Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01 Ran by Katelynn (administrator) on 15-08-2013 15:50:27 Running from C:\Users\Katelynn\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Boingo Wireless, Inc.) C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe ( ) C:\Windows\system32\lxcrcoms.exe (IDT, Inc.) C:\Windows\system32\STacSV.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Dropbox, Inc.) C:\Users\Katelynn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Katelynn\Downloads\FRST(2).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-20] (Microsoft Corporation) Startup: C:\Users\Katelynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Katelynn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319 URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.) SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msdaipp - No CLSID Value - Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Katelynn\AppData\Roaming\Mozilla\Firefox\Profiles\vhqdna17.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Katelynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{4bcdbfd0-fa26-11de-8a39-0800200c9a66}] C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C}] C:\Users\Katelynn\AppData\Local\{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C} FF Extension: XULRunner - C:\Users\Katelynn\AppData\Local\{3E3CFC85-4A3A-4DBF-87EF-909A20B86A0C} Chrome: ======= CHR RestoreOnStartup: "urls_to_restore_on_startup": null CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Chrome NaCl) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Katelynn\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Users\Katelynn\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Katelynn\AppData\Local\Temp\ccex.crx CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 EarthLinkMonitor; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [65604 2005-01-26] (Boingo Wireless, Inc.) S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( ) S4 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.) S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-12] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-12] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-12] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-12] () S3 BW2NDIS5; C:\Windows\System32\Drivers\BW2NDIS5.sys [17536 2004-11-01] (Printing Communications Assoc., Inc. (PCAUSA)) S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [58880 2008-06-04] (Option N.V.) S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [106112 2008-06-04] (Option N.V.) S3 GTUHSOMS; C:\Windows\System32\DRIVERS\gtuhsoms.sys [18816 2008-06-06] (Option N.V.) S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2008-06-04] (Option N.V.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-05] (Malwarebytes Corporation) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd) R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited) U3 TrueSight; C:\Windows\system32\TrueSight.sys [15616 2013-07-29] () S3 utuyntu3; C:\Windows\system32\Drivers\utuyntu3.sys [7168 2013-04-08] () S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x] S3 catchme; \??\C:\Users\Katelynn\AppData\Local\Temp\catchme.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 MFE_RR; \??\C:\Users\Katelynn\AppData\Local\Temp\mfe_rr.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-14 16:42 - 2013-08-14 16:42 - 00068096 _____ C:\Users\Katelynn\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-13 15:40 - 2013-08-13 16:38 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR(1).exe 2013-08-12 22:19 - 2013-08-12 22:24 - 03596056 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-12 21:37 - 2013-08-12 21:37 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00001831 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-12 21:37 - 2013-08-12 21:37 - 00000000 _____ C:\Windows\setuperr.log 2013-08-12 21:37 - 2013-08-12 21:37 - 00000000 _____ C:\Windows\setupact.log 2013-08-12 21:37 - 2013-05-09 04:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-08-12 21:37 - 2013-05-09 04:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-08-12 21:37 - 2013-05-09 04:59 - 00049760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2013-08-12 21:37 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-08-12 21:37 - 2013-05-09 04:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-08-12 21:36 - 2013-05-09 04:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-08-12 21:30 - 2013-08-12 21:31 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup(1).exe 2013-08-12 21:29 - 2013-08-15 15:25 - 00107761 _____ C:\Windows\WindowsUpdate.log 2013-08-12 17:19 - 2013-08-12 17:19 - 00019231 _____ C:\ComboFix.txt 2013-08-12 16:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-12 16:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-12 16:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-12 16:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-12 16:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-12 16:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-12 16:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-12 16:19 - 2013-08-12 16:19 - 00002746 _____ C:\Users\Katelynn\Desktop\combofix - Shortcut.lnk 2013-08-12 16:18 - 2013-08-12 16:18 - 00000513 _____ C:\Users\Katelynn\Downloads\CFScript.txt 2013-08-11 20:02 - 2013-08-12 17:19 - 00000000 ____D C:\Qoobox 2013-08-11 20:00 - 2013-08-12 16:55 - 05102975 ____R (Swearware) C:\Users\Katelynn\Downloads\ComboFix.exe 2013-08-11 19:18 - 2013-08-11 19:18 - 00000000 ____D C:\_OTL 2013-08-10 18:03 - 2013-08-10 18:03 - 00003100 _____ C:\Users\Katelynn\Downloads\FSS.txt 2013-08-10 18:02 - 2013-08-10 18:02 - 00357143 _____ (Farbar) C:\Users\Katelynn\Downloads\FSS.exe 2013-08-10 17:56 - 2013-08-10 17:56 - 00041222 _____ C:\Users\Katelynn\Downloads\Extras.Txt 2013-08-10 17:55 - 2013-08-10 17:55 - 00183490 _____ C:\Users\Katelynn\Downloads\OTL.Txt 2013-08-09 00:23 - 2013-08-09 00:23 - 00602112 _____ (OldTimer Tools) C:\Users\Katelynn\Downloads\OTL.exe 2013-08-08 18:10 - 2013-08-08 18:10 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller(1).exe 2013-08-08 16:21 - 2013-08-08 16:22 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-05 22:40 - 2013-08-05 22:46 - 00000361 _____ C:\Users\Katelynn\Downloads\Search.txt 2013-08-05 17:34 - 2013-08-05 17:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(2).exe 2013-08-05 17:23 - 2013-08-05 17:24 - 00005292 _____ C:\AdwCleaner[S1].txt 2013-08-05 17:23 - 2013-08-05 17:23 - 00666633 _____ C:\Users\Katelynn\Downloads\AdwCleaner.exe 2013-08-05 17:17 - 2013-08-05 17:17 - 00000000 ____D C:\Windows\ERUNT 2013-08-05 17:10 - 2013-08-05 17:10 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Katelynn\Downloads\JRT.exe 2013-08-05 16:12 - 2013-08-05 16:12 - 01228808 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST(1).exe 2013-08-01 22:43 - 2013-08-05 16:18 - 00020686 _____ C:\Users\Katelynn\Downloads\Addition.txt 2013-08-01 22:41 - 2013-08-05 17:08 - 00000000 ____D C:\FRST 2013-08-01 22:40 - 2013-08-01 22:40 - 01222124 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST.exe 2013-07-31 18:07 - 2013-07-31 18:07 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller.exe 2013-07-30 20:11 - 2013-07-30 20:11 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds(1).com 2013-07-29 21:56 - 2013-07-29 21:56 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds.com 2013-07-29 17:22 - 2013-07-29 17:22 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Katelynn\Downloads\rkill.com 2013-07-29 16:42 - 2013-07-29 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-07-29 16:27 - 2013-07-29 16:27 - 00015616 _____ C:\Windows\system32\TrueSight.sys 2013-07-29 16:26 - 2013-07-29 16:26 - 00916992 _____ C:\Users\Katelynn\Downloads\RogueKiller.exe 2013-07-28 20:00 - 2013-08-12 21:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-07-28 20:00 - 2013-08-12 21:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-07-28 20:00 - 2013-08-12 21:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-07-28 19:04 - 2013-07-28 19:45 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup.exe 2013-07-28 16:46 - 2013-07-28 17:05 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR.exe 2013-07-28 16:43 - 2013-07-28 16:43 - 00000120 ___RH C:\Users\Katelynn\Downloads\Stinger.opt 2013-07-28 16:37 - 2013-07-28 16:43 - 00000641 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163732.html 2013-07-28 16:33 - 2013-07-28 16:33 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.944e.deleteme 2013-07-28 16:32 - 2013-07-28 16:43 - 00000000 ____D C:\Program Files\stinger 2013-07-28 16:32 - 2013-07-28 16:36 - 00000643 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163248.html 2013-07-28 16:32 - 2013-07-28 16:32 - 11394080 _____ (McAfee Inc) C:\Users\Katelynn\Downloads\stinger32.exe 2013-07-28 16:32 - 2013-07-28 16:32 - 00490268 _____ C:\Users\Katelynn\Downloads\runtime.dat 2013-07-28 16:32 - 2013-07-28 16:32 - 00000000 ____D C:\Stinger_Quarantine 2013-07-27 19:11 - 2013-07-27 19:11 - 71508223 _____ (Sophos Limited) C:\Users\Katelynn\Downloads\Sophos Virus Removal Tool.exe 2013-07-27 19:09 - 2013-07-27 19:09 - 00000297 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190936.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190958.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190948.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190934.txt 2013-07-27 19:04 - 2013-07-27 19:04 - 00551408 _____ (McAfee, Inc.) C:\Users\Katelynn\Downloads\rootkitremover.exe 2013-07-27 19:04 - 2013-07-27 19:04 - 00000029 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190427.txt 2013-07-26 22:46 - 2013-08-05 17:35 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-07-26 20:50 - 2013-07-26 20:59 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-26 18:36 - 2013-07-26 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-26 17:47 - 2013-07-26 17:47 - 00000000 ____D C:\found.003 2013-07-26 16:53 - 2013-07-26 16:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-25 18:17 - 2013-07-25 18:17 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Katelynn\Downloads\Shockwave_Installer_Slim.exe 2013-07-25 18:15 - 2013-07-25 18:15 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Oracle 2013-07-25 17:34 - 2013-07-25 17:33 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-25 17:30 - 2013-07-25 17:30 - 00903080 _____ (Oracle Corporation) C:\Users\Katelynn\Downloads\jre-7u25-windows-i586-iftw.exe 2013-07-25 17:10 - 2013-07-25 17:10 - 00000000 ____D C:\Users\Katelynn\Desktop\Old Firefox Data-2 2013-07-22 19:28 - 2013-07-24 20:45 - 00000132 _____ C:\Users\Katelynn\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-07-21 18:11 - 2013-07-21 18:11 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy 2013-07-21 18:06 - 2013-07-21 18:06 - 00000000 ____D C:\Program Files\InterLok ==================== One Month Modified Files and Folders ======= 2013-08-15 15:48 - 2013-08-15 15:48 - 01068807 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST(2).exe 2013-08-15 15:42 - 2013-02-05 01:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-15 15:25 - 2013-08-12 21:29 - 00107761 _____ C:\Windows\WindowsUpdate.log 2013-08-15 15:13 - 2006-11-02 08:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-15 15:13 - 2006-11-02 08:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-14 22:40 - 2011-03-19 22:31 - 00000000 ____D C:\Users\Katelynn\Desktop\Sesu Project 2013-08-14 21:57 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\LogFiles 2013-08-14 16:42 - 2013-08-14 16:42 - 00068096 _____ C:\Users\Katelynn\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-14 16:29 - 2013-01-31 23:20 - 00000000 ___RD C:\Users\Katelynn\Dropbox 2013-08-14 16:29 - 2013-01-31 23:18 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Dropbox 2013-08-14 16:27 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-14 03:35 - 2006-11-02 09:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-13 16:38 - 2013-08-13 15:40 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR(1).exe 2013-08-12 22:24 - 2013-08-12 22:19 - 03596056 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-12 21:37 - 2013-08-12 21:37 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-08-12 21:37 - 2013-08-12 21:37 - 00001831 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-08-12 21:37 - 2013-08-12 21:37 - 00000000 _____ C:\Windows\setuperr.log 2013-08-12 21:37 - 2013-08-12 21:37 - 00000000 _____ C:\Windows\setupact.log 2013-08-12 21:37 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-12 21:37 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-12 21:37 - 2013-07-28 20:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-12 21:37 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt 2013-08-12 21:35 - 2013-02-07 21:26 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-12 21:35 - 2013-02-07 21:26 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-12 21:31 - 2013-08-12 21:30 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup(1).exe 2013-08-12 21:21 - 2011-08-09 16:25 - 00001945 _____ C:\Windows\epplauncher.mif 2013-08-12 18:33 - 2008-05-25 10:09 - 00002595 _____ C:\Users\Katelynn\Desktop\Microsoft Word.lnk 2013-08-12 17:19 - 2013-08-12 17:19 - 00019231 _____ C:\ComboFix.txt 2013-08-12 17:19 - 2013-08-11 20:02 - 00000000 ____D C:\Qoobox 2013-08-12 17:16 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini 2013-08-12 16:55 - 2013-08-11 20:00 - 05102975 ____R (Swearware) C:\Users\Katelynn\Downloads\ComboFix.exe 2013-08-12 16:19 - 2013-08-12 16:19 - 00002746 _____ C:\Users\Katelynn\Desktop\combofix - Shortcut.lnk 2013-08-12 16:18 - 2013-08-12 16:18 - 00000513 _____ C:\Users\Katelynn\Downloads\CFScript.txt 2013-08-11 19:18 - 2013-08-11 19:18 - 00000000 ____D C:\_OTL 2013-08-10 18:47 - 2013-06-10 15:24 - 00000000 ____D C:\found.001 2013-08-10 18:03 - 2013-08-10 18:03 - 00003100 _____ C:\Users\Katelynn\Downloads\FSS.txt 2013-08-10 18:02 - 2013-08-10 18:02 - 00357143 _____ (Farbar) C:\Users\Katelynn\Downloads\FSS.exe 2013-08-10 17:56 - 2013-08-10 17:56 - 00041222 _____ C:\Users\Katelynn\Downloads\Extras.Txt 2013-08-10 17:55 - 2013-08-10 17:55 - 00183490 _____ C:\Users\Katelynn\Downloads\OTL.Txt 2013-08-09 00:23 - 2013-08-09 00:23 - 00602112 _____ (OldTimer Tools) C:\Users\Katelynn\Downloads\OTL.exe 2013-08-08 23:29 - 2010-03-26 08:42 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Audacity 2013-08-08 18:22 - 2013-06-30 22:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-08 18:10 - 2013-08-08 18:10 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller(1).exe 2013-08-08 16:22 - 2013-08-08 16:21 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-05 22:46 - 2013-08-05 22:40 - 00000361 _____ C:\Users\Katelynn\Downloads\Search.txt 2013-08-05 17:35 - 2013-07-26 22:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-08-05 17:34 - 2013-08-05 17:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(2).exe 2013-08-05 17:24 - 2013-08-05 17:23 - 00005292 _____ C:\AdwCleaner[S1].txt 2013-08-05 17:23 - 2013-08-05 17:23 - 00666633 _____ C:\Users\Katelynn\Downloads\AdwCleaner.exe 2013-08-05 17:17 - 2013-08-05 17:17 - 00000000 ____D C:\Windows\ERUNT 2013-08-05 17:10 - 2013-08-05 17:10 - 00562008 _____ (Oleg N. Scherbakov) C:\Users\Katelynn\Downloads\JRT.exe 2013-08-05 17:08 - 2013-08-01 22:41 - 00000000 ____D C:\FRST 2013-08-05 16:18 - 2013-08-01 22:43 - 00020686 _____ C:\Users\Katelynn\Downloads\Addition.txt 2013-08-05 16:12 - 2013-08-05 16:12 - 01228808 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST(1).exe 2013-08-01 22:40 - 2013-08-01 22:40 - 01222124 _____ (Farbar) C:\Users\Katelynn\Downloads\FRST.exe 2013-07-31 18:07 - 2013-07-31 18:07 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Katelynn\Downloads\tdsskiller.exe 2013-07-30 20:11 - 2013-07-30 20:11 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds(1).com 2013-07-30 19:46 - 2013-06-29 19:19 - 00000000 ____D C:\Users\Katelynn\Desktop\Photographs 2013-07-29 21:56 - 2013-07-29 21:56 - 00688992 ____R (Swearware) C:\Users\Katelynn\Downloads\dds.com 2013-07-29 17:22 - 2013-07-29 17:22 - 01844864 _____ (Bleeping Computer, LLC) C:\Users\Katelynn\Downloads\rkill.com 2013-07-29 16:42 - 2013-07-29 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-07-29 16:35 - 2008-05-06 13:50 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Adobe 2013-07-29 16:27 - 2013-07-29 16:27 - 00015616 _____ C:\Windows\system32\TrueSight.sys 2013-07-29 16:26 - 2013-07-29 16:26 - 00916992 _____ C:\Users\Katelynn\Downloads\RogueKiller.exe 2013-07-29 15:22 - 2008-07-15 01:28 - 00001356 _____ C:\Users\Katelynn\AppData\Local\d3d9caps.dat 2013-07-28 19:45 - 2013-07-28 19:04 - 117478104 _____ C:\Users\Katelynn\Downloads\avast_free_antivirus_setup.exe 2013-07-28 18:59 - 2010-06-22 10:34 - 00000000 ____D C:\Users\Katelynn\AppData\Local\CrashDumps 2013-07-28 17:05 - 2013-07-28 16:46 - 04745728 _____ (AVAST Software) C:\Users\Katelynn\Downloads\aswMBR.exe 2013-07-28 16:43 - 2013-07-28 16:43 - 00000120 ___RH C:\Users\Katelynn\Downloads\Stinger.opt 2013-07-28 16:43 - 2013-07-28 16:37 - 00000641 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163732.html 2013-07-28 16:43 - 2013-07-28 16:32 - 00000000 ____D C:\Program Files\stinger 2013-07-28 16:36 - 2013-07-28 16:32 - 00000643 _____ C:\Users\Katelynn\Downloads\Stinger_28072013_163248.html 2013-07-28 16:33 - 2013-07-28 16:33 - 00167344 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.944e.deleteme 2013-07-28 16:32 - 2013-07-28 16:32 - 11394080 _____ (McAfee Inc) C:\Users\Katelynn\Downloads\stinger32.exe 2013-07-28 16:32 - 2013-07-28 16:32 - 00490268 _____ C:\Users\Katelynn\Downloads\runtime.dat 2013-07-28 16:32 - 2013-07-28 16:32 - 00000000 ____D C:\Stinger_Quarantine 2013-07-27 19:11 - 2013-07-27 19:11 - 71508223 _____ (Sophos Limited) C:\Users\Katelynn\Downloads\Sophos Virus Removal Tool.exe 2013-07-27 19:09 - 2013-07-27 19:09 - 00000297 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190936.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190958.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190948.txt 2013-07-27 19:09 - 2013-07-27 19:09 - 00000291 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190934.txt 2013-07-27 19:04 - 2013-07-27 19:04 - 00551408 _____ (McAfee, Inc.) C:\Users\Katelynn\Downloads\rootkitremover.exe 2013-07-27 19:04 - 2013-07-27 19:04 - 00000029 _____ C:\Users\Katelynn\Downloads\RootkitRemover20130727190427.txt 2013-07-26 21:21 - 2013-07-26 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-26 20:59 - 2013-07-26 20:50 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-26 17:47 - 2013-07-26 17:47 - 00000000 ____D C:\found.003 2013-07-26 16:54 - 2013-07-26 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Katelynn\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-25 18:18 - 2010-06-01 09:40 - 00000000 ____D C:\Windows\system32\Adobe 2013-07-25 18:17 - 2013-07-25 18:17 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Katelynn\Downloads\Shockwave_Installer_Slim.exe 2013-07-25 18:16 - 2008-03-18 19:48 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-25 18:15 - 2013-07-25 18:15 - 00000000 ____D C:\Users\Katelynn\AppData\Roaming\Oracle 2013-07-25 17:33 - 2013-07-25 17:34 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-25 17:33 - 2013-07-25 17:33 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-25 17:33 - 2012-07-10 18:35 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-07-25 17:33 - 2010-05-20 08:16 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-07-25 17:30 - 2013-07-25 17:30 - 00903080 _____ (Oracle Corporation) C:\Users\Katelynn\Downloads\jre-7u25-windows-i586-iftw.exe 2013-07-25 17:26 - 2012-09-04 14:20 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-07-25 17:26 - 2012-01-22 23:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 17:26 - 2008-05-20 00:37 - 00000000 ____D C:\Users\Katelynn\AppData\Local\Adobe 2013-07-25 17:10 - 2013-07-25 17:10 - 00000000 ____D C:\Users\Katelynn\Desktop\Old Firefox Data-2 2013-07-24 20:45 - 2013-07-22 19:28 - 00000132 _____ C:\Users\Katelynn\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-07-22 15:19 - 2010-05-04 09:38 - 00000000 ____D C:\Program Files\Audacity 1.3 Beta (Unicode) 2013-07-22 15:19 - 2008-05-01 10:00 - 00000000 ____D C:\Users\Katelynn 2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool 2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\Msdtc 2013-07-22 15:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration 2013-07-22 15:19 - 2006-11-02 06:22 - 41943040 _____ C:\Windows\system32\config\software_previous 2013-07-22 15:19 - 2006-11-02 06:22 - 34340864 _____ C:\Windows\system32\config\components_previous 2013-07-22 15:19 - 2006-11-02 06:22 - 23592960 _____ C:\Windows\system32\config\system_previous 2013-07-22 15:19 - 2006-11-02 06:22 - 00786432 _____ C:\Windows\system32\config\default_previous 2013-07-22 15:19 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\security_previous 2013-07-22 15:19 - 2006-11-02 06:22 - 00262144 _____ C:\Windows\system32\config\sam_previous 2013-07-21 18:11 - 2013-07-21 18:11 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy 2013-07-21 18:06 - 2013-07-21 18:06 - 00000000 ____D C:\Program Files\InterLok 2013-07-20 17:26 - 2009-04-09 21:23 - 00000000 ____D C:\Windows\Minidump ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-14 16:37 ==================== End Of Log ============================