:

Please download

OTCleanIt

and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
If asked to restart the computer, please do so

Note:

If you receive a warning from your firewall or other security programs regarding

OTCleanIt

attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

Double click on AdwCleaner.exe to run the tool.
Click on Uninstall
Confirm with Yes

ESET antivirus Removal:

This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

snickers99 · April 22, 2014

Everything still seems fine. Thanks again for your help and thanks for the links to the articles.

AdvancedSetup · April 23, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Successfully blocked access to malicious website

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information