Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Freezing, can't run virus programs. [Solved]

Started by njnauticalnut17 , May 16 2014 08:25 AM

This topic is locked

#1
njnauticalnut17

Posted 16 May 2014 - 08:25 AM

Member

Member
66 posts

The computer is an Acer Aspire 5532 laptop running Windows 7 Home Edition. When booting Windows normally, within moments of use the computer freezes and have to shut down by pressing on/off button. When starting Windows in safe mode, the virus program AVG 2014 stops working after a short time. Whatever help you can offer is greatly appreciated.

Thanks.

#2
njnauticalnut17

Posted 16 May 2014 - 08:46 AM

Member

Topic Starter
Member
66 posts

Here is a little more information. System restore has been tried but did not stop the computer from freezing. When attempting system restore now there are no points to restore to. The computer will run in safe mode with networking. MalwareBytes is running right now in safe mode and has not frozen to this point, AVG stops responding and when going into Windows normally nothing works as the computer freezes and cannot move mouse or use keyboard.

#3
Dakeyras

Posted 16 May 2014 - 02:07 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi and welcome to Geeks to Go.

MalwareBytes is running right now in safe mode and has not frozen to this point

Has the scan completed then or not ? If so post the log and provide a quick update about the status of your machine please and we will then go from there, thank you.

#4
njnauticalnut17

Posted 16 May 2014 - 02:42 PM

Member

Topic Starter
Member
66 posts

Thanks for your response.

The scan did complete. The log is below. I tried to run the AVG virus scan again and it failed/stopped responding. I rebooted the computer and let Windows load normally. It booted up but got the following error, "could not load file or assembly sorttbls.nlp or one of its dependencies. The system could not find the file specified." This is not the first time getting this error. I did not click ok but instead just left the error box on the screen.

I read that having two virus programs on the computer could cause a conflict so I uninstalled McAfee as it was not being used.

I ran another malware scan and it said no threats detected. I am currently running a virus scan with AVG. I will post the results when it is complete. The computer has not frozen but is running extremely slow. When going onto the internet it takes a very long time for a page to load, even loading google.

Malwarebytes Anti-Malware Log

www.malwarebytes.org

Scan Date: 5/15/2014

Scan Time: 7:16:12 PM

Logfile:

Administrator: Yes

Version: 2.00.1.1004

Malware Database: v2014.05.15.12

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Eileen Pulsinelli

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 270898

Time Elapsed: 5 hr, 3 min, 18 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 3

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DealPly, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY, Quarantined, [a90f6fe284f737ff33136052aa590ff1],

PUP.Optional.DealPly.A, HKU\S-1-5-21-562758786-576061103-3792044421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, Quarantined, [fdbb2a27a0db2115cd7d535f24dfd52b],

Registry Values: 2

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY|ChromeCrxPath, C:\Program Files (x86)\DealPly\DealPly.crx, Quarantined, [a90f6fe284f737ff33136052aa590ff1]

PUP.Optional.DealPly.A, HKU\S-1-5-21-562758786-576061103-3792044421-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, sft3, Quarantined, [fdbb2a27a0db2115cd7d535f24dfd52b]

Registry Data: 0

(No malicious items detected)

Folders: 7

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, Quarantined, [30886ee3c8b30b2b1a191e9235ceb050],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\META-INF, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.DealPly.A, C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [a810cb86f784e353ec16076ee41e956b],

PUP.Optional.DealPly.A, C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.9.7.9_0, Quarantined, [a810cb86f784e353ec16076ee41e956b],

PUP.Optional.DealPly.A, C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.9.7.9_0\images, Quarantined, [a810cb86f784e353ec16076ee41e956b],

Files: 21

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPly.crx, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyTune.dll, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdate.exe, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdate.log, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\icon.ico, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPly\uninst.exe, Quarantined, [10a84d04b7c448ee887ccae41fe4f709],

PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, Quarantined, [30886ee3c8b30b2b1a191e9235ceb050],

PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, Quarantined, [30886ee3c8b30b2b1a191e9235ceb050],

PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, Quarantined, [30886ee3c8b30b2b1a191e9235ceb050],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\conduitengine.xpi, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\install.rdf, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\oovoo_video_chat_tb.xpi, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\META-INF\manifest.mf, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\META-INF\zigbert.rsa, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.Conduit.A, C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ct1572363\META-INF\zigbert.sf, Quarantined, [6e4a6ce54932bb7b3258d997be4404fc],

PUP.Optional.DealPly.A, C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.9.7.9_0\background.js, Quarantined, [a810cb86f784e353ec16076ee41e956b],

PUP.Optional.DealPly.A, C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.9.7.9_0\manifest.json, Quarantined, [a810cb86f784e353ec16076ee41e956b],

Physical Sectors: 0

(No malicious items detected)

(end)

#5
njnauticalnut17

Posted 16 May 2014 - 03:21 PM

Member

Topic Starter
Member
66 posts

The AVG log states:

Whole Computer Scan

No infection was found during this scan

Scanned folders:;"Scan Whole Computer"

Started:;"5/16/2014, 2:31:42PM"

Finished:;"5/16/2014, 5:13:18PM"

Scanned items:;"205830"

Launched by:;"User"

#6
Dakeyras

Posted 17 May 2014 - 12:12 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Thanks for your response.

You're welcome!

I read that having two virus programs on the computer could cause a conflict so I uninstalled McAfee as it was not being used.

Aye that is correct...Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download the installer for Registry Backup from here or here and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

Right-click on aswMBR.exe and select Run as Administrator to launch the application
When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
Now click on the Scan button to start the scan.
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Click on Exit.

Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy and Paste this report into your next reply.

Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered ?
aswMBR Log.
AdwCleaner Log.

#7
njnauticalnut17

Posted 17 May 2014 - 03:37 PM

Member

Topic Starter
Member
66 posts

Again thank you for your response and assistance. It is greatly appreciated.

The computer has been booting normally and not freezing so it is running better. When booting I am no longer getting "could not load file or assembly sorttbls.nlp or one of its dependencies" error.

Here are the logs you requested:

aswMBR Log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-05-17 13:37:30

-----------------------------

13:37:30.855 OS Version: Windows x64 6.1.7601 Service Pack 1

13:37:30.855 Number of processors: 1 586 0x7C02

13:37:30.857 ComputerName: EILEENPULSINELL UserName:

13:37:33.229 Initialize success

13:41:35.531 AVAST engine defs: 14051700

13:42:31.034 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:42:31.037 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11

13:42:31.168 Disk 0 MBR read successfully

13:42:31.172 Disk 0 MBR scan

13:42:31.182 Disk 0 Windows 7 default MBR code

13:42:31.188 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63

13:42:31.210 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855

13:42:31.233 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700

13:42:31.288 Disk 0 scanning C:\Windows\system32\drivers

13:42:55.148 Service scanning

13:43:45.164 Modules scanning

13:43:45.191 Disk 0 trace - called modules:

13:43:45.238 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

13:43:45.602 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030a25c0]

13:43:45.627 3 CLASSPNP.SYS[fffff880011ce43f] -> nt!IofCallDriver -> [0xfffffa8003053760]

13:43:45.639 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fff060]

13:43:47.350 AVAST engine scan C:\Windows

13:43:52.928 AVAST engine scan C:\Windows\system32

13:54:44.311 AVAST engine scan C:\Windows\system32\drivers

13:55:06.088 AVAST engine scan C:\Users\Eileen Pulsinelli

14:39:20.170 AVAST engine scan C:\ProgramData

14:46:01.990 Scan finished successfully

17:15:32.771 Disk 0 MBR has been saved successfully to "C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014\MBR.dat"

17:15:32.780 The log file has been saved successfully to "C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014\aswMBR.txt"

AdwCleaner Log
# AdwCleaner v3.208 - Report created 17/05/2014 at 17:22:55

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Eileen Pulsinelli - EILEENPULSINELL

# Running from : C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Users\Eileen Pulsinelli\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Eileen Pulsinelli\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Public\Documents\iWin

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf

File Deleted : C:\Users\EILEEN~1\AppData\Local\Temp\Uninstall.exe

File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2

Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [9278 octets] - [17/05/2014 17:19:51]

AdwCleaner[S0].txt - [9043 octets] - [17/05/2014 17:22:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9103 octets] ##########

#8
Dakeyras

Posted 18 May 2014 - 04:53 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Again thank you for your response and assistance. It is greatly appreciated.

You're most welcome!

The computer has been booting normally and not freezing so it is running better. When booting I am no longer getting "could not load file or assembly sorttbls.nlp or one of its dependencies" error.

Good, lets proceed as follows shall we...

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Alternate download is here.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Right-click on on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

JRT Log.
Both FRST Logs. <-- Post them individually please, IE: one Log per post/reply.

#9
njnauticalnut17

Posted 18 May 2014 - 09:40 AM

Member

Topic Starter
Member
66 posts

Hope you are having a good day. I will post each log in a separate reply. I left the FRST dialog box open as the "Fix" button is not grayed out. I have not clicked it but want to make sure that I do not have to do that.

Here is the first log:

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Eileen Pulsinelli on Sun 05/18/2014 at 10:12:11.27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Eileen Pulsinelli\AppData\Roaming\oovootb"

Successfully deleted: [Folder] "C:\Users\Eileen Pulsinelli\appdata\locallow\oovootb"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/18/2014 at 10:36:08.75

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10
njnauticalnut17

Posted 18 May 2014 - 09:41 AM

Member

Topic Starter
Member
66 posts

Here is the FRST log

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014

Ran by Eileen Pulsinelli (administrator) on EILEENPULSINELL on 18-05-2014 11:25:07

Running from C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

(SanDisk Corporation) C:\Users\Eileen Pulsinelli\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)

HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)

HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-21] (Acer Corp.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()

HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1540288 2008-12-24] (Leader Technologies Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)

HKU\.DEFAULT\...\RunOnce: [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [22504120 2011-01-25] (ooVoo LLC)

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\Run: [EPSON NX210 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDA.EXE [223232 2008-11-05] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\Run: [Verizon Media Manager] => C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe [1490944 2011-09-08] ()

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\Run: [SansaDispatch] => C:\Users\Eileen Pulsinelli\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-03-22] (SanDisk Corporation)

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\MountPoints2: E - E:\LaunchU3.exe -a

HKU\S-1-5-21-562758786-576061103-3792044421-1000\...\MountPoints2: {d0a9ea71-f541-11e2-824a-806e6f6e6963} - E:\VZW_Software_upgrade_assistant.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Eileen Pulsinelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk

ShortcutTarget: Epson all-in-one Registration.lnk -> D:\Common\EpsonReg\EpsonReg.exe (No File)

Startup: C:\Users\Eileen Pulsinelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...kusaolp00000051

URLSearchHook: HKLM-x32 - Games.com Toolbar Search Class - {e3dce200-ae96-4a64-9fe7-b5d2d8569768} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL LLC)

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW

SearchScopes: HKCU - {3D41F773-C2A2-4541-8F58-DF94FA1311D3} URL = http://search.yahoo....q={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...&rlz=1I7ACAW_en

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Games.com Toolbar Loader - {b07040d6-4cb3-4af4-8a5c-038b7cd8a5d8} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL LLC)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Games.com Toolbar - {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - C:\Program Files (x86)\Games.com Toolbar\gamescomtb.dll (AOL LLC)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {9DA1BCF1-77F5-41C5-B7C3-C597DC20752C} - No File

DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB

DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.co...ploader_v10.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Eileen Pulsinelli\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Eileen Pulsinelli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-11-05]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-14]

FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-14]

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()

CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Unity Player) - C:\Users\Eileen Pulsinelli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (SOE Web Installer) - C:\Users\Eileen Pulsinelli\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (SiteAdvisor) - C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-09-30]

CHR Extension: (Google Wallet) - C:\Users\Eileen Pulsinelli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [140424 2014-03-24] (McAfee, Inc.)

S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [X]

S3 McSysmon; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [X]

S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-03] (AVG Technologies)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S2 MCSTRM; No ImagePath

S3 cpuz132; \??\C:\Users\EILEEN~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4

C:\Windows\System32\DRIVERS\atikmdag.sys 2DB9047AAC9D981F59CE06D04D70C4D8

C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163

C:\Windows\System32\DRIVERS\avgdiska.sys 2D5E8A35808FDA50274CFD22000DAB53

C:\Windows\System32\DRIVERS\avgidsdrivera.sys E92276DB995B7E75DA9B9DD271058A8E

C:\Windows\System32\DRIVERS\avgidsha.sys F6CE2F1B6E890FB5EBC04A11A2E31DC1

C:\Windows\System32\DRIVERS\avgldx64.sys B323DE78E0C75F3605C7A200F3CF350F

C:\Windows\System32\DRIVERS\avgloga.sys 6E381AFF06BC6ABFAEF70405014D7A37

C:\Windows\System32\DRIVERS\avgmfx64.sys DBFB9BEAE2816FDB4B4EF8C89AFA3DF0

C:\Windows\System32\DRIVERS\avgrkx64.sys 9C6CD518AE78D532FB33240DE11C765D

C:\Windows\System32\DRIVERS\avgtdia.sys F86A506DA0BF61402E19DB8AF0684C9A

C:\Windows\system32\drivers\avgtpx64.sys 9FD4BC46784309176AEFA26AA8241DA1

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\dc3d.sys 76E02DB615A03801D698199A2BC4A06A

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\SysWOW64\Drivers\DKbFltr.sys D5BCB77BE83CF99F508943945D46343D

C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361

C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\RTKVHD64.sys ==> MD5 is legit

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6

C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC

C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\L1C62x64.sys 2377EC4CC3E356655B996F39B43486B6

C:\Windows\System32\DRIVERS\LHidFilt.Sys 0A7D6ED578D85F0C35353424EE3F5245

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\LMouFilt.Sys 6542E2E6DB58118FBB1B82A68CE3AFF9

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\LVPr2M64.sys DED333DBDBBCC3555A6E6244522E2F1A

C:\Windows\System32\DRIVERS\lvrs64.sys 986C1CB787A007BAA5F74E7D316D7246

C:\Windows\System32\DRIVERS\lvuvc64.sys 5747BC465ABEA2858C5D037252AED84E

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589

C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85

C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2

C:\Windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\SynTP.sys BCF305959B53B200CEB2AD25AD22F8A7

C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbaapl64.sys F724B03C3DFAACF08D17D38BF3333583

C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbfilter.sys 6648C6D7323A2CE0C4776C36CEFBCB14

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3

C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-18 11:24 - 2014-05-18 11:25 - 00000000 ____D () C:\FRST

2014-05-18 11:23 - 2014-05-18 11:23 - 02067456 _____ (Farbar) C:\Users\Eileen Pulsinelli\Downloads\FRST64.exe

2014-05-18 10:36 - 2014-05-18 10:36 - 00000818 _____ () C:\Users\Eileen Pulsinelli\Desktop\JRT.txt

2014-05-18 10:12 - 2014-05-18 10:12 - 00000000 ____D () C:\Windows\ERUNT

2014-05-18 10:10 - 2014-05-18 10:10 - 01016261 _____ (Thisisu) C:\Users\Eileen Pulsinelli\Downloads\JRT.exe

2014-05-17 17:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-17 17:19 - 2014-05-17 17:23 - 00000000 ____D () C:\AdwCleaner

2014-05-17 17:18 - 2014-05-17 17:18 - 01325827 _____ () C:\Users\Eileen Pulsinelli\Downloads\AdwCleaner.exe

2014-05-17 13:35 - 2014-05-18 11:25 - 00000000 ____D () C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014

2014-05-17 13:34 - 2014-05-17 13:34 - 04745728 _____ (AVAST Software) C:\Users\Eileen Pulsinelli\Downloads\aswmbr (1).exe

2014-05-17 13:33 - 2014-05-17 13:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EILEENPULSINELL-Microsoft-Windows-7-Home-Premium-(64-bit).dat

2014-05-17 13:30 - 2014-05-17 13:30 - 00000000 ____D () C:\RegBackup

2014-05-17 13:29 - 2014-05-17 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-05-17 13:25 - 2014-05-17 13:29 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-05-16 19:23 - 2014-05-16 19:23 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-16 19:20 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-16 19:20 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-16 19:20 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-16 19:20 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-16 19:20 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-16 19:20 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-16 17:16 - 2014-05-16 17:16 - 00000490 _____ () C:\Users\Eileen Pulsinelli\Documents\AVG LOG 5-16-2014.csv

2014-05-16 14:24 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-16 14:24 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-16 14:22 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-16 14:22 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-16 14:20 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-16 14:20 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-16 14:20 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-16 14:20 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-16 14:20 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-16 14:20 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-16 14:20 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-05-16 14:20 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-05-16 14:20 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-16 14:20 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-16 14:20 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-16 14:20 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-16 14:20 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-16 14:20 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-16 14:20 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-05-16 14:20 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-05-16 14:20 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll

2014-05-16 14:20 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-16 14:20 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-05-16 13:02 - 2014-05-16 13:08 - 00000000 ____D () C:\Users\Eileen Pulsinelli\AppData\Roaming\U3

2014-05-15 19:26 - 2014-05-16 12:07 - 00037681 _____ () C:\Users\Eileen Pulsinelli\Desktop\avgrep.txt

2014-05-15 14:12 - 2014-05-18 10:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-15 14:12 - 2014-05-15 14:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-15 14:12 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-15 14:12 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-15 14:12 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-15 14:10 - 2014-05-15 14:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eileen Pulsinelli\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-15 14:10 - 2014-05-15 14:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eileen Pulsinelli\Downloads\mbam-setup-2.0.1.1004 (1).exe

2014-05-14 17:37 - 2014-05-14 17:37 - 00000000 __SHD () C:\Users\Eileen Pulsinelli\AppData\Local\EmieUserList

2014-05-14 17:37 - 2014-05-14 17:37 - 00000000 __SHD () C:\Users\Eileen Pulsinelli\AppData\Local\EmieSiteList

2014-05-14 17:19 - 2014-05-14 17:20 - 00000000 ____D () C:\Program Files (x86)\GUM19E6.tmp

2014-05-14 17:19 - 2014-05-14 17:19 - 06103040 _____ () C:\Program Files (x86)\GUT1C09.tmp

2014-05-10 18:12 - 2014-05-10 18:12 - 06103040 _____ () C:\Program Files (x86)\GUT213.tmp

2014-05-10 18:12 - 2014-05-10 18:12 - 00000000 ____D () C:\Program Files (x86)\GUM212.tmp

2014-05-03 12:44 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-05-03 12:43 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-05-03 12:43 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-05-03 12:43 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-05-03 12:43 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-05-03 12:43 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-05-03 12:43 - 2013-12-05 22:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-05-03 12:43 - 2013-12-05 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-05-03 12:43 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-05-03 12:43 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-05-03 12:38 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-05-03 12:38 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-05-03 12:32 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-05-03 12:32 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-05-03 12:30 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-05-03 12:29 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-05-03 12:29 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-05-03 12:29 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-05-03 12:29 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-05-03 12:18 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-03 12:18 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-03 12:17 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-05-03 12:17 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-03 12:17 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-03 12:17 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-05-03 12:17 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-03 12:17 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-03 12:17 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-03 12:17 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-03 12:17 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-05-03 12:17 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-03 12:17 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-05-03 12:17 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-03 12:17 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-03 12:17 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-03 12:17 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-03 12:17 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-03 12:17 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-05-03 12:17 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-05-03 12:17 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-03 12:17 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-03 12:17 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-03 12:17 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-03 12:17 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-03 12:17 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-03 12:17 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-03 12:17 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-03 12:17 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-03 12:17 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-03 12:17 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-05-03 12:17 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-03 12:17 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-03 12:17 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-03 12:17 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-03 12:17 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-03 12:17 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-03 12:17 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-03 12:17 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-03 12:17 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-03 12:17 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-03 12:17 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-03 12:17 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-03 12:17 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-03 12:16 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-05-03 12:16 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-05-03 12:16 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-05-03 12:16 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-05-03 12:16 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-05-03 12:16 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-05-03 12:16 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-05-03 12:16 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-05-03 12:16 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-05-03 12:16 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-05-03 12:15 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-05-03 12:15 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

2014-05-18 11:25 - 2014-05-18 11:24 - 00000000 ____D () C:\FRST

2014-05-18 11:25 - 2014-05-17 13:35 - 00000000 ____D () C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014

2014-05-18 11:25 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-18 11:25 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-18 11:24 - 2010-02-25 13:18 - 01963331 _____ () C:\Windows\WindowsUpdate.log

2014-05-18 11:23 - 2014-05-18 11:23 - 02067456 _____ (Farbar) C:\Users\Eileen Pulsinelli\Downloads\FRST64.exe

2014-05-18 11:19 - 2013-06-03 17:24 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-05-18 11:19 - 2010-02-25 12:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-18 11:17 - 2009-11-05 16:37 - 01248574 _____ () C:\Windows\PFRO.log

2014-05-18 11:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-18 11:17 - 2009-07-14 00:51 - 00087496 _____ () C:\Windows\setupact.log

2014-05-18 11:09 - 2010-02-25 12:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-18 11:03 - 2012-09-30 03:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-18 10:36 - 2014-05-18 10:36 - 00000818 _____ () C:\Users\Eileen Pulsinelli\Desktop\JRT.txt

2014-05-18 10:12 - 2014-05-18 10:12 - 00000000 ____D () C:\Windows\ERUNT

2014-05-18 10:10 - 2014-05-18 10:10 - 01016261 _____ (Thisisu) C:\Users\Eileen Pulsinelli\Downloads\JRT.exe

2014-05-18 10:09 - 2014-05-15 14:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-18 08:02 - 2013-07-26 11:34 - 00000000 ____D () C:\ProgramData\MFAData

2014-05-17 17:35 - 2009-07-14 01:13 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-17 17:27 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-05-17 17:23 - 2014-05-17 17:19 - 00000000 ____D () C:\AdwCleaner

2014-05-17 17:18 - 2014-05-17 17:18 - 01325827 _____ () C:\Users\Eileen Pulsinelli\Downloads\AdwCleaner.exe

2014-05-17 17:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-05-17 13:34 - 2014-05-17 13:34 - 04745728 _____ (AVAST Software) C:\Users\Eileen Pulsinelli\Downloads\aswmbr (1).exe

2014-05-17 13:33 - 2014-05-17 13:33 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EILEENPULSINELL-Microsoft-Windows-7-Home-Premium-(64-bit).dat

2014-05-17 13:30 - 2014-05-17 13:30 - 00000000 ____D () C:\RegBackup

2014-05-17 13:29 - 2014-05-17 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-05-17 13:29 - 2014-05-17 13:25 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-05-17 13:20 - 2010-03-22 09:15 - 00001586 _____ () C:\Users\Eileen Pulsinelli\AppData\Roaming\wklnhst.dat

2014-05-17 13:20 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-05-17 12:26 - 2012-09-30 03:28 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-16 19:36 - 2010-02-25 10:29 - 00000000 ___RD () C:\Users\Eileen Pulsinelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-16 19:36 - 2010-02-25 10:29 - 00000000 ___RD () C:\Users\Eileen Pulsinelli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-16 19:31 - 2009-07-14 00:45 - 00343576 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-16 19:29 - 2012-05-16 09:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-05-16 19:29 - 2012-05-16 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-05-16 19:23 - 2014-05-16 19:23 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-16 19:12 - 2009-11-05 16:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-16 19:08 - 2012-05-16 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-05-16 17:16 - 2014-05-16 17:16 - 00000490 _____ () C:\Users\Eileen Pulsinelli\Documents\AVG LOG 5-16-2014.csv

2014-05-16 13:17 - 2014-02-24 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-05-16 13:17 - 2013-10-04 15:36 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-05-16 13:08 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Eileen Pulsinelli\AppData\Roaming\U3

2014-05-16 13:04 - 2012-09-30 03:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-16 13:04 - 2012-06-01 10:39 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-16 13:04 - 2012-06-01 10:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-16 12:53 - 2009-11-05 16:21 - 00000000 ____D () C:\ProgramData\McAfee

2014-05-16 12:52 - 2009-11-05 16:21 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-05-16 12:49 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-16 12:29 - 2010-03-03 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games.com

2014-05-16 12:29 - 2010-03-03 21:17 - 00000000 ____D () C:\Games

2014-05-16 12:29 - 2010-03-03 21:11 - 00000000 ____D () C:\Program Files (x86)\RealArcade

2014-05-16 12:07 - 2014-05-15 19:26 - 00037681 _____ () C:\Users\Eileen Pulsinelli\Desktop\avgrep.txt

2014-05-15 19:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-05-15 14:12 - 2014-05-15 14:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-15 14:12 - 2014-05-15 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-15 14:10 - 2014-05-15 14:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eileen Pulsinelli\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-15 14:10 - 2014-05-15 14:10 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Eileen Pulsinelli\Downloads\mbam-setup-2.0.1.1004 (1).exe

2014-05-14 17:50 - 2010-02-25 12:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-14 17:37 - 2014-05-14 17:37 - 00000000 __SHD () C:\Users\Eileen Pulsinelli\AppData\Local\EmieUserList

2014-05-14 17:37 - 2014-05-14 17:37 - 00000000 __SHD () C:\Users\Eileen Pulsinelli\AppData\Local\EmieSiteList

2014-05-14 17:20 - 2014-05-14 17:19 - 00000000 ____D () C:\Program Files (x86)\GUM19E6.tmp

2014-05-14 17:19 - 2014-05-14 17:19 - 06103040 _____ () C:\Program Files (x86)\GUT1C09.tmp

2014-05-13 21:48 - 2013-10-04 15:18 - 00000000 ____D () C:\Users\Eileen Pulsinelli\AppData\Local\Avg2014

2014-05-10 18:12 - 2014-05-10 18:12 - 06103040 _____ () C:\Program Files (x86)\GUT213.tmp

2014-05-10 18:12 - 2014-05-10 18:12 - 00000000 ____D () C:\Program Files (x86)\GUM212.tmp

2014-05-09 02:14 - 2014-05-16 14:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-05-09 02:11 - 2014-05-16 14:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-05-06 00:40 - 2014-05-16 19:20 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 00:17 - 2014-05-16 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-05 23:25 - 2014-05-16 19:20 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-05 23:07 - 2014-05-16 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-05 23:00 - 2014-05-16 19:20 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-05 22:10 - 2014-05-16 19:20 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-03 12:05 - 2010-02-25 12:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-03 11:51 - 2013-07-26 12:13 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-04-29 12:24 - 2010-02-25 10:26 - 00000000 ____D () C:\Users\Eileen Pulsinelli

2014-04-29 12:22 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal

2014-04-29 12:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-04-29 12:19 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew

2014-04-29 12:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Services

2014-04-29 12:16 - 2014-02-04 11:18 - 00000000 ____D () C:\Windows\SysWOW64\cache

2014-04-29 12:16 - 2012-09-30 03:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-04-29 12:16 - 2009-11-05 16:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-04-29 12:15 - 2013-10-14 15:13 - 00000000 ____D () C:\ProgramData\HP

2014-04-29 12:15 - 2013-08-16 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon

2014-04-29 12:15 - 2012-09-30 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-04-29 12:15 - 2012-01-24 19:09 - 00000000 ____D () C:\Windows\Minidump

2014-04-29 12:15 - 2009-11-05 16:39 - 00000000 ____D () C:\ProgramData\Symantec

2014-04-29 12:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

Some content of TEMP:

====================

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\912B.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\AMPing.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\avguidx.dll

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\conduit.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ffunzip.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\GLF323F.tmp.tbooVo.dll

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\InstallManager_BAB_BAB.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\IPx64_1033.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\oi_{0D9FA1E4-CF63-42EA-A37D-6F6137747BA7}.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\oi_{CA2998E5-9DD1-4DE0-9635-3E9E427FD23A}.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\prxGLF323F.tmp.tbooVo.dll

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\Quarantine.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\WiseUpdX.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\Wise~tmp.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\_is47F8.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\_is80BC.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\_isAE6C.exe

C:\Users\Eileen Pulsinelli\AppData\Local\Temp\{EB142503-5DC3-4B18-8B9B-95806A120F82}-34.0.1847.137_chrome_installer.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe

[2014-05-16 14:20] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-17 16:48

==================== End Of Log ============================

#11
njnauticalnut17

Posted 18 May 2014 - 09:43 AM

Member

Topic Starter
Member
66 posts

Here is the Addition log:

Addition Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014

Ran by Eileen Pulsinelli at 2014-05-18 11:27:39

Running from C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6000E609n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)

Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden

Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)

Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)

AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{963BFE7E-C350-4346-B43C-B02358306A45}) (Version: 3.3.0.69 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)

ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)

AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden

Bejeweled (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden

ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden

ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Clone Wars (HKCU\...\SOE-Clone Wars) (Version: - Sony Online Entertainment)

Comcast High-Speed Internet Install Wizard (HKLM-x32\...\ComcastHSI) (Version: - Comcast Cable Communications, LLC)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version: - )

Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation)

EPSON NX210 Series Printer Uninstall (HKLM\...\EPSON NX210 Series) (Version: - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Games.com Toolbar (HKLM-x32\...\Games.com Toolbar) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)

HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

IHA_MessageCenter (HKLM-x32\...\{9DA5D90E-6C6D-484B-A549-EF54FEC1C08C}) (Version: 1.8.5 - Verizon)

iTunes (HKLM\...\{0C682623-8F66-46A8-B9B3-93FE1E66A001}) (Version: 10.1.1.4 - Apple Inc.)

Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)

LEGO Universe (HKLM-x32\...\NetDevil_LEGO_Universe_is1) (Version: - LEGO Software)

Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)

Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.121 - McAfee, Inc.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)

NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)

NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden

NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)

NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden

ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.9.0105 - ooVoo LLC.)

ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)

Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)

Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )

Safari (HKLM-x32\...\{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}) (Version: 5.33.19.4 - Apple Inc.)

Samsung Master (HKLM-x32\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.1.14 - Samsung)

Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.42.0 - Verizon)

WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points =========================

16-05-2014 16:56:28 Windows Update

16-05-2014 23:04:04 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0336324B-9914-4D0D-963E-1E07A3540F6D} - System32\Tasks\McDefragTask => c:\PROGRA~2\mcafee\mqc\QcConsol.exe

Task: {24D3C806-0B13-4651-A1F1-B11BEB358248} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {278C47EA-D326-446F-A193-2480EE9A4741} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{EADC836E-C6AA-4984-B505-F6E2E5068DC2}.exe

Task: {6800AA89-1245-41AA-AAEB-44C35835748D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)

Task: {F03D41EC-6B91-4580-925A-5A27B4FD49BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)

Task: {F9B1715E-6D4A-4381-918B-0CF9CDCFA10D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-25] (Google Inc.)

Task: {FD21B8EE-6568-4085-840D-E205A18E26DD} - \DealPlyUpdate No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{EADC836E-C6AA-4984-B505-F6E2E5068DC2}.exe

Task: C:\Windows\Tasks\Bomgar Task 1000387.job => C:\Program Files (x86)\Internet Explorer\iexplore.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

2009-07-07 18:09 - 2009-07-07 18:09 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-02-25 13:20 - 2010-02-25 13:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll

2009-07-16 16:35 - 2009-07-16 16:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll

2009-07-16 16:35 - 2009-07-16 16:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll

2009-07-16 16:35 - 2009-07-16 16:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll

2009-07-16 16:34 - 2009-07-16 16:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll

2009-07-16 16:36 - 2009-07-16 16:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll

2009-07-16 16:36 - 2009-07-16 16:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll

2009-07-16 16:36 - 2009-07-16 16:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll

2010-03-21 14:01 - 2008-12-03 14:05 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

2010-03-21 14:01 - 2008-11-26 10:56 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

2010-06-03 13:46 - 2010-06-03 13:46 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-05-17 12:25 - 2014-05-07 19:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

2014-05-17 12:26 - 2014-05-07 19:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

2014-05-17 12:25 - 2014-05-07 19:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

2014-05-17 12:26 - 2014-05-07 19:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

2014-05-17 12:26 - 2014-05-07 19:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

2014-05-17 12:25 - 2014-05-07 19:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Error: (05/18/2014 11:18:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The vToolbarUpdater18.1.0 service failed to start due to the following error:

%%2

Error: (05/18/2014 11:18:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MCSTRM service failed to start due to the following error:

%%2

Error: (05/18/2014 11:18:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The McAfee Real-time Scanner service failed to start due to the following error:

%%2

Error: (05/18/2014 11:17:46 AM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

Error: (05/18/2014 11:17:46 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 52%

Total physical RAM: 2812.05 MB

Available physical RAM: 1322.21 MB

Total Pagefile: 5622.28 MB

Available Pagefile: 3628.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:51.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 93423164)

Partition 1: (Not Active) - (Size=12 GB) - (Type=27)

Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#12
Dakeyras

Posted 18 May 2014 - 02:20 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Hope you are having a good day.

Aye fine thank you and likewise!

I left the FRST dialog box open as the "Fix" button is not grayed out. I have not clicked it but want to make sure that I do not have to do that.

Acknowledged, though not a cause for concern I will further add. However we will be making use of that feature shortly.

Uninstall Software:

Please click on Start(Windows 7 Orb >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Games.com Toolbar <-- Has undesirable characteristics.

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program

Next:

I see you have opted to download/run some of the tools I request to this folder on your desktop:

Malware Removal 2014

Not a problem per-say but do ensure you save the custom FRST fix to this location, otherwise FRST will be unable to locate and in turn process the aforementioned custom fix/script.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to the Malware Removal 2014 folder on your desktop.

[attachment=70629:fixlist.txt]

Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab.
Reboot your machine(ensure you do this) when prompted to do so and post the contents of the newly created Fixlog in your next reply(it should be within the Malware Removal 2014 folder).

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Fix Log from the Custom FRST Script.

#13
njnauticalnut17

Posted 18 May 2014 - 03:27 PM

Member

Topic Starter
Member
66 posts

I have done as you asked but before I post the log, I want to check something.

Upon rebooting after the scan, I get a Windows Security Alert stating that Windows Firewall has blocked some features of EEventManager Application on all public and private networks.

Here is what it says:

Name: EEventManager Application

Publisher: Seiko Epson Corporation

Path: C:\program files (x86)\epson software\event manager\eeventmanager.exe

This program has already been blocked or unblocked for a different network location

Allow EEventManager Application to communicate on these networks:

Private networks, such as my home or work network. The firewall is already configured for this network. [this one is greyed out]

Public networks, such as those in airports and coffee shops (not recommended because these networks have little or no security) [this one has a check in the box]

My choice is allow or cancel. I would think I would cancel but wanted to check to make sure I am making the correct choice.

Thanks.

#14
njnauticalnut17

Posted 18 May 2014 - 03:33 PM

Member

Topic Starter
Member
66 posts

FYI - FRST did not advise that there was a new updated version.

The computer is performing significantly better. It is booting normally, it is not freezing, malware programs run, and it is not running slow especially the internet which was running very slow.

Here is the fix log:

Fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014

Ran by Eileen Pulsinelli at 2014-05-18 17:08:35 Run:1

Running from C:\Users\Eileen Pulsinelli\Desktop\Malware Removal 2014

Boot Mode: Normal

==============================================

Content of fixlist:

*****************