Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirects issue


  • This topic is locked This topic is locked

#1
jessicalmccann

jessicalmccann

    Member

  • Member
  • PipPip
  • 38 posts
Thanks in advance for your time and help with this.

I'm having an issue with Google redirects - almost every time I click on something from a Google search, it redirects me to a spam/junk page first. (This is in Firefox)
I'm also having an issue in IE, which I don't use anymore, where a page will pop-up with a junk link, just a link (comprised of a bunch of random letters) that doesn't lead to anywhere - but these pages will pop up sometimes 5 times/day, sometimes 5 times/hour or more often.

I followed the "How to fix Google redirects" steps and that didn't fix it.

Here is the OTL log:

OTL logfile created on: 6/30/2013 6:57:31 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.17% Memory free
7.81 Gb Paging File | 5.88 Gb Available in Paging File | 75.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.92 Gb Total Space | 386.83 Gb Free Space | 66.59% Space Free | Partition Type: NTFS

Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/30 18:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Downloads\OTL(1).exe
PRC - [2013/06/18 06:47:40 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/23 22:37:56 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/08 10:01:42 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/03 15:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/18 06:47:39 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/23 22:37:56 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/08 09:53:08 | 006,754,888 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/04/07 16:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/05 22:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/01/05 16:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 16:28:50 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 16:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/24 23:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/09 20:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 18:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/06/29 20:48:11 | 000,303,104 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe -- (kxmjczg)
SRV - [2013/06/18 06:47:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/23 22:37:56 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/20 16:37:29 | 000,135,608 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/03 15:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 17:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/30 03:57:24 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2011/03/30 03:57:24 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/24 16:56:00 | 000,100,352 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 14:29:00 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/25 13:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/12/02 12:49:08 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/12 21:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91E68FB5-8A21-4452-9B17-F2EE90539459}
IE:64bit: - HKLM\..\SearchScopes\{91E68FB5-8A21-4452-9B17-F2EE90539459}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9F219B53-44E8-4E57-B798-991420E95990}
IE - HKLM\..\SearchScopes\{87C0C824-5232-48AA-93A4-21B3595C4621}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289847
IE - HKCU\..\SearchScopes,DefaultScope = {9F219B53-44E8-4E57-B798-991420E95990}
IE - HKCU\..\SearchScopes\{87C0C824-5232-48AA-93A4-21B3595C4621}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{9F219B53-44E8-4E57-B798-991420E95990}: "URL" = http://search.condui...4016329152&UM=2
IE - HKCU\..\SearchScopes\{FC9D207B-A8BC-4986-9FA6-666258A9F98C}: "URL" = http://www.google.co...1I7TSNF_enUS458
IE - HKCU\..\SearchScopes\{FFDA28A2-16F1-4068-8DB3-FFBF6DB13F3D}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/18 09:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Extensions
[2013/06/30 18:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\extensions
[2011/11/21 09:26:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/30 18:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\extensions
[2011/11/21 09:27:11 | 000,000,000 | ---D | M] (Enmoebius Survey Tool) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\extensions\{BF0ED378-C4EC-4961-BFA9-8EA9454E5F05}
[2013/06/30 18:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\extensions
[2013/06/30 18:46:01 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[1625/12/13 17:16:48 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\extensions\[email protected]
[2013/05/23 22:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 22:37:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/06/30 11:59:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKCU..\Run: [] Reg Error: Value error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D76D7126-4A96-11D3-BD95-D296DC2DD072} https://author.confi...ab/vsflex7u.cab (:-) VideoSoft FlexGrid 7.0 (UNICODE))
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635D7BE5-6D9B-4641-A1A9-72F466CEE30F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DFD0DE-67EA-45DC-99AC-3AD4D700117C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 18:47:05 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Zoom_Downloader
[2013/06/30 18:46:47 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\DefaultTab
[2013/06/30 18:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/06/30 18:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\SwvUpdater
[2013/06/30 18:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/06/30 18:45:59 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Conduit
[2013/06/30 11:59:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/06/30 11:58:35 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/06/21 14:34:07 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\Resources Meeting

========== Files - Modified Within 30 Days ==========

[2013/06/30 18:59:19 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 18:59:19 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 18:51:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/30 18:51:47 | 3145,273,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/30 18:46:49 | 000,000,258 | RHS- | M] () -- C:\Users\Jessica\ntuser.pol
[2013/06/30 18:46:16 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/30 18:25:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 11:59:55 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/06/26 13:57:23 | 000,109,676 | ---- | M] () -- C:\Users\Jessica\Desktop\R1303.csv
[2013/06/24 18:53:22 | 016,954,880 | ---- | M] () -- C:\Users\Jessica\Desktop\RE Bid For US Psych Study.msg
[2013/06/21 08:55:54 | 000,730,532 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/21 08:55:54 | 000,627,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/21 08:55:54 | 000,107,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/06/30 18:46:49 | 000,000,258 | RHS- | C] () -- C:\Users\Jessica\ntuser.pol
[2013/06/30 18:46:16 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/26 13:57:18 | 000,109,676 | ---- | C] () -- C:\Users\Jessica\Desktop\R1303.csv
[2013/06/24 18:53:21 | 016,954,880 | ---- | C] () -- C:\Users\Jessica\Desktop\RE Bid For US Psych Study.msg
[2012/11/29 10:22:35 | 000,007,601 | ---- | C] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2012/09/20 13:04:26 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/14 12:59:39 | 000,060,304 | ---- | C] () -- C:\Users\Jessica\g2mdlhlpx.exe
[2011/12/23 15:36:17 | 000,000,256 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/12/23 15:36:17 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/12/23 15:35:42 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/12/23 15:35:01 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/12/23 15:35:01 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/12/23 15:35:01 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/12/23 15:34:51 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011/12/23 15:34:47 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011/12/23 15:29:45 | 000,031,767 | ---- | C] () -- C:\windows\maxlink.ini
[2011/11/21 07:11:30 | 000,000,680 | ---- | C] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2013/06/29 20:48:30 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\@
[2013/01/17 11:43:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\L
[2013/03/30 12:44:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e\o. -- File not found

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/20 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Acfot
[2011/11/20 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Birdstep Technology
[2013/06/30 18:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DefaultTab
[2012/09/20 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Ebobax
[2013/05/19 07:29:08 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Ihobuz
[2013/05/20 17:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Olsiho
[2013/05/11 12:37:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TeamViewer
[2011/11/20 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Tific
[2011/11/24 15:39:37 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Toshiba
[2013/06/12 16:19:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\webex
[2011/11/20 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\WinBatch
[2012/09/20 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Ycohj

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you so much! The FRST log is pasted below, and the Addition log is attached here.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Jessica (administrator) on 30-06-2013 20:31:09
Running from C:\Users\Jessica\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(?????????? ??????????) C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\splwow64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKCU\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [zawtuzc] "C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe" [303104 2013-06-29] (?????????? ??????????)
HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065032 2012-11-08] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289847
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32 SearchScopes: DefaultScope {9F219B53-44E8-4E57-B798-991420E95990} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {9F219B53-44E8-4E57-B798-991420E95990} URL = http://search.condui...4016329152&UM=2
SearchScopes: HKCU - {91E68FB5-8A21-4452-9B17-F2EE90539459} URL =
SearchScopes: HKCU - {9F219B53-44E8-4E57-B798-991420E95990} URL = http://search.condui...4016329152&UM=2
SearchScopes: HKCU - {FFDA28A2-16F1-4068-8DB3-FFBF6DB13F3D} URL = http://search.condui...q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {878B8524-AED5-4870-9A96-A515440DAC75} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {D76D7126-4A96-11D3-BD95-D296DC2DD072} https://author.confi...ab/vsflex7u.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default
FF user.js: detected! => C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\user.js
FF SearchEngine: WhiteSmoke New Customized Web Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN23657541092264427&UM=2&sspv=TB_CER&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WhiteSmoke New - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF Extension: clggovuoqj - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\Extensions\[email protected]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==================== Services (Whitelisted) =================

S2 kxmjczg; C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe [303104 2013-06-29] (?????????? ??????????)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [135608 2012-01-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\FRST
2013-06-30 20:29 - 2013-06-30 20:29 - 01933758 ____A (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2013-06-30 19:51 - 2013-06-30 19:51 - 00044526 ____A C:\Users\Jessica\Desktop\Book1.txt
2013-06-30 19:26 - 2013-06-30 19:26 - 03549600 ____A C:\Users\Jessica\Desktop\CD_Zip_Match_Thrombate_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00207315 ____A C:\Users\Jessica\Desktop\Match_to_AMA_ANES_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00136081 ____A C:\Users\Jessica\Desktop\NM_ANES_after_AMA_NPI.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00067593 ____A C:\Users\Jessica\Desktop\Match_to_AMA_MFM_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00042402 ____A C:\Users\Jessica\Desktop\Match_to_NPI_ANES_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00039892 ____A C:\Users\Jessica\Desktop\NM_MFM_AMA_NPI.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00024109 ____A C:\Users\Jessica\Desktop\Match_to_NPI_MFM_06282013.xlsx
2013-06-30 18:57 - 2013-06-30 18:57 - 00602112 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTL(1).exe
2013-06-30 18:47 - 2013-06-30 18:47 - 00000000 ____D C:\Users\Jessica\AppData\Local\Zoom_Downloader
2013-06-30 18:46 - 2013-06-30 18:46 - 00000258 _RASH C:\Users\Jessica\ntuser.pol
2013-06-30 18:46 - 2013-06-30 18:46 - 00000009 ____A C:\END
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\DefaultTab
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Users\Jessica\AppData\Local\SwvUpdater
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-06-30 18:45 - 2013-06-30 18:49 - 00000000 ____D C:\Users\Jessica\AppData\Local\Conduit
2013-06-30 18:44 - 2013-06-30 18:44 - 01093416 ____A C:\Users\Jessica\Downloads\Setup.exe
2013-06-30 18:39 - 2013-06-30 18:39 - 00051386 ____A C:\Users\Jessica\Downloads\Extras.Txt
2013-06-30 18:38 - 2013-06-30 19:03 - 00069404 ____A C:\Users\Jessica\Downloads\OTL.Txt
2013-06-30 18:32 - 2013-06-30 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTL.exe
2013-06-30 15:37 - 2013-06-30 15:37 - 00057258 ____A C:\Users\Jessica\Downloads\MSR_06-30-2013.xls
2013-06-30 12:11 - 2013-06-30 12:11 - 00071398 ____A (jpshortstuff) C:\Users\Jessica\Downloads\GooredFix.exe
2013-06-30 12:10 - 2013-06-30 12:10 - 00522240 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTM(1).exe
2013-06-30 11:59 - 2013-06-30 11:59 - 00522240 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTM.exe
2013-06-30 11:59 - 2013-06-30 11:59 - 00000000 ____D C:\_OTM
2013-06-30 11:58 - 2013-06-30 11:58 - 00000000 ____D C:\Windows\ERDNT
2013-06-30 11:57 - 2013-06-30 11:57 - 00791393 ____A (Lars Hederer ) C:\Users\Jessica\Downloads\erunt-setup.exe
2013-06-30 11:52 - 2013-06-30 12:12 - 00006354 ____A C:\Users\Jessica\Desktop\gtg.txt
2013-06-29 10:03 - 2013-06-29 10:03 - 00016143 ____A C:\Users\Jessica\Downloads\R2507_138610_2013.xls
2013-06-28 14:53 - 2013-06-28 14:53 - 00106764 ____A C:\Users\Jessica\Downloads\RevenueReport(28).xls
2013-06-28 14:40 - 2013-06-28 14:40 - 00044562 ____A C:\Users\Jessica\Downloads\R2315_136534_2013.xls
2013-06-28 12:50 - 2013-06-28 12:50 - 00505714 ____A C:\Users\Jessica\Downloads\RevenueReport(27).xls
2013-06-28 08:32 - 2013-06-28 08:33 - 00012571 ____A C:\Users\Jessica\Desktop\CC.xlsx
2013-06-27 22:44 - 2013-06-27 22:44 - 00010303 ____A C:\Users\Jessica\Desktop\M3 Japan Final Counts.xlsx
2013-06-27 18:59 - 2013-06-27 18:59 - 00105524 ____A C:\Users\Jessica\Downloads\RevenueReport(26).xls
2013-06-27 17:03 - 2013-06-27 17:03 - 00105984 ____A C:\Users\Jessica\Downloads\RevenueReport(25).xls
2013-06-27 16:55 - 2013-06-27 16:55 - 00132747 ____A C:\Users\Jessica\Downloads\RevenueReport(24).xls
2013-06-27 15:55 - 2013-06-27 15:55 - 00106296 ____A C:\Users\Jessica\Downloads\RevenueReport(23).xls
2013-06-27 13:27 - 2013-06-27 13:27 - 00008483 ____A C:\Users\Jessica\Downloads\R2477_140048_2013.xls
2013-06-27 09:37 - 2013-06-27 09:37 - 00014985 ____A C:\Users\Jessica\Desktop\June for contracts.xlsx
2013-06-27 07:09 - 2013-06-28 07:54 - 01789952 ____A C:\Users\Jessica\Desktop\130630_MDLinx progress June 2013_draft.xls
2013-06-26 23:23 - 2013-06-26 23:23 - 00224729 ____A C:\Users\Jessica\Downloads\RevenueReport(22).xls
2013-06-26 22:38 - 2013-06-26 22:38 - 00105659 ____A C:\Users\Jessica\Downloads\RevenueReport(21).xls
2013-06-26 16:41 - 2013-06-26 16:41 - 00010940 ____A C:\Users\Jessica\Desktop\Project Handover.xlsx
2013-06-26 13:57 - 2013-06-26 13:57 - 00109676 ____A C:\Users\Jessica\Desktop\R1303.csv
2013-06-25 19:56 - 2013-06-25 19:56 - 00559757 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(3).xls
2013-06-25 16:55 - 2013-06-25 16:55 - 00107081 ____A C:\Users\Jessica\Downloads\RevenueReport(20).xls
2013-06-25 16:54 - 2013-06-25 16:54 - 00107081 ____A C:\Users\Jessica\Downloads\RevenueReport(19).xls
2013-06-25 16:43 - 2013-06-25 16:43 - 00884456 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(2).xls
2013-06-25 15:59 - 2013-06-25 15:59 - 00013827 ____A C:\Users\Jessica\Downloads\userids(8).xls
2013-06-25 09:28 - 2013-06-25 09:28 - 00892332 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(1).xls
2013-06-25 09:23 - 2013-06-25 09:23 - 00101427 ____A C:\Users\Jessica\Desktop\MSR.xlsx
2013-06-25 09:03 - 2013-06-25 09:03 - 00569800 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013.xls
2013-06-24 21:50 - 2013-06-24 21:50 - 00211620 ____A C:\Users\Jessica\Downloads\RevenueReport(18).xls
2013-06-24 20:34 - 2013-06-24 20:34 - 00106606 ____A C:\Users\Jessica\Downloads\RevenueReport(17).xls
2013-06-24 19:31 - 2013-06-26 08:04 - 00012685 ____A C:\Users\Jessica\Desktop\Sample Plan - R2544.xlsx
2013-06-24 18:53 - 2013-06-24 18:53 - 16954880 ____A C:\Users\Jessica\Desktop\RE Bid For US Psych Study.msg
2013-06-24 12:08 - 2013-06-24 12:09 - 00494483 ____A C:\Users\Jessica\Downloads\MSR_06-24-2013.xls
2013-06-23 23:52 - 2013-06-23 23:52 - 00166627 ____A C:\Users\Jessica\Downloads\RevenueReport(16).xls
2013-06-23 20:11 - 2013-06-23 20:11 - 00000047 ____A C:\Users\Jessica\Desktop\recruitment.txt
2013-06-23 19:32 - 2013-06-28 09:15 - 00032971 ____A C:\Users\Jessica\Desktop\Projects June.xlsx
2013-06-23 19:09 - 2013-06-23 19:09 - 00109577 ____A C:\Users\Jessica\Downloads\RevenueReport(15).xls
2013-06-23 18:21 - 2013-06-23 18:27 - 00254876 ____A C:\Users\Jessica\Desktop\M3 PRICING BLUE SHEET.xlsx
2013-06-23 10:18 - 2013-06-23 10:18 - 00167078 ____A C:\Users\Jessica\Downloads\RevenueReport(14).xls
2013-06-23 10:14 - 2013-06-23 10:14 - 00487746 ____A C:\Users\Jessica\Downloads\MSR_06-23-2013(1).xls
2013-06-23 10:02 - 2013-06-23 10:02 - 00487747 ____A C:\Users\Jessica\Downloads\MSR_06-23-2013.xls
2013-06-22 08:50 - 2013-06-22 08:50 - 01775521 ____A C:\Users\Jessica\Downloads\userids(7).xls
2013-06-22 08:47 - 2013-06-22 08:47 - 01959667 ____A C:\Users\Jessica\Downloads\userids(6).xls
2013-06-21 20:58 - 2013-06-21 20:58 - 00167080 ____A C:\Users\Jessica\Downloads\RevenueReport(13).xls
2013-06-21 19:55 - 2013-06-21 19:56 - 00109949 ____A C:\Users\Jessica\Downloads\RevenueReport(12).xls
2013-06-21 15:25 - 2013-06-21 15:25 - 00109990 ____A C:\Users\Jessica\Downloads\RevenueReport(11).xls
2013-06-21 14:46 - 2013-06-21 14:46 - 00022195 ____A C:\Users\Jessica\Downloads\MSR_06-21-2013(1).xls
2013-06-21 14:34 - 2013-06-30 20:30 - 00000000 ____D C:\Users\Jessica\Desktop\Resources Meeting
2013-06-21 11:00 - 2013-06-21 11:03 - 00000121 ____A C:\Users\Jessica\Desktop\honoraria convo with jeff.txt
2013-06-21 10:47 - 2013-06-21 10:47 - 00487136 ____A C:\Users\Jessica\Downloads\MSR_06-21-2013.xls
2013-06-20 18:15 - 2013-06-20 18:15 - 00557456 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013(2).xls
2013-06-20 18:09 - 2013-06-20 18:09 - 00107754 ____A C:\Users\Jessica\Downloads\RevenueReport(10).xls
2013-06-20 16:32 - 2013-06-20 16:32 - 00105244 ____A C:\Users\Jessica\Downloads\RevenueReport(9).xls
2013-06-20 16:31 - 2013-06-20 16:31 - 00105244 ____A C:\Users\Jessica\Downloads\RevenueReport(8).xls
2013-06-20 16:23 - 2013-06-20 16:23 - 00163176 ____A C:\Users\Jessica\Downloads\RevenueReport(7).xls
2013-06-20 16:10 - 2013-06-20 16:10 - 00477787 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013(1).xls
2013-06-20 15:22 - 2013-06-20 15:22 - 00046584 ____A C:\Users\Jessica\Downloads\RevenueReport(6).xls
2013-06-20 15:12 - 2013-06-20 15:12 - 00046584 ____A C:\Users\Jessica\Downloads\RevenueReport(5).xls
2013-06-20 15:09 - 2013-06-20 15:09 - 00428473 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013.xls
2013-06-20 11:31 - 2013-06-20 11:31 - 00024245 ____A C:\Users\Jessica\Downloads\userids(5).xls
2013-06-20 10:26 - 2013-06-20 10:26 - 00220983 ____A C:\Users\Jessica\Downloads\RevenueReport(4).xls
2013-06-20 08:31 - 2013-06-20 10:57 - 00000294 ____A C:\Users\Jessica\Desktop\malin.txt
2013-06-20 05:10 - 2013-06-20 05:10 - 00161639 ____A C:\Users\Jessica\Downloads\RevenueReport(3).xls
2013-06-20 04:53 - 2013-06-20 04:55 - 01056767 ____A C:\Users\Jessica\Downloads\RevenueReport(2).xls
2013-06-19 15:15 - 2013-06-19 15:15 - 00429364 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(4).xls
2013-06-19 14:22 - 2013-06-19 14:22 - 00158332 ____A C:\Users\Jessica\Downloads\RevenueReport(1).xls
2013-06-19 14:20 - 2013-06-19 14:20 - 00083110 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(3).xls
2013-06-19 14:18 - 2013-06-19 14:18 - 00083110 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(2).xls
2013-06-19 07:45 - 2013-06-19 07:45 - 00427803 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(1).xls
2013-06-19 07:32 - 2013-06-19 07:32 - 00427803 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013.xls
2013-06-19 06:59 - 2013-06-19 06:59 - 00581230 ____A C:\Users\Jessica\Downloads\userids(4).xls
2013-06-19 06:56 - 2013-06-19 06:57 - 00931968 ____A C:\Users\Jessica\Downloads\userids(3).xls
2013-06-18 16:50 - 2013-06-18 16:50 - 00076627 ____A C:\Users\Jessica\Downloads\R792_103080_2012.xls
2013-06-18 16:20 - 2013-06-18 16:20 - 00048522 ____A C:\Users\Jessica\Downloads\userids(2).xls
2013-06-18 13:11 - 2013-06-18 13:11 - 00427111 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013(2).xls
2013-06-18 13:02 - 2013-06-18 13:02 - 00006309 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013(1).xls
2013-06-18 10:25 - 2013-06-18 10:25 - 00152329 ____A C:\Users\Jessica\Downloads\RevenueReport.xls
2013-06-18 07:36 - 2013-06-18 07:36 - 00414620 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013.xls
2013-06-18 06:55 - 2013-06-18 06:55 - 00008408 ____A C:\Users\Jessica\Downloads\userids(1).xls
2013-06-18 06:49 - 2013-06-18 06:50 - 00266031 ____A C:\Users\Jessica\Downloads\userids.xls
2013-06-17 17:36 - 2013-06-17 17:36 - 00040353 ____A C:\Users\Jessica\Downloads\user_history.xls
2013-06-17 16:10 - 2013-06-17 16:10 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(3).xls
2013-06-17 16:08 - 2013-06-17 16:08 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(2).xls
2013-06-17 16:06 - 2013-06-17 16:06 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(1).xls
2013-06-17 16:04 - 2013-06-17 16:04 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013.xls
2013-06-15 08:01 - 2013-06-08 10:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 08:01 - 2013-06-08 10:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 08:01 - 2013-06-08 10:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 08:01 - 2013-06-08 10:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 08:01 - 2013-06-08 10:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 08:01 - 2013-06-08 08:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 08:01 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 08:01 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 08:01 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 08:01 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 08:01 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 08:00 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 18:03 - 2013-06-24 16:57 - 00059402 ____A C:\Users\Jessica\Desktop\Client Assignments JULY.xlsx
2013-06-13 05:42 - 2013-06-18 10:12 - 00000185 ____A C:\Users\Jessica\Desktop\partners.txt
2013-06-12 08:43 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 08:43 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 08:43 - 2013-05-16 20:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 08:43 - 2013-05-16 20:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 08:43 - 2013-05-16 20:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 08:43 - 2013-05-16 20:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 08:43 - 2013-05-14 08:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 08:43 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 18:49 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 18:49 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 18:49 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 18:49 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 18:49 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 18:49 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 18:49 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 18:49 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 18:49 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 18:49 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 18:49 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 18:49 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 18:49 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 18:49 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 18:49 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 18:49 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 18:49 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:49 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-30 20:31 - 2013-06-30 20:31 - 00000000 ____D C:\FRST
2013-06-30 20:30 - 2013-06-21 14:34 - 00000000 ____D C:\Users\Jessica\Desktop\Resources Meeting
2013-06-30 20:30 - 2011-11-20 15:15 - 00000000 ____D C:\Users\Jessica\Documents\Outlook Files
2013-06-30 20:29 - 2013-06-30 20:29 - 01933758 ____A (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2013-06-30 20:25 - 2012-04-03 19:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 20:21 - 2011-11-20 16:42 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Skype
2013-06-30 19:59 - 2011-07-18 13:38 - 02012672 ____A C:\Windows\WindowsUpdate.log
2013-06-30 19:51 - 2013-06-30 19:51 - 00044526 ____A C:\Users\Jessica\Desktop\Book1.txt
2013-06-30 19:26 - 2013-06-30 19:26 - 03549600 ____A C:\Users\Jessica\Desktop\CD_Zip_Match_Thrombate_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00207315 ____A C:\Users\Jessica\Desktop\Match_to_AMA_ANES_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00136081 ____A C:\Users\Jessica\Desktop\NM_ANES_after_AMA_NPI.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00067593 ____A C:\Users\Jessica\Desktop\Match_to_AMA_MFM_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00042402 ____A C:\Users\Jessica\Desktop\Match_to_NPI_ANES_06282013.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00039892 ____A C:\Users\Jessica\Desktop\NM_MFM_AMA_NPI.xlsx
2013-06-30 19:26 - 2013-06-30 19:26 - 00024109 ____A C:\Users\Jessica\Desktop\Match_to_NPI_MFM_06282013.xlsx
2013-06-30 19:03 - 2013-06-30 18:38 - 00069404 ____A C:\Users\Jessica\Downloads\OTL.Txt
2013-06-30 18:59 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 18:59 - 2009-07-14 00:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 18:57 - 2013-06-30 18:57 - 00602112 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTL(1).exe
2013-06-30 18:51 - 2010-11-20 23:47 - 00370868 ____A C:\Windows\PFRO.log
2013-06-30 18:51 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 18:51 - 2009-07-14 00:51 - 00113151 ____A C:\Windows\setupact.log
2013-06-30 18:50 - 2011-07-18 14:16 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2013-06-30 18:49 - 2013-06-30 18:45 - 00000000 ____D C:\Users\Jessica\AppData\Local\Conduit
2013-06-30 18:49 - 2011-07-18 14:16 - 00000000 ____D C:\ProgramData\WildTangent
2013-06-30 18:47 - 2013-06-30 18:47 - 00000000 ____D C:\Users\Jessica\AppData\Local\Zoom_Downloader
2013-06-30 18:46 - 2013-06-30 18:46 - 00000258 _RASH C:\Users\Jessica\ntuser.pol
2013-06-30 18:46 - 2013-06-30 18:46 - 00000009 ____A C:\END
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\DefaultTab
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Users\Jessica\AppData\Local\SwvUpdater
2013-06-30 18:46 - 2013-06-30 18:46 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-06-30 18:46 - 2011-11-20 14:45 - 00000000 ____D C:\users\Jessica
2013-06-30 18:46 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-30 18:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-06-30 18:44 - 2013-06-30 18:44 - 01093416 ____A C:\Users\Jessica\Downloads\Setup.exe
2013-06-30 18:39 - 2013-06-30 18:39 - 00051386 ____A C:\Users\Jessica\Downloads\Extras.Txt
2013-06-30 18:32 - 2013-06-30 18:32 - 00602112 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTL.exe
2013-06-30 15:37 - 2013-06-30 15:37 - 00057258 ____A C:\Users\Jessica\Downloads\MSR_06-30-2013.xls
2013-06-30 12:37 - 2011-11-29 20:47 - 00000000 ____D C:\Users\Jessica\AppData\Local\CrashDumps
2013-06-30 12:12 - 2013-06-30 11:52 - 00006354 ____A C:\Users\Jessica\Desktop\gtg.txt
2013-06-30 12:11 - 2013-06-30 12:11 - 00071398 ____A (jpshortstuff) C:\Users\Jessica\Downloads\GooredFix.exe
2013-06-30 12:10 - 2013-06-30 12:10 - 00522240 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTM(1).exe
2013-06-30 11:59 - 2013-06-30 11:59 - 00522240 ____A (OldTimer Tools) C:\Users\Jessica\Downloads\OTM.exe
2013-06-30 11:59 - 2013-06-30 11:59 - 00000000 ____D C:\_OTM
2013-06-30 11:58 - 2013-06-30 11:58 - 00000000 ____D C:\Windows\ERDNT
2013-06-30 11:57 - 2013-06-30 11:57 - 00791393 ____A (Lars Hederer ) C:\Users\Jessica\Downloads\erunt-setup.exe
2013-06-29 10:03 - 2013-06-29 10:03 - 00016143 ____A C:\Users\Jessica\Downloads\R2507_138610_2013.xls
2013-06-28 18:33 - 2013-01-26 20:08 - 00354730 ____A C:\Users\Jessica\Desktop\_MR_Report_2013.xlsx
2013-06-28 18:03 - 2013-05-30 06:28 - 00000000 ____D C:\Users\Jessica\Desktop\ORGANIZE
2013-06-28 14:53 - 2013-06-28 14:53 - 00106764 ____A C:\Users\Jessica\Downloads\RevenueReport(28).xls
2013-06-28 14:40 - 2013-06-28 14:40 - 00044562 ____A C:\Users\Jessica\Downloads\R2315_136534_2013.xls
2013-06-28 12:50 - 2013-06-28 12:50 - 00505714 ____A C:\Users\Jessica\Downloads\RevenueReport(27).xls
2013-06-28 09:15 - 2013-06-23 19:32 - 00032971 ____A C:\Users\Jessica\Desktop\Projects June.xlsx
2013-06-28 08:33 - 2013-06-28 08:32 - 00012571 ____A C:\Users\Jessica\Desktop\CC.xlsx
2013-06-28 07:54 - 2013-06-27 07:09 - 01789952 ____A C:\Users\Jessica\Desktop\130630_MDLinx progress June 2013_draft.xls
2013-06-27 22:44 - 2013-06-27 22:44 - 00010303 ____A C:\Users\Jessica\Desktop\M3 Japan Final Counts.xlsx
2013-06-27 18:59 - 2013-06-27 18:59 - 00105524 ____A C:\Users\Jessica\Downloads\RevenueReport(26).xls
2013-06-27 17:03 - 2013-06-27 17:03 - 00105984 ____A C:\Users\Jessica\Downloads\RevenueReport(25).xls
2013-06-27 16:55 - 2013-06-27 16:55 - 00132747 ____A C:\Users\Jessica\Downloads\RevenueReport(24).xls
2013-06-27 15:55 - 2013-06-27 15:55 - 00106296 ____A C:\Users\Jessica\Downloads\RevenueReport(23).xls
2013-06-27 15:54 - 2013-05-02 15:09 - 00012650 ____A C:\Users\Jessica\Desktop\Costs for Proprietary.xlsx
2013-06-27 13:27 - 2013-06-27 13:27 - 00008483 ____A C:\Users\Jessica\Downloads\R2477_140048_2013.xls
2013-06-27 09:37 - 2013-06-27 09:37 - 00014985 ____A C:\Users\Jessica\Desktop\June for contracts.xlsx
2013-06-26 23:23 - 2013-06-26 23:23 - 00224729 ____A C:\Users\Jessica\Downloads\RevenueReport(22).xls
2013-06-26 22:38 - 2013-06-26 22:38 - 00105659 ____A C:\Users\Jessica\Downloads\RevenueReport(21).xls
2013-06-26 16:41 - 2013-06-26 16:41 - 00010940 ____A C:\Users\Jessica\Desktop\Project Handover.xlsx
2013-06-26 13:57 - 2013-06-26 13:57 - 00109676 ____A C:\Users\Jessica\Desktop\R1303.csv
2013-06-26 08:04 - 2013-06-24 19:31 - 00012685 ____A C:\Users\Jessica\Desktop\Sample Plan - R2544.xlsx
2013-06-25 21:43 - 2012-12-10 23:07 - 00000000 ____D C:\Users\Jessica\Desktop\FAVS
2013-06-25 19:56 - 2013-06-25 19:56 - 00559757 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(3).xls
2013-06-25 16:55 - 2013-06-25 16:55 - 00107081 ____A C:\Users\Jessica\Downloads\RevenueReport(20).xls
2013-06-25 16:54 - 2013-06-25 16:54 - 00107081 ____A C:\Users\Jessica\Downloads\RevenueReport(19).xls
2013-06-25 16:43 - 2013-06-25 16:43 - 00884456 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(2).xls
2013-06-25 15:59 - 2013-06-25 15:59 - 00013827 ____A C:\Users\Jessica\Downloads\userids(8).xls
2013-06-25 09:28 - 2013-06-25 09:28 - 00892332 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013(1).xls
2013-06-25 09:23 - 2013-06-25 09:23 - 00101427 ____A C:\Users\Jessica\Desktop\MSR.xlsx
2013-06-25 09:03 - 2013-06-25 09:03 - 00569800 ____A C:\Users\Jessica\Downloads\MSR_06-25-2013.xls
2013-06-25 07:50 - 2011-11-20 15:13 - 00000000 ____D C:\Users\Jessica\Desktop\Projects
2013-06-24 21:50 - 2013-06-24 21:50 - 00211620 ____A C:\Users\Jessica\Downloads\RevenueReport(18).xls
2013-06-24 20:34 - 2013-06-24 20:34 - 00106606 ____A C:\Users\Jessica\Downloads\RevenueReport(17).xls
2013-06-24 20:23 - 2013-03-17 21:45 - 00000000 ____D C:\Users\Jessica\Desktop\Training
2013-06-24 18:53 - 2013-06-24 18:53 - 16954880 ____A C:\Users\Jessica\Desktop\RE Bid For US Psych Study.msg
2013-06-24 16:57 - 2013-06-14 18:03 - 00059402 ____A C:\Users\Jessica\Desktop\Client Assignments JULY.xlsx
2013-06-24 12:09 - 2013-06-24 12:08 - 00494483 ____A C:\Users\Jessica\Downloads\MSR_06-24-2013.xls
2013-06-24 01:38 - 2011-12-23 15:45 - 00000000 ____D C:\Users\Jessica\AppData\Local\Scansoft
2013-06-23 23:52 - 2013-06-23 23:52 - 00166627 ____A C:\Users\Jessica\Downloads\RevenueReport(16).xls
2013-06-23 21:11 - 2011-11-20 15:13 - 00000000 ____D C:\Users\Jessica\Desktop\MDLinx
2013-06-23 20:11 - 2013-06-23 20:11 - 00000047 ____A C:\Users\Jessica\Desktop\recruitment.txt
2013-06-23 19:09 - 2013-06-23 19:09 - 00109577 ____A C:\Users\Jessica\Downloads\RevenueReport(15).xls
2013-06-23 18:27 - 2013-06-23 18:21 - 00254876 ____A C:\Users\Jessica\Desktop\M3 PRICING BLUE SHEET.xlsx
2013-06-23 10:18 - 2013-06-23 10:18 - 00167078 ____A C:\Users\Jessica\Downloads\RevenueReport(14).xls
2013-06-23 10:14 - 2013-06-23 10:14 - 00487746 ____A C:\Users\Jessica\Downloads\MSR_06-23-2013(1).xls
2013-06-23 10:02 - 2013-06-23 10:02 - 00487747 ____A C:\Users\Jessica\Downloads\MSR_06-23-2013.xls
2013-06-22 08:50 - 2013-06-22 08:50 - 01775521 ____A C:\Users\Jessica\Downloads\userids(7).xls
2013-06-22 08:47 - 2013-06-22 08:47 - 01959667 ____A C:\Users\Jessica\Downloads\userids(6).xls
2013-06-21 20:58 - 2013-06-21 20:58 - 00167080 ____A C:\Users\Jessica\Downloads\RevenueReport(13).xls
2013-06-21 19:56 - 2013-06-21 19:55 - 00109949 ____A C:\Users\Jessica\Downloads\RevenueReport(12).xls
2013-06-21 15:25 - 2013-06-21 15:25 - 00109990 ____A C:\Users\Jessica\Downloads\RevenueReport(11).xls
2013-06-21 14:46 - 2013-06-21 14:46 - 00022195 ____A C:\Users\Jessica\Downloads\MSR_06-21-2013(1).xls
2013-06-21 11:03 - 2013-06-21 11:00 - 00000121 ____A C:\Users\Jessica\Desktop\honoraria convo with jeff.txt
2013-06-21 10:47 - 2013-06-21 10:47 - 00487136 ____A C:\Users\Jessica\Downloads\MSR_06-21-2013.xls
2013-06-21 08:55 - 2009-07-14 01:13 - 00730532 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 18:15 - 2013-06-20 18:15 - 00557456 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013(2).xls
2013-06-20 18:09 - 2013-06-20 18:09 - 00107754 ____A C:\Users\Jessica\Downloads\RevenueReport(10).xls
2013-06-20 16:32 - 2013-06-20 16:32 - 00105244 ____A C:\Users\Jessica\Downloads\RevenueReport(9).xls
2013-06-20 16:31 - 2013-06-20 16:31 - 00105244 ____A C:\Users\Jessica\Downloads\RevenueReport(8).xls
2013-06-20 16:23 - 2013-06-20 16:23 - 00163176 ____A C:\Users\Jessica\Downloads\RevenueReport(7).xls
2013-06-20 16:10 - 2013-06-20 16:10 - 00477787 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013(1).xls
2013-06-20 15:22 - 2013-06-20 15:22 - 00046584 ____A C:\Users\Jessica\Downloads\RevenueReport(6).xls
2013-06-20 15:12 - 2013-06-20 15:12 - 00046584 ____A C:\Users\Jessica\Downloads\RevenueReport(5).xls
2013-06-20 15:09 - 2013-06-20 15:09 - 00428473 ____A C:\Users\Jessica\Downloads\MSR_06-20-2013.xls
2013-06-20 11:31 - 2013-06-20 11:31 - 00024245 ____A C:\Users\Jessica\Downloads\userids(5).xls
2013-06-20 10:57 - 2013-06-20 08:31 - 00000294 ____A C:\Users\Jessica\Desktop\malin.txt
2013-06-20 10:26 - 2013-06-20 10:26 - 00220983 ____A C:\Users\Jessica\Downloads\RevenueReport(4).xls
2013-06-20 05:10 - 2013-06-20 05:10 - 00161639 ____A C:\Users\Jessica\Downloads\RevenueReport(3).xls
2013-06-20 04:55 - 2013-06-20 04:53 - 01056767 ____A C:\Users\Jessica\Downloads\RevenueReport(2).xls
2013-06-19 15:15 - 2013-06-19 15:15 - 00429364 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(4).xls
2013-06-19 14:22 - 2013-06-19 14:22 - 00158332 ____A C:\Users\Jessica\Downloads\RevenueReport(1).xls
2013-06-19 14:20 - 2013-06-19 14:20 - 00083110 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(3).xls
2013-06-19 14:18 - 2013-06-19 14:18 - 00083110 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(2).xls
2013-06-19 07:45 - 2013-06-19 07:45 - 00427803 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013(1).xls
2013-06-19 07:32 - 2013-06-19 07:32 - 00427803 ____A C:\Users\Jessica\Downloads\MSR_06-19-2013.xls
2013-06-19 06:59 - 2013-06-19 06:59 - 00581230 ____A C:\Users\Jessica\Downloads\userids(4).xls
2013-06-19 06:57 - 2013-06-19 06:56 - 00931968 ____A C:\Users\Jessica\Downloads\userids(3).xls
2013-06-18 16:50 - 2013-06-18 16:50 - 00076627 ____A C:\Users\Jessica\Downloads\R792_103080_2012.xls
2013-06-18 16:20 - 2013-06-18 16:20 - 00048522 ____A C:\Users\Jessica\Downloads\userids(2).xls
2013-06-18 13:11 - 2013-06-18 13:11 - 00427111 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013(2).xls
2013-06-18 13:02 - 2013-06-18 13:02 - 00006309 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013(1).xls
2013-06-18 10:25 - 2013-06-18 10:25 - 00152329 ____A C:\Users\Jessica\Downloads\RevenueReport.xls
2013-06-18 10:12 - 2013-06-13 05:42 - 00000185 ____A C:\Users\Jessica\Desktop\partners.txt
2013-06-18 07:36 - 2013-06-18 07:36 - 00414620 ____A C:\Users\Jessica\Downloads\MSR_06-18-2013.xls
2013-06-18 06:55 - 2013-06-18 06:55 - 00008408 ____A C:\Users\Jessica\Downloads\userids(1).xls
2013-06-18 06:50 - 2013-06-18 06:49 - 00266031 ____A C:\Users\Jessica\Downloads\userids.xls
2013-06-18 06:47 - 2012-04-03 19:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-18 06:47 - 2011-11-29 08:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-17 17:36 - 2013-06-17 17:36 - 00040353 ____A C:\Users\Jessica\Downloads\user_history.xls
2013-06-17 16:10 - 2013-06-17 16:10 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(3).xls
2013-06-17 16:08 - 2013-06-17 16:08 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(2).xls
2013-06-17 16:06 - 2013-06-17 16:06 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013(1).xls
2013-06-17 16:04 - 2013-06-17 16:04 - 00417878 ____A C:\Users\Jessica\Downloads\MSR_06-17-2013.xls
2013-06-17 14:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 21:52 - 2013-03-25 04:28 - 00017464 ____A C:\Users\Jessica\Desktop\Hon Guidelines.xlsx
2013-06-12 16:19 - 2011-11-20 16:44 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\webex
2013-06-12 08:44 - 2011-11-21 11:19 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 08:39 - 2011-11-20 13:49 - 00000000 ____D C:\ProgramData\Skype
2013-06-12 08:38 - 2013-02-10 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-11 11:49 - 2013-03-30 17:50 - 00010020 ____A C:\Users\Jessica\Desktop\Calculations.xlsx
2013-06-08 10:08 - 2013-06-15 08:01 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 10:07 - 2013-06-15 08:01 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 10:06 - 2013-06-15 08:01 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 10:06 - 2013-06-15 08:01 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 10:06 - 2013-06-15 08:01 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 08:28 - 2013-06-15 08:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 07:42 - 2013-06-15 08:01 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 07:40 - 2013-06-15 08:01 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 07:40 - 2013-06-15 08:01 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 07:40 - 2013-06-15 08:01 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 07:40 - 2013-06-15 08:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 07:13 - 2013-06-15 08:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 23:44 - 2009-07-14 01:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\@
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\L
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\@
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\L
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\@
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\L
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-06-23 08:55

==================== End Of Log ============================

Attached Files


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
It will be several steps to follow:

Download the enclosed file.

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Restart in Normal Mode.

Download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, reboot it yourself.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#5
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks so much for your quick replies, and all your help! Logs pasted below: Fixlog, JRT, ADWCleaner, MBAM.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Jessica at 2013-06-30 22:25:50 Run:1
Running from C:\Users\Jessica\Downloads
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\zawtuzc => Value deleted successfully.
C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$9123964c69cb32f9d53e5faba7fd5f0e => Moved successfully.
kxmjczg => Service deleted successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jessica on Sun 06/30/2013 at 22:38:20.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3521784995-195745528-205782139-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9F219B53-44E8-4E57-B798-991420E95990}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFDA28A2-16F1-4068-8DB3-FFBF6DB13F3D}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jessica\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Jessica\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"



~~~ FireFox

Successfully deleted: [File] C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\user.js
Successfully deleted: [File] C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\extensions\[email protected] [Tracur]
Successfully deleted: [File] C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\searchplugins\conduit.xml
Failed to delete: [Folder] C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted the following from C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\prefs.js

user_pref("CT3289847.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN23657541092264427&UM=2&SearchSource=13&sspv=TB_CER&UP=SP1A889226-669E-46B0-840E-784
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN23657541092264427&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CER");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN23657541092264427&UM=2&sspv=TB_CER&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN23657541092264427&UM=2&SearchSource=13&sspv=TB_CER,hxxp://search.conduit.com/?ctid=C
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN23657541092264427&UM=2&sspv=TB_CER&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Emptied folder: C:\Users\Jessica\AppData\Roaming\mozilla\firefox\profiles\s3yn3u4d.default\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/30/2013 at 22:42:10.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v2.303 - Logfile created 06/30/2013 at 22:43:33
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jessica - JESSICA-PC
# Boot Mode : Normal
# Running from : C:\Users\Jessica\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jessica\AppData\Local\Zoom_Downloader

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\prefs.js

[OK] File is clean.

File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\prefs.js

[OK] File is clean.

File : C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\prefs.js

Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.UserID", "UN23657541092264427");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.fullUserID", "UN23657541092264427.IN.20130630184601");
Deleted : user_pref("CT3289847.installDate", "30/06/2013 18:46:01");
Deleted : user_pref("CT3289847.installSessionId", "{C997A665-FCA2-48AA-85C4-051B86F9D22D}");
Deleted : user_pref("CT3289847.installSp", "false");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Deleted : user_pref("CT3289847.originalSearchEngine", "");
Deleted : user_pref("CT3289847.searchRevert", "true");
Deleted : user_pref("CT3289847.searchUserMode", "2");

*************************

AdwCleaner[S1].txt - [2047 octets] - [30/06/2013 22:43:33]

########## EOF - C:\AdwCleaner[S1].txt - [2107 octets] ##########




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Jessica :: JESSICA-PC [administrator]

6/30/2013 10:53:11 PM
mbam-log-2013-06-30 (22-53-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208798
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Let me know how is the computer doing after this scan:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#7
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks again - here's the log. It did say it found and cleaned 1 infected file.

Other things to note - one is that I have this program taskeng.exe that keeps opening on my screen; the second is that I have both C:\Program Files and C:\Program Files (x86), is that normal? On a good note, it does seem the redirects issues is fixed, I haven't run into that in a few days now.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5fdabe82338971409c7f0a861d62ed3b
# engine=14310
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-08 02:22:07
# local_time=2013-07-07 10:22:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 124793577 0 0
# scanned=147124
# found=1
# cleaned=1
# scan_time=3212
sh=10180392E39E7A98B04A95E6A58DE0507B403C09 ft=1 fh=253346774f22b5ed vn="a variant of Win32/Amonetize.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENST0KXG\setup__155[1]"
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets check the services.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#9
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks! Pasted below:

Farbar Service Scanner Version: 06-07-2013
Ran by Jessica (administrator) on 08-07-2013 at 10:20:28
Running from "C:\Users\Jessica\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Other things to note - one is that I have this program taskeng.exe that keeps opening on my screen; the second is that I have both C:\Program Files and C:\Program Files (x86), is that normal?


Yes it is normal. 64-bit versions of Windows have two folders for application files; 'Program Files' folder serves as the default installation target for native (in this case 64-bit) programs, while the 'Program Files (x86)' folder is the default installation target for non-native (in this case x86-32) programs.

All seems clear. How is the computer doing?
  • 0

Advertisements


#11
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Seems to be doing well now, thanks again for all of your help! Do you mind if I leave this open for another day or two to make sure that taskeng.exe thing doesn't pop up again? It seems to have been doing it every 1-2 days.
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
No problem. :)
  • 0

#13
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
That taskeng.exe window popped up again today. It just popped up for a second, and then closed itself - but it makes me nervous there's still something going on here. Anything else I can do to check? Thanks!
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Run OTL.exe.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start.
  • Under the Custom Scan box paste this in


    %systemroot%\Tasks\*

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

  • 0

#15
jessicalmccann

jessicalmccann

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
There was no Extras.txt file

OTL logfile created on: 7/11/2013 6:22:55 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessica\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 65.21% Memory free
7.81 Gb Paging File | 6.20 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.92 Gb Total Space | 386.02 Gb Free Space | 66.45% Space Free | Partition Type: NTFS

Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/11 06:21:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Downloads\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/08 10:01:42 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2011/02/03 15:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/08 09:53:08 | 006,754,888 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/04/07 16:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/04/05 22:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/01/05 16:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 16:28:50 | 000,340,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 16:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/24 23:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/09 20:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 18:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/07/02 22:29:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/18 06:47:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 03:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/20 16:37:29 | 000,135,608 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/02/03 15:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 17:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/30 03:57:24 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2011/03/30 03:57:24 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/24 16:56:00 | 000,100,352 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 14:29:00 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/25 13:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/12/02 12:49:08 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/12 21:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{91E68FB5-8A21-4452-9B17-F2EE90539459}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{87C0C824-5232-48AA-93A4-21B3595C4621}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {91E68FB5-8A21-4452-9B17-F2EE90539459}
IE - HKCU\..\SearchScopes\{87C0C824-5232-48AA-93A4-21B3595C4621}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\..\SearchScopes\{FC9D207B-A8BC-4986-9FA6-666258A9F98C}: "URL" = http://www.google.co...1I7TSNF_enUS458
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/18 09:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Extensions
[2013/07/01 10:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\extensions
[2011/11/21 09:26:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\bc82v9ul.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/07/01 10:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\extensions
[2011/11/21 09:27:11 | 000,000,000 | ---D | M] (Enmoebius Survey Tool) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\d405tye4.default\extensions\{BF0ED378-C4EC-4961-BFA9-8EA9454E5F05}
[2013/06/30 22:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\s3yn3u4d.default\extensions
[2013/07/02 22:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/02 22:29:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/06/30 11:59:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKCU..\Run: [jpcjvzo] "C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe" File not found
O4 - HKCU..\Run: [OfficeSyncProcess] "C:\Users\Jessica\AppData\Roaming\Microsoft\Nhtjhmv\nhtjhmv.exe" /c "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D76D7126-4A96-11D3-BD95-D296DC2DD072} https://author.confi...ab/vsflex7u.cab (:-) VideoSoft FlexGrid 7.0 (UNICODE))
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{635D7BE5-6D9B-4641-A1A9-72F466CEE30F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DFD0DE-67EA-45DC-99AC-3AD4D700117C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/10 03:06:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/10 03:06:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/10 03:06:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/10 03:06:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/10 03:06:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/10 03:06:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/10 03:06:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/10 03:06:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/10 03:06:35 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/10 03:06:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/10 03:06:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/10 03:06:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/10 03:06:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/10 03:06:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/10 03:06:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/10 00:51:39 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/10 00:51:39 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/10 00:51:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/10 00:51:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/10 00:45:57 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/02 22:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/30 22:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/30 22:52:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/30 22:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/30 22:38:18 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/06/30 22:38:10 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/30 20:31:03 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/30 11:59:54 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/06/30 11:58:35 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/06/21 14:34:07 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\Resources Meeting
[2013/06/11 18:49:47 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/11 18:49:47 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/11 18:49:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/11 18:49:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/11 18:49:43 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/06/11 18:49:37 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/11 18:49:37 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/11 18:49:37 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/11 18:49:37 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/11 18:49:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/11 18:49:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/11 18:49:35 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/06/11 18:49:35 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll

========== Files - Modified Within 30 Days ==========

[2013/07/11 06:25:14 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/11 06:15:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/10 21:40:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/10 21:40:32 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/10 21:32:44 | 3145,273,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/10 07:03:11 | 000,220,519 | ---- | M] () -- C:\Users\Jessica\Desktop\R2524 TT13177.rtf
[2013/07/10 03:29:37 | 000,344,752 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/10 03:10:27 | 000,744,902 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/10 03:10:27 | 000,627,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/10 03:10:27 | 000,107,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/09 14:39:29 | 000,230,464 | ---- | M] () -- C:\Users\Jessica\Desktop\BAW.pdf
[2013/07/09 14:14:43 | 000,074,344 | ---- | M] () -- C:\Users\Jessica\Desktop\R2489_2013_invoice_1.pdf
[2013/07/01 07:50:41 | 000,172,032 | ---- | M] () -- C:\Users\Jessica\Desktop\OpsSales Collaboration.msg
[2013/06/30 22:52:20 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 22:45:32 | 000,000,258 | RHS- | M] () -- C:\Users\Jessica\ntuser.pol
[2013/06/30 11:59:55 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/06/18 06:47:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/18 06:47:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 19:43:00 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/11 19:42:58 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/11 19:42:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/06/11 19:42:58 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/06/11 19:42:58 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/06/11 19:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/11 19:25:29 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/11 19:25:16 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/11 19:25:16 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/11 19:25:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/11 19:25:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/06/11 19:25:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/06/11 19:25:13 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/06/11 18:51:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/11 18:50:58 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

========== Files Created - No Company Name ==========

[2013/07/10 07:03:11 | 000,220,519 | ---- | C] () -- C:\Users\Jessica\Desktop\R2524 TT13177.rtf
[2013/07/09 14:39:29 | 000,230,464 | ---- | C] () -- C:\Users\Jessica\Desktop\BAW.pdf
[2013/07/09 14:14:43 | 000,074,344 | ---- | C] () -- C:\Users\Jessica\Desktop\R2489_2013_invoice_1.pdf
[2013/07/01 07:50:40 | 000,172,032 | ---- | C] () -- C:\Users\Jessica\Desktop\OpsSales Collaboration.msg
[2013/06/30 22:52:20 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/30 18:46:49 | 000,000,258 | RHS- | C] () -- C:\Users\Jessica\ntuser.pol
[2012/11/29 10:22:35 | 000,007,601 | ---- | C] () -- C:\Users\Jessica\AppData\Local\Resmon.ResmonCfg
[2012/09/20 13:04:26 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/14 12:59:39 | 000,060,304 | ---- | C] () -- C:\Users\Jessica\g2mdlhlpx.exe
[2011/12/23 15:36:17 | 000,000,256 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/12/23 15:36:17 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/12/23 15:35:42 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/12/23 15:35:01 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\BrMuSNMP.dll
[2011/12/23 15:35:01 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011/12/23 15:35:01 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011/12/23 15:34:51 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011/12/23 15:34:47 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011/12/23 15:29:45 | 000,031,767 | ---- | C] () -- C:\windows\maxlink.ini
[2011/11/21 07:11:30 | 000,000,680 | ---- | C] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3521784995-195745528-205782139-1000\$9123964c69cb32f9d53e5faba7fd5f0e\o.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %systemroot%\Tasks\* >
[2013/07/11 06:25:14 | 000,000,830 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013/07/10 21:32:49 | 000,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
[2013/06/04 23:44:10 | 000,032,596 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP