Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirects, Pop Ups, IE cannot open [Solved]

Started by Evan_R , Dec 03 2013 09:30 PM

  • This topic is locked This topic is locked

#1
Evan_R
Posted 03 December 2013 - 09:30 PM

Evan_R

    Member

  • Member
  • PipPip
  • 24 posts
Over the last few weeks a whole slew of problems have arose. First I keep being asked for Java updates but when I clicked I think I got a virus. Frequently being redirected to ask.com and conduit search. Malwarebytes keeps removing stuff but it's not a permanant solution. And now all of a sudden IE can't open a single page without crashing. Firefox is still working though. Please help! Here's my OTL log:

OTL logfile created on: 12/3/2013 10:24:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.10 Gb Available Physical Memory | 69.26% Memory free
11.83 Gb Paging File | 9.75 Gb Available in Paging File | 82.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.66 Gb Total Space | 847.40 Gb Free Space | 92.65% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 907.90 Gb Free Space | 97.49% Space Free | Partition Type: FAT32

Computer Name: EVAN-PC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/03 22:23:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Downloads\OTL.exe
PRC - [2013/12/01 10:57:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/08 19:08:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/01 10:57:48 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/08 19:08:20 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/01 10:57:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 19:08:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 17:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/13 17:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 06:58:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 18:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/12 04:47:46 | 000,312,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/31 08:43:33 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2011/05/31 08:43:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/05/31 08:43:31 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/05/31 08:43:31 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/05/27 18:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/13 14:04:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/27 10:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/24 07:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.amazon.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://searchservice...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/"
FF - prefs.js..extensions.enabledAddons: 008abed2-b43a-46c9-9a5b-a771c87b82da%401ad61d53-2bdc-4484-a26b-b888ecae1906.com:0.93.32
FF - prefs.js..extensions.enabledAddons: %7B41B95867-9E43-5627-B90B-31E1FD82AD26%7D:5.0.0.10433
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://dts.search.as...&o=APN10645&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2013/04/09 16:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/01 10:57:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/01 10:57:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/29 18:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions
[2013/12/03 22:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions
[2013/11/29 17:29:03 | 000,000,000 | ---D | M] (New tab) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}
[2013/07/19 13:20:16 | 000,000,000 | ---D | M] (Verizon Toolbar) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
[2013/12/03 22:03:04 | 000,000,000 | ---D | M] ("weDownload Manager Pro") -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
[2013/12/03 22:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData
[2013/12/03 22:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins
[2013/12/03 22:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode
[2013/11/07 15:36:00 | 000,009,953 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\[email protected]
[2013/09/18 18:10:40 | 000,002,662 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\Ask.xml
[2013/12/03 22:04:36 | 000,000,975 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\conduit-search.xml
[2013/12/01 10:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/01 10:57:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/18 18:10:40 | 000,002,662 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
[2013/04/29 18:49:07 | 000,002,646 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2011/06/01 15:35:28 | 000,002,566 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml

O1 HOSTS File: ([2011/12/11 12:23:25 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (weDownload Manager Pro) - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Evan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b146b925959447d1aff82104e41040c1-67255f0c7c8663a8b2d70d22a188bfab2be34ce1 --CMPID 0913a File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Evan\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid b146b925959447d1aff82104e41040c1-67255f0c7c8663a8b2d70d22a188bfab2be34ce1 --CMPID ROC_APR2013_AV File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mlsli.com ([vpn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemydsl] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemyfios] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemyhsi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([activatemywifi] https in Trusted sites)
O15 - HKCU\..Trusted Domains: verizon.net ([wbadownload] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.mlsli.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BD29658-3D3A-4957-9210-DEADD56E27D5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll) - File not found
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/03 22:03:42 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/03 22:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/03 22:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\weDownload Manager Pro
[2013/12/03 22:02:09 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\SearchProtect
[2013/12/01 10:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/17 23:04:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/17 23:04:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/17 23:04:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/17 23:04:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/17 23:04:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/17 23:04:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/17 23:04:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/17 23:04:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/17 23:04:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/17 23:04:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/17 23:04:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/17 23:04:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/17 23:04:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/17 23:04:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/17 23:04:09 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/17 18:18:18 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/17 18:18:11 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/17 18:18:11 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/17 18:18:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/17 18:18:11 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/17 18:18:11 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/17 18:18:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/17 18:18:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/17 18:18:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/17 18:18:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/17 18:18:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/17 18:18:02 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/17 18:18:00 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/17 18:18:00 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/17 18:18:00 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/17 18:18:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/04/12 06:33:40 | 021,036,128 | ---- | C] (Mozilla) -- C:\Users\Evan\Firefox-20Setup-2020.0.1.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/03 22:22:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 22:22:50 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 22:19:24 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/03 22:19:24 | 000,661,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/03 22:19:24 | 000,121,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/03 22:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/03 22:14:27 | 468,156,415 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 22:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/03 22:03:42 | 000,001,103 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/03 21:48:37 | 145,131,191 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/12/02 18:13:34 | 000,416,459 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/12/01 18:05:07 | 002,207,942 | ---- | M] () -- C:\Users\Evan\Desktop\Picture 003.jpg
[2013/12/01 18:04:54 | 002,268,032 | ---- | M] () -- C:\Users\Evan\Desktop\Picture 002.jpg
[2013/12/01 18:04:53 | 002,252,625 | ---- | M] () -- C:\Users\Evan\Desktop\Picture 001.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/03 22:03:42 | 000,001,103 | ---- | C] () -- C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/01 18:05:03 | 002,207,942 | ---- | C] () -- C:\Users\Evan\Desktop\Picture 003.jpg
[2013/12/01 18:04:54 | 002,268,032 | ---- | C] () -- C:\Users\Evan\Desktop\Picture 002.jpg
[2013/12/01 18:04:46 | 002,252,625 | ---- | C] () -- C:\Users\Evan\Desktop\Picture 001.jpg
[2012/01/14 15:30:05 | 000,005,120 | ---- | C] () -- C:\Users\Evan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 11:22:48 | 000,011,750 | -HS- | C] () -- C:\Users\Evan\AppData\Local\n2ee12q3co7aih
[2011/12/11 11:22:48 | 000,011,750 | -HS- | C] () -- C:\ProgramData\n2ee12q3co7aih
[2011/12/10 21:09:25 | 000,009,468 | -HS- | C] () -- C:\Users\Evan\AppData\Local\376471n7h240o515g153v6qxo4j0
[2011/12/10 21:09:25 | 000,009,468 | -HS- | C] () -- C:\ProgramData\376471n7h240o515g153v6qxo4j0

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 04 December 2013 - 01:01 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Evan_R,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Evan_R
Posted 04 December 2013 - 03:04 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks for the help! Here are the Farbar logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by Evan (administrator) on EVAN-PC on 04-12-2013 16:02:25
Running from C:\Users\Evan\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrcui.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\pcdrrealtime.p5x

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5495680 2011-11-07] (SUPERAntiSpyware.com)
HKCU\...\Run: [ROC_ROC_APR2013_AV] - C:\Users\Evan\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid b146b925959447d1aff82104e41040c1-67255f0c7c8663a8b2d70d22a188bfab2be34ce1 --CMPID ROC_APR2013_AV
HKCU\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Users\Evan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b146b925959447d1aff82104e41040c1-67255f0c7c8663a8b2d70d22a188bfab2be34ce1 --CMPID 0913a
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll [ ] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.amazon.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservice...q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.mlsli.com/XTSAC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP6B632FCB-B871-4B6F-A591-4464C40C61F3
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.amazon.com/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=394&systemid=406&v=a9292-109&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1932521295324360&o=APN10645&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: weDownload Manager Pro - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
FF Extension: New tab - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}
FF Extension: Verizon Toolbar - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF Extension: firefox - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1361920 2009-07-13] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 16:02 - 2013-12-04 16:02 - 00018212 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 16:00 - 2013-12-04 16:00 - 01959766 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
2013-12-04 16:00 - 2013-12-04 16:00 - 00000000 ____D C:\FRST
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:03 - 2013-12-03 22:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-03 22:03 - 2013-12-03 22:03 - 00000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-03 22:02 - 2013-12-03 22:13 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-03 22:02 - 2013-12-03 22:02 - 00000000 ____D C:\Users\Evan\AppData\Local\SearchProtect
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 23:04 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 23:04 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 23:04 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 23:04 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-17 18:18 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 18:18 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 18:18 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 18:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-17 18:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 18:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-17 18:18 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 18:18 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 18:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 18:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 18:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-17 18:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 18:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-04 16:02 - 2013-12-04 16:02 - 00018212 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 16:00 - 2013-12-04 16:00 - 01959766 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
2013-12-04 16:00 - 2013-12-04 16:00 - 00000000 ____D C:\FRST
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-04 15:59 - 2011-05-31 06:58 - 01174940 _____ C:\Windows\WindowsUpdate.log
2013-12-04 15:29 - 2013-05-21 19:37 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-12-04 15:26 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 15:26 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 15:24 - 2011-06-30 21:53 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-12-04 15:23 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 15:19 - 2013-09-18 18:10 - 00000000 ____D C:\Program Files (x86)\Movies Toolbar
2013-12-04 15:19 - 2013-04-29 18:49 - 00000000 ____D C:\ProgramData\Wincert
2013-12-04 15:19 - 2013-04-29 18:49 - 00000000 ____D C:\Program Files (x86)\Search Results Toolbar
2013-12-04 15:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 15:17 - 2009-07-13 23:51 - 00080406 _____ C:\Windows\setupact.log
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:16 - 2011-07-01 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:15 - 2013-12-03 22:03 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-03 22:14 - 2010-11-20 22:47 - 00227556 _____ C:\Windows\PFRO.log
2013-12-03 22:14 - 2009-07-14 00:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 22:13 - 2013-12-03 22:02 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-03 22:08 - 2012-09-03 16:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 22:03 - 2013-12-03 22:03 - 00000000 ____D C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-03 22:03 - 2013-06-05 22:20 - 00007849 _____ C:\Windows\IE10_main.log
2013-12-03 22:03 - 2011-06-30 11:59 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-03 22:02 - 2013-12-03 22:02 - 00000000 ____D C:\Users\Evan\AppData\Local\SearchProtect
2013-12-03 22:02 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-01 18:20 - 2013-04-29 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 17:29 - 2011-07-01 14:01 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2013-11-17 23:04 - 2011-07-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 18:26 - 2013-05-21 19:36 - 00000000 ____D C:\Program Files\My Dell
2013-11-17 18:26 - 2011-06-30 15:00 - 00000000 ____D C:\ProgramData\PCDr

Files to move or delete:
====================
C:\Users\Evan\Firefox-20Setup-2020.0.1.exe


Some content of TEMP:
====================
C:\Users\Evan\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe
C:\Users\Evan\AppData\Local\Temp\1385723452_wedownload_manager_pro.exe
C:\Users\Evan\AppData\Local\Temp\BackupSetup.exe
C:\Users\Evan\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Evan\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Evan\AppData\Local\Temp\propsys.dll
C:\Users\Evan\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-24 17:57

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2013
Ran by Evan at 2013-12-04 16:02:52
Running from C:\Users\Evan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.1) (x32 Version: 10.1.1)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2011 (Version: 10.0.1432)
AVG 2011 (Version: 10.0.3658)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.2.241.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Conexant HD Audio (Version: 8.50.4.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32)
Dell DataSafe Local Backup (x32 Version: 9.4.47)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Home Systems Service Agreement (x32 Version: 2.0.0)
Dell Marketplace Webslice IE8 (x32 Version: 8.0)
Dell MusicStage (x32 Version: 1.4.162.0)
Dell PhotoStage (x32 Version: 1.5.0.30)
Dell Product Registration (x32 Version: 1.0.6)
Dell Stage (x32 Version: 1.4.173.0)
Dell VideoStage (x32 Version: 1.1.1.1408)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Dora's World Adventure (x32 Version: 2.2.0.95)
eBay (x32 Version: 1.4.0)
Escape Whisper Valley ™ (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
Final Drive Fury (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
GoToAssist 8.0.0.514 (x32)
IHA_MessageCenter (x32 Version: 1.8.70)
Intel® Processor Graphics (x32 Version: 8.15.10.2291)
Internet Explorer (x32 Version: 8)
iTunes (Version: 11.0.2.26)
Java Auto Updater (x32 Version: 2.0.5.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Jewel Quest (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaMonkey 4.0 (x32 Version: 4.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.4.6361.48)
MyPC Backup (Version: ) <==== ATTENTION
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Penguins! (x32 Version: 2.2.0.95)
PhotoShowExpress (x32 Version: 2.0.063)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samantha Swift (x32 Version: 2.2.0.95)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1136)
Swift Browse 2013.11.07.203600 (Version: 2013.11.07.203600)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
Verizon Toolbar (x32 Version: 6.0.0.40)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Vz In-Home Agent (x32 Version: 9.0.35.0)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)
weDownload Manager Pro (x32 Version: 1.31.153.0) <==== ATTENTION
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.14)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

15-08-2013 04:44:12 Windows Update
11-09-2013 01:48:05 Windows Update
12-09-2013 01:22:03 Windows Update
13-09-2013 02:11:00 Windows Update
09-10-2013 01:25:51 Windows Update
18-11-2013 04:02:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2011-12-11 12:23 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02F2CEAF-95EE-4A2F-98E3-7022E1DA2609} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {512AF2DA-2855-4045-937B-3821C597D1A7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-06] (PC-Doctor, Inc.)
Task: {71315C72-E9E8-4560-BED4-943FC164A1B3} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13] (Microsoft Corporation)
Task: {87889C2D-4808-44F6-A064-6B31D7CEB290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {8E50870C-6C9B-44D8-8BBE-D3D349214891} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {F0D2EA75-54D9-4174-A6AE-71E555601006} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 08:30 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 17:37 - 2013-09-19 17:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 17:32 - 2013-09-19 17:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-11-06 19:48 - 2013-11-06 19:48 - 00541432 _____ () C:\Program Files\My Dell\libAsapiCSharp.dll
2013-11-06 19:48 - 2013-11-06 19:48 - 00103160 _____ () C:\Program Files\My Dell\libCSharpCommonCS.dll
2013-11-06 19:48 - 2013-11-06 19:48 - 00090872 _____ () C:\Program Files\My Dell\libTonopahClientCSharp.dll
2013-11-06 19:48 - 2013-11-06 19:48 - 00086776 _____ () C:\Program Files\My Dell\libDataStoreCSharp.dll
2012-08-24 10:02 - 2011-03-24 12:41 - 00719440 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
2012-08-24 10:02 - 2011-04-06 19:09 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
2012-08-24 10:03 - 2011-04-06 19:24 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
2012-08-24 10:03 - 2011-04-08 11:59 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
2012-08-24 10:03 - 2011-04-08 12:28 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
2012-08-24 10:03 - 2011-04-08 12:57 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
2012-08-24 10:03 - 2011-04-08 13:12 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
2012-08-24 10:03 - 2011-04-08 13:27 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
2012-08-24 10:03 - 2011-04-08 14:56 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
2012-08-24 10:03 - 2011-04-08 15:04 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
2012-08-24 10:03 - 2011-04-08 15:12 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
2012-08-24 10:03 - 2011-04-08 15:20 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
2012-08-24 10:03 - 2011-04-08 15:42 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
2012-08-24 10:03 - 2011-04-11 10:52 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
2012-08-24 10:03 - 2011-04-11 11:01 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
2012-08-24 10:03 - 2011-04-11 11:07 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
2012-08-24 10:03 - 2011-04-11 11:12 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
2012-08-24 10:03 - 2011-04-11 11:16 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
2012-08-24 10:03 - 2011-04-11 11:41 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
2012-08-24 10:03 - 2011-04-11 11:48 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
2012-08-24 10:03 - 2011-04-12 15:44 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
2012-08-24 10:03 - 2011-04-14 12:43 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
2012-08-24 10:03 - 2011-04-14 13:13 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
2012-08-24 10:03 - 2011-04-14 14:50 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
2012-08-24 10:03 - 2011-04-19 17:27 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
2012-08-24 10:03 - 2011-04-19 17:35 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
2012-08-24 10:03 - 2011-04-19 18:28 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
2012-08-24 10:03 - 2011-04-26 14:41 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
2012-08-24 10:03 - 2011-04-26 14:48 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
2012-08-24 10:03 - 2011-05-06 10:01 - 00039504 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
2012-08-24 10:03 - 2011-05-06 14:56 - 00039504 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
2012-08-24 10:03 - 2011-05-03 10:47 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
2012-08-24 10:03 - 2011-05-03 10:53 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
2012-08-24 10:03 - 2011-05-17 15:45 - 00026704 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
2012-08-24 10:03 - 2011-05-19 10:43 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
2012-08-24 10:03 - 2011-06-08 10:58 - 00023632 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
2012-08-24 10:03 - 2011-07-19 17:58 - 00031312 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
2012-08-24 10:03 - 2011-09-30 15:04 - 00047696 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
2012-08-24 10:03 - 2012-01-19 16:27 - 00035408 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
2012-08-24 10:03 - 2012-01-19 16:45 - 00026192 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
2013-02-01 16:20 - 2013-01-31 16:57 - 00044080 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
2013-02-22 18:58 - 2013-02-20 18:36 - 00052272 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
2013-05-22 18:48 - 2013-04-23 19:39 - 00039984 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
2013-05-03 15:37 - 2013-04-30 15:37 - 00044080 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
2013-05-09 18:25 - 2013-05-06 13:18 - 00044080 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
2013-06-21 19:11 - 2013-06-12 12:02 - 00039984 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
2013-06-29 09:48 - 2013-06-26 18:32 - 00048176 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
2013-07-13 09:55 - 2013-07-08 15:14 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
2013-09-07 11:49 - 2013-08-26 18:33 - 00045816 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
2013-10-15 17:19 - 2013-10-11 19:32 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
2013-10-15 17:19 - 2013-10-11 15:19 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\b96b7bbd-964e-47f1-9323-f48f460042bf.dll
2013-10-12 17:28 - 2013-10-04 12:43 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\3cc3b539-b998-4728-8055-1201221a38d4.dll
2013-10-21 16:14 - 2013-10-14 11:11 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\2c784c13-702f-431e-a492-e9dddd757b25.dll
2013-10-21 16:14 - 2013-10-14 11:23 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\fc470dbb-846d-42d3-bb0a-6363a559f3fb.dll
2013-10-21 16:14 - 2013-10-14 11:54 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\66858fdf-b35c-4b24-a074-915d56b3871b.dll
2013-10-21 16:14 - 2013-10-14 12:08 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\9d97f346-8efc-4e33-9c3b-3eef6c324e61.dll
2013-10-28 05:04 - 2013-10-21 16:06 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\8fab1a01-d6b6-4640-ac86-c3ddd583c840.dll
2013-10-28 05:04 - 2013-10-22 13:49 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\704dfeb5-9129-4d88-8096-7f3bc80eb1ec.dll
2013-11-10 11:39 - 2013-10-28 10:21 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\c4f346c1-09ef-4c0a-846d-8ca41f94690b.dll
2013-10-31 16:49 - 2013-10-28 10:39 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\cadaa395-f50b-45c6-81f6-b5aaa3c5efba.dll
2013-10-31 16:49 - 2013-10-28 10:54 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\8d529c31-eeb1-4b4d-ab7e-98a38b1abf60.dll
2013-11-10 11:39 - 2013-10-28 11:05 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
2013-11-10 11:39 - 2013-10-30 12:42 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\dde43788-ba3c-4b88-bc8a-de8a0eb22c79.dll
2013-11-10 11:39 - 2013-10-30 12:59 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\5c103ca5-8249-401b-a699-41d0a39023f4.dll
2013-11-10 11:39 - 2013-10-30 13:07 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\e13c218f-cd37-454b-a187-3381a9945752.dll
2013-11-10 11:39 - 2013-11-05 13:49 - 00058104 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
2013-11-10 11:39 - 2013-11-06 20:15 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f73e8868-a1f5-4756-9eae-b4ffc305f35a.dll
2013-11-10 11:39 - 2013-11-06 20:28 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f586fa98-17b8-498c-9c59-24de5750efab.dll
2013-11-10 11:39 - 2013-11-06 20:35 - 00054008 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\9e7391aa-d9c2-4547-bdb7-737a833083a2.dll
2013-11-10 11:39 - 2013-11-06 20:42 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\3cb2cbfc-72a8-4ae7-9061-1a58b1505327.dll
2013-11-29 18:20 - 2013-11-11 13:12 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
2013-11-29 18:20 - 2013-11-11 13:38 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
2013-11-29 18:20 - 2013-11-11 13:59 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
2013-11-29 18:20 - 2013-11-11 14:13 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
2013-11-29 18:20 - 2013-11-18 16:59 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
2013-11-29 18:20 - 2013-11-18 17:16 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
2013-12-02 17:51 - 2013-11-18 18:08 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
2013-11-29 18:20 - 2013-11-20 14:14 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
2013-11-29 18:20 - 2013-11-20 14:16 - 00049912 _____ () C:\ProgramData\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-05-31 07:03 - 2010-08-11 18:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-05-31 07:03 - 2010-08-11 18:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-05-31 07:03 - 2010-08-11 18:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2013-12-01 10:57 - 2013-12-01 10:57 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 19:08 - 2013-10-08 19:08 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 03:30:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584

Error: (12/04/2013 03:30:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584

Error: (12/04/2013 03:30:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/04/2013 03:19:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 10:20:35 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 480

Start Time: 01cef09f5631b574

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/03/2013 10:16:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 10:05:37 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15f4

Start Time: 01cef09da6683616

Termination Time: 10

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: f1a9aff8-5c90-11e3-a215-f04da2f4a932

Error: (12/03/2013 10:05:13 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e4

Start Time: 01cef09d69fa36cf

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: dec5b66a-5c90-11e3-a215-f04da2f4a932

Error: (12/03/2013 09:57:14 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 488

Start Time: 01cef09c68f386ac

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/03/2013 09:56:36 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ad0

Start Time: 01cef09c45c690ff

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (12/04/2013 03:19:59 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/04/2013 03:19:36 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (12/04/2013 03:19:36 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/04/2013 03:19:24 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/04/2013 03:19:22 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service failed to start due to the following error:
%%1053

Error: (12/04/2013 03:19:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.

Error: (12/04/2013 03:18:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (12/04/2013 03:18:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (12/04/2013 03:18:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/03/2013 10:15:34 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 6056.63 MB
Available physical RAM: 4317.19 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 9716.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.66 GB) (Free:847.01 GB) NTFS
Drive f: (My Book) (Fixed) (Total:931.28 GB) (Free:907.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B717E5E9)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 04 December 2013 - 04:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Evan_R,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
So when you return please post
  • Fixlog.txt
  • JRT.txt
  • 0

#5
Evan_R
Posted 04 December 2013 - 04:41 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here are my two logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by Evan at 2013-12-04 17:21:20 Run:1
Running from C:\Users\Evan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
C:\Program Files (x86)\Search Results Toolbar
C:\Users\Evan\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Evan\AppData\Local\Temp\MybabylonTB.exe
*****************

HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
C:\Program Files (x86)\Search Results Toolbar => Moved successfully.
Could not move "C:\Users\Evan\AppData\Local\Temp\BundleSweetIMSetup.exe" => Scheduled to move on reboot.
C:\Users\Evan\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-04 17:24:46)<=

C:\Users\Evan\AppData\Local\Temp\BundleSweetIMSetup.exe => Is moved successfully.

==== End of Fixlog ====



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Evan on Wed 12/04/2013 at 17:32:03.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\search results toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ilividsrtb
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422362228}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bi_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466366628}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r394-n-bi_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r394-n-bi_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377e5d4d-77e5-476a-8716-7e70a9272da0}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\locallow\verizontb"
Successfully deleted: [Folder] "C:\Program Files (x86)\movies toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\verizontb"
Successfully deleted: [Folder] "C:\Users\Evan\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\7oumt5cn.default\searchplugins\ask.xml
Successfully deleted: [Folder] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\7oumt5cn.default\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
Successfully deleted the following from C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\7oumt5cn.default\prefs.js

user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP6B632FCB-B871-4B6F-A591-4464C40C61
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Wed Dec 04 2013 22:03:33 GMT-
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Tue Dec 10 2013 22:03
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Wed Dec 04 2013 22:03:33
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22a
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3
user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345
user_pref("extensions.crossrider.bic", "142bb8f426503f5aad662d7262816d72");
user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=394&systemid=406&v=a9292-109&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1932521295324360&o=APN10645&q=")
Emptied folder: C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\7oumt5cn.default\minidumps [257 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/04/2013 at 17:35:39.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
emeraldnzl
Posted 04 December 2013 - 08:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Evan_R,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Evan_R
Posted 04 December 2013 - 08:50 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks again! Here's the combofix log:

ComboFix 13-12-04.04 - Evan 12/04/2013 21:38:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6057.5000 [GMT -5:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\137B.tmp
c:\programdata\PCDr\6361\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6361\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6361\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6361\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\3cb2cbfc-72a8-4ae7-9061-1a58b1505327.dll
c:\programdata\PCDr\6361\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6361\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6361\AddOnDownloaded\5c103ca5-8249-401b-a699-41d0a39023f4.dll
c:\programdata\PCDr\6361\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9e7391aa-d9c2-4547-bdb7-737a833083a2.dll
c:\programdata\PCDr\6361\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6361\AddOnDownloaded\b347630c-35c1-4199-a3e2-2eea8f11e228.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c4f346c1-09ef-4c0a-846d-8ca41f94690b.dll
c:\programdata\PCDr\6361\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6361\AddOnDownloaded\dde43788-ba3c-4b88-bc8a-de8a0eb22c79.dll
c:\programdata\PCDr\6361\AddOnDownloaded\e13c218f-cd37-454b-a187-3381a9945752.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f586fa98-17b8-498c-9c59-24de5750efab.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\programdata\PCDr\6361\AddOnDownloaded\f73e8868-a1f5-4756-9eae-b4ffc305f35a.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-05 to 2013-12-05 )))))))))))))))))))))))))))))))
.
.
2013-12-04 22:30 . 2013-12-04 22:30 -------- d-----w- c:\windows\ERUNT
2013-12-04 21:00 . 2013-12-04 22:24 -------- d-----w- C:\FRST
2013-12-04 03:02 . 2013-12-04 03:13 -------- d-----w- c:\program files (x86)\weDownload Manager Pro
2013-11-17 23:18 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 00:08 . 2012-09-03 21:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 00:08 . 2011-07-01 01:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-08 23:38 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-08 23:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-08 23:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 00:08]
.
2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411361128}]
2013-12-04 03:03 965120 ----a-w- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mlsli.com\vpn
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-11-07 15:36; [email protected]; c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{96673559-e653-4cdc-8923-f89347a952c0} - c:\program files (x86)\verizontb\auxi\verizonAu.dll
BHO-{f8d96645-337c-419b-8792-b6c126145811} - c:\program files (x86)\verizontb\verizonDx.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-{f8d96645-337c-419b-8792-b6c126145811} - c:\program files (x86)\verizontb\verizonDx.dll
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Evan\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\Evan\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-12-04 21:48:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-05 02:48
.
Pre-Run: 909,324,464,128 bytes free
Post-Run: 909,833,273,344 bytes free
.
- - End Of File - - 82637A8031706A8E15C2FA7480FAF442
5C616939100B85E558DA92B899A0FC36
  • 0

#8
emeraldnzl
Posted 04 December 2013 - 08:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Evan_R,

Good progress I think.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#9
Evan_R
Posted 05 December 2013 - 04:05 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi, I ran ESET but lost the log file. Should I rerun it? It quarantined 6 items but I don't think they were deleted.
  • 0

#10
emeraldnzl
Posted 05 December 2013 - 05:04 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
The log should be at:

C:\Program Files\ESET\EsetOnlineScanner\log.txt.

If you can't find it, it's not the end of the world.

How is your machine now?
  • 0

Advertisements

#11
Evan_R
Posted 05 December 2013 - 05:35 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I must have lost it when I uninstalled the program. I thought it was saved. It's running much better! I haven't been redirected and IE is running smoothly.

I'm still being asked to update Java. I thought that was how I originally got the virus. Is it a legitimate update request? Also I still see "conduit" and "ask" in my search options and those weren't there before the infection. Are they harmless or is there still a bug?
  • 0

#12
emeraldnzl
Posted 05 December 2013 - 05:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Also I still see "conduit" and "ask" in my search options


Hmm... we should have removed them. We have probably removed the active part but let's just make sure.

Please run a FRST scan again and post the FRST.txt log back here.
  • 0

#13
Evan_R
Posted 05 December 2013 - 05:57 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks again! Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Evan (administrator) on EVAN-PC on 05-12-2013 18:55:21
Running from C:\Users\Evan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5495680 2011-11-07] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservice...q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll No File
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.mlsli.com/XTSAC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.amazon.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF Extension: New tab - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}
FF Extension: Verizon Toolbar - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1361920 2009-07-13] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 18:55 - 2013-12-05 18:55 - 00014319 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:35 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-04 21:35 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-04 21:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-04 21:33 - 2013-12-04 21:48 - 00000000 ____D C:\Qoobox
2013-12-04 21:33 - 2013-12-04 21:47 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:35 - 2013-12-04 17:39 - 00008650 _____ C:\Users\Evan\Desktop\JRT.txt
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 17:27 - 2013-12-04 17:28 - 00018210 _____ C:\Users\Evan\Desktop\wZ6NX99F.htm
2013-12-04 16:02 - 2013-12-04 16:03 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:02 - 2013-12-04 16:03 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 16:00 - 2013-12-05 18:55 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-04 16:00 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:02 - 2013-12-03 22:13 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 23:04 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 23:04 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 23:04 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 23:04 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-17 18:18 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 18:18 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 18:18 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 18:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-17 18:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 18:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-17 18:18 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 18:18 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 18:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 18:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 18:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-17 18:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 18:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-05 18:55 - 2013-12-05 18:55 - 00014319 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 18:55 - 2013-12-04 16:00 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-05 18:55 - 2013-12-04 16:00 - 00000000 ____D C:\FRST
2013-12-05 18:31 - 2012-09-03 16:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 17:29 - 2011-06-30 21:53 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-12-05 16:51 - 2011-05-31 07:03 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-05 16:44 - 2011-05-31 06:58 - 01293688 _____ C:\Windows\WindowsUpdate.log
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-05 15:17 - 2013-05-21 19:37 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-12-05 15:10 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 15:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 15:06 - 2009-07-13 23:51 - 00080574 _____ C:\Windows\setupact.log
2013-12-04 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:48 - 2013-12-04 21:33 - 00000000 ____D C:\Qoobox
2013-12-04 21:48 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default
2013-12-04 21:47 - 2013-12-04 21:33 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:47 - 2011-06-30 11:59 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 21:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-04 21:43 - 2010-11-20 22:47 - 00228108 _____ C:\Windows\PFRO.log
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:39 - 2013-12-04 17:35 - 00008650 _____ C:\Users\Evan\Desktop\JRT.txt
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 17:28 - 2013-12-04 17:27 - 00018210 _____ C:\Users\Evan\Desktop\wZ6NX99F.htm
2013-12-04 16:03 - 2013-12-04 16:02 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:03 - 2013-12-04 16:02 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:16 - 2011-07-01 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:14 - 2009-07-14 00:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 22:13 - 2013-12-03 22:02 - 00000000 ____D C:\Program Files (x86)\weDownload Manager Pro
2013-12-03 22:03 - 2013-06-05 22:20 - 00007849 _____ C:\Windows\IE10_main.log
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 18:20 - 2013-04-29 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 17:29 - 2011-07-01 14:01 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2013-11-17 23:04 - 2011-07-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 18:26 - 2013-05-21 19:36 - 00000000 ____D C:\Program Files\My Dell
2013-11-17 18:26 - 2011-06-30 15:00 - 00000000 ____D C:\ProgramData\PCDr

Files to move or delete:
====================
C:\Users\Evan\Firefox-20Setup-2020.0.1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-24 17:57

==================== End Of Log ============================
  • 0

#14
emeraldnzl
Posted 05 December 2013 - 06:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run another scan with FRST and post the log back here.

So when you return please post
  • Fixlog.txt
  • FRST.txt
  • 0

#15
Evan_R
Posted 05 December 2013 - 06:20 PM

Evan_R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-12-2013
Ran by Evan at 2013-12-05 19:19:08 Run:2
Running from C:\Users\Evan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservice...q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (weDownload)
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
C:\Program Files (x86)\weDownload Manager Pro
FF SearchEngineOrder.1: Ask.com
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key deleted successfully.
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll => Moved successfully.
C:\Program Files (x86)\weDownload Manager Pro => Moved successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml" => File/Directory not found.

==== End of Fixlog ====



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Evan (administrator) on EVAN-PC on 05-12-2013 19:19:20
Running from C:\Users\Evan\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5495680 2011-11-07] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll No File
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.mlsli.com/XTSAC.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.amazon.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
FF Extension: New tab - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{41B95867-9E43-5627-B90B-31E1FD82AD26}
FF Extension: Verizon Toolbar - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\7oumt5cn.default\Extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4\

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1361920 2009-07-13] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 19:19 - 2013-12-05 19:19 - 00012702 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:35 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-04 21:35 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-04 21:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-04 21:35 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-04 21:33 - 2013-12-04 21:48 - 00000000 ____D C:\Qoobox
2013-12-04 21:33 - 2013-12-04 21:47 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 17:27 - 2013-12-04 17:28 - 00018210 _____ C:\Users\Evan\Desktop\wZ6NX99F.htm
2013-12-04 16:02 - 2013-12-04 16:03 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:02 - 2013-12-04 16:03 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 16:00 - 2013-12-05 18:55 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-04 16:00 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 23:04 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-17 23:04 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-17 23:04 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-17 23:04 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-17 23:04 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-17 23:04 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-17 23:04 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 23:04 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-17 18:18 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 18:18 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-17 18:18 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-17 18:18 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 18:18 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 18:18 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-17 18:18 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 18:18 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-17 18:18 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-17 18:18 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 18:18 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 18:18 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-17 18:18 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-17 18:18 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-17 18:18 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-17 18:18 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-17 18:18 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 18:18 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-17 18:18 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-17 18:18 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-17 18:18 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-05 19:19 - 2013-12-05 19:19 - 00012702 _____ C:\Users\Evan\Desktop\FRST.txt
2013-12-05 19:08 - 2012-09-03 16:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\Users\Evan\Desktop\FRST-OlderVersion
2013-12-05 18:55 - 2013-12-04 16:00 - 01925140 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2013-12-05 18:55 - 2013-12-04 16:00 - 00000000 ____D C:\FRST
2013-12-05 18:32 - 2011-05-31 06:58 - 01293688 _____ C:\Windows\WindowsUpdate.log
2013-12-05 17:29 - 2011-06-30 21:53 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-12-05 16:51 - 2011-05-31 07:03 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:45 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:41 - 2013-12-05 15:41 - 02347384 _____ (ESET) C:\Users\Evan\Downloads\esetsmartinstaller_enu.exe
2013-12-05 15:41 - 2013-12-05 15:41 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-05 15:17 - 2013-05-21 19:37 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-12-05 15:10 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 15:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 15:06 - 2009-07-13 23:51 - 00080574 _____ C:\Windows\setupact.log
2013-12-04 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-04 21:48 - 2013-12-04 21:48 - 00019763 _____ C:\ComboFix.txt
2013-12-04 21:48 - 2013-12-04 21:33 - 00000000 ____D C:\Qoobox
2013-12-04 21:48 - 2009-07-13 22:20 - 00000000 ____D C:\Users\Default
2013-12-04 21:47 - 2013-12-04 21:33 - 00000000 ____D C:\Windows\erdnt
2013-12-04 21:47 - 2011-06-30 11:59 - 00000000 ___RD C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 21:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-12-04 21:43 - 2010-11-20 22:47 - 00228108 _____ C:\Windows\PFRO.log
2013-12-04 21:32 - 2013-12-04 21:32 - 05152313 ____R (Swearware) C:\Users\Evan\Desktop\ComboFix.exe
2013-12-04 17:30 - 2013-12-04 17:30 - 00000000 ____D C:\Windows\ERUNT
2013-12-04 17:28 - 2013-12-04 17:28 - 01034531 _____ (Thisisu) C:\Users\Evan\Desktop\JRT.exe
2013-12-04 17:28 - 2013-12-04 17:27 - 00018210 _____ C:\Users\Evan\Desktop\wZ6NX99F.htm
2013-12-04 16:03 - 2013-12-04 16:02 - 00032129 _____ C:\Users\Evan\Downloads\Addition.txt
2013-12-04 16:03 - 2013-12-04 16:02 - 00031187 _____ C:\Users\Evan\Downloads\FRST.txt
2013-12-04 15:59 - 2013-12-04 15:59 - 01092683 _____ (Farbar) C:\Users\Evan\Downloads\FRST.exe
2013-12-03 22:29 - 2013-12-03 22:29 - 00066278 _____ C:\Users\Evan\Downloads\Extras.Txt
2013-12-03 22:28 - 2013-12-03 22:28 - 00092984 _____ C:\Users\Evan\Downloads\OTL.Txt
2013-12-03 22:23 - 2013-12-03 22:23 - 00602112 _____ (OldTimer Tools) C:\Users\Evan\Downloads\OTL.exe
2013-12-03 22:16 - 2011-07-01 14:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:14 - 2009-07-14 00:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-03 22:03 - 2013-06-05 22:20 - 00007849 _____ C:\Windows\IE10_main.log
2013-12-03 22:02 - 2013-12-03 22:02 - 25326496 _____ (Microsoft Corporation) C:\Users\Evan\Downloads\EIE10-EN-US-WOL-Win7.EXE
2013-12-01 18:20 - 2013-04-29 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-01 10:57 - 2013-12-01 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 17:29 - 2011-07-01 14:01 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2013-11-17 23:04 - 2011-07-09 11:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 18:26 - 2013-05-21 19:36 - 00000000 ____D C:\Program Files\My Dell
2013-11-17 18:26 - 2011-06-30 15:00 - 00000000 ____D C:\ProgramData\PCDr

Files to move or delete:
====================
C:\Users\Evan\Firefox-20Setup-2020.0.1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-24 17:57

==================== End Of Log ============================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP