Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 01
Ran by Levi (administrator) on JEFF on 13-08-2014 18:27:53
Running from C:\Users\Levi\Desktop
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [DeleteEngineAfterUpdate] => reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: linkscanner - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-07]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (YouTube) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
CHR Extension: (Google Search) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
CHR Extension: (Skype Click to Call) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-13]
CHR Extension: (Google Wallet) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
CHR Extension: (Gmail) - C:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Nat\AppData\Local\Temp\crxCF13.tmp [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-03-04] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 catchme; \??\C:\Users\Ffej\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslb1b04789; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB6E96FC-71D2-4038-851B-7C230689A908}\MpKslb1b04789.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 18:27 - 2014-08-13 18:28 - 00008809 _____ () C:\Users\Levi\Desktop\FRST.txt
2014-08-13 18:27 - 2014-08-13 18:27 - 01092096 _____ (Farbar) C:\Users\Levi\Desktop\FRST.exe
2014-08-13 18:27 - 2014-08-13 18:27 - 00000000 ____D () C:\Users\Levi\Desktop\FRST-OlderVersion
2014-08-13 15:39 - 2014-08-13 15:40 - 03469871 _____ (LIGHTNING UK!) C:\Users\Levi\Downloads\SetupImgBurn_2.5.8.0.exe
2014-08-13 15:31 - 2014-08-13 15:31 - 00164941 _____ () C:\Users\Levi\Downloads\WBICreator.zip
2014-08-13 15:14 - 2014-08-13 15:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 15:14 - 2014-08-13 15:14 - 00000000 _____ () C:\Windows\setupact.log
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Adobe
2014-08-13 14:30 - 2014-08-13 14:30 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Winamp
2014-08-13 14:22 - 2014-08-13 18:16 - 2783166763 _____ () C:\Users\Levi\Downloads\install.wim
2014-08-13 14:22 - 2014-08-13 14:47 - 133129475 _____ () C:\Users\Levi\Downloads\boot.wim
2014-08-13 14:19 - 2014-08-13 14:31 - 85177872 _____ (Microsoft Corporation) C:\Users\Levi\Downloads\MicrosoftInstaller.exe
2014-08-13 14:16 - 2014-08-13 14:16 - 00061048 _____ () C:\Users\Levi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-13 14:15 - 2014-08-13 14:15 - 00000949 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000944 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000915 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000020 ___SH () C:\Users\Levi\ntuser.ini
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi\AppData\Local\VirtualStore
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi\AppData\Local\Google
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi
2014-08-13 14:15 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Levi\AppData\Local\Microsoft Help
2014-08-13 14:15 - 2008-01-20 23:56 - 00000000 ___RD () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-13 14:15 - 2008-01-20 23:56 - 00000000 ___RD () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-13 12:55 - 2008-01-02 18:33 - 00172032 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll
2014-08-13 12:54 - 2014-08-13 12:54 - 00017875 _____ () C:\ComboFix.txt
2014-08-13 12:35 - 2014-08-13 12:54 - 00000000 ____D () C:\Qoobox
2014-08-13 12:35 - 2014-08-13 12:54 - 00000000 ____D () C:\ComboFix
2014-08-13 12:35 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-13 12:35 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-13 12:35 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-13 12:35 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-13 12:35 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-13 12:35 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-13 12:35 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-13 12:35 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-13 12:34 - 2014-08-13 12:51 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 15:33 - 2014-08-13 18:27 - 00000000 ____D () C:\FRST
2014-08-11 04:25 - 2014-08-13 13:21 - 00006222 _____ () C:\Windows\PFRO.log
2014-08-11 04:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-07 01:59 - 2014-08-11 04:23 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:48 - 2014-08-07 01:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 17:52 - 2014-08-06 17:52 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagerr.xml
2014-08-02 20:51 - 2014-08-02 20:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-01 12:37 - 2014-08-01 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-01 12:36 - 2009-02-27 03:42 - 00031640 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-08-01 12:35 - 2014-08-01 18:39 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-08-01 12:30 - 2014-08-02 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-01 12:30 - 2014-08-02 20:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-01 12:30 - 2014-08-01 12:31 - 00000000 ____D () C:\Windows\SHELLNEW
2014-08-01 12:29 - 2014-08-01 12:29 - 00000000 ___RD () C:\MSOCache
2014-07-26 08:56 - 2014-07-26 08:56 - 00000000 ____D () C:\Program Files\SigmaTel
2014-07-26 08:56 - 2008-02-15 18:27 - 00330752 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt.sys
2014-07-26 08:56 - 2008-02-15 18:24 - 00150016 _____ (IDT, Inc.) C:\Windows\system32\st325866.dll
2014-07-26 08:56 - 2007-03-05 14:05 - 00492544 _____ (Creative Technology Ltd.) C:\Windows\system32\ctapo32.dll
2014-07-26 08:56 - 2007-03-05 14:05 - 00045568 _____ (Creative Technology Ltd) C:\Windows\system32\ctppld.dll
2014-07-26 07:59 - 2012-03-08 18:32 - 00039272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-07-26 07:39 - 2014-07-26 07:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-26 07:38 - 2014-07-26 07:39 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-26 07:22 - 2014-07-26 07:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-26 07:21 - 2014-07-26 07:22 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-26 07:21 - 2014-07-26 07:21 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-26 07:20 - 2014-07-26 07:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-26 00:58 - 2014-07-26 00:58 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-26 00:57 - 2014-07-26 00:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-23 00:45 - 2014-08-11 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-07-23 00:45 - 2014-07-23 00:45 - 00000000 ____D () C:\Program Files\Safer Networking
2014-07-18 17:06 - 2014-08-13 12:54 - 00000000 ____D () C:\Users\Jeff
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-13 18:28 - 2014-08-13 18:27 - 00008809 _____ () C:\Users\Levi\Desktop\FRST.txt
2014-08-13 18:27 - 2014-08-13 18:27 - 01092096 _____ (Farbar) C:\Users\Levi\Desktop\FRST.exe
2014-08-13 18:27 - 2014-08-13 18:27 - 00000000 ____D () C:\Users\Levi\Desktop\FRST-OlderVersion
2014-08-13 18:27 - 2014-08-12 15:33 - 00000000 ____D () C:\FRST
2014-08-13 18:18 - 2012-05-02 12:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 18:16 - 2014-08-13 14:22 - 2783166763 _____ () C:\Users\Levi\Downloads\install.wim
2014-08-13 18:14 - 2006-11-02 09:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 18:14 - 2006-11-02 09:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 17:30 - 2012-09-11 16:46 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 17:01 - 2008-01-20 22:38 - 01205081 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 15:40 - 2014-08-13 15:39 - 03469871 _____ (LIGHTNING UK!) C:\Users\Levi\Downloads\SetupImgBurn_2.5.8.0.exe
2014-08-13 15:31 - 2014-08-13 15:31 - 00164941 _____ () C:\Users\Levi\Downloads\WBICreator.zip
2014-08-13 15:14 - 2014-08-13 15:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 15:14 - 2014-08-13 15:14 - 00000000 _____ () C:\Windows\setupact.log
2014-08-13 14:47 - 2014-08-13 14:22 - 133129475 _____ () C:\Users\Levi\Downloads\boot.wim
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Adobe
2014-08-13 14:31 - 2014-08-13 14:19 - 85177872 _____ (Microsoft Corporation) C:\Users\Levi\Downloads\MicrosoftInstaller.exe
2014-08-13 14:30 - 2014-08-13 14:30 - 00000000 ____D () C:\Users\Levi\AppData\Roaming\Winamp
2014-08-13 14:16 - 2014-08-13 14:16 - 00061048 _____ () C:\Users\Levi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-13 14:15 - 2014-08-13 14:15 - 00000949 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000944 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000915 _____ () C:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-08-13 14:15 - 2014-08-13 14:15 - 00000020 ___SH () C:\Users\Levi\ntuser.ini
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi\AppData\Local\VirtualStore
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi\AppData\Local\Google
2014-08-13 14:15 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi
2014-08-13 14:15 - 2012-09-11 16:46 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 14:15 - 2006-11-02 09:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 14:13 - 2006-11-02 09:58 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 13:21 - 2014-08-11 04:25 - 00006222 _____ () C:\Windows\PFRO.log
2014-08-13 12:56 - 2006-11-02 07:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 12:54 - 2014-08-13 12:54 - 00017875 _____ () C:\ComboFix.txt
2014-08-13 12:54 - 2014-08-13 12:35 - 00000000 ____D () C:\Qoobox
2014-08-13 12:54 - 2014-08-13 12:35 - 00000000 ____D () C:\ComboFix
2014-08-13 12:54 - 2014-07-18 17:06 - 00000000 ____D () C:\Users\Jeff
2014-08-13 12:54 - 2006-11-02 08:18 - 00000000 __RHD () C:\Users\Default
2014-08-13 12:54 - 2006-11-02 08:18 - 00000000 ___RD () C:\Users\Public
2014-08-13 12:51 - 2014-08-13 12:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-13 12:49 - 2006-11-02 07:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-13 12:44 - 2011-09-29 19:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 22:08 - 2013-09-07 20:35 - 00000000 ____D () C:\jeff
2014-08-12 22:07 - 2013-08-25 20:39 - 00000000 ____D () C:\temp
2014-08-12 17:28 - 2011-10-09 14:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-11 13:25 - 2014-04-17 21:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 12:27 - 2006-11-02 09:44 - 00273368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-11 05:34 - 2014-07-23 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2014-08-11 04:25 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\security
2014-08-11 04:23 - 2014-08-07 01:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 01:48 - 2014-08-07 01:48 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 17:52 - 2014-08-06 17:52 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-08-06 17:51 - 2014-08-06 17:51 - 00000000 ____D () C:\Program Files\PowerISO
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-08-04 04:29 - 2014-08-04 04:29 - 00001905 _____ () C:\Windows\diagerr.xml
2014-08-02 20:57 - 2014-08-01 12:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 20:53 - 2014-08-01 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-02 20:51 - 2014-08-02 20:51 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-01 18:41 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Levi\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-08-01 18:41 - 2014-08-01 18:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-08-01 18:39 - 2014-08-01 12:35 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-08-01 18:39 - 2006-11-02 08:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-01 12:37 - 2014-08-01 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-01 12:33 - 2011-05-08 00:51 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-01 12:31 - 2014-08-01 12:30 - 00000000 ____D () C:\Windows\SHELLNEW
2014-08-01 12:29 - 2014-08-01 12:29 - 00000000 ___RD () C:\MSOCache
2014-07-26 11:11 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-26 08:56 - 2014-07-26 08:56 - 00000000 ____D () C:\Program Files\SigmaTel
2014-07-26 08:56 - 2010-11-12 22:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-26 08:00 - 2011-08-26 15:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-26 07:59 - 2014-07-26 07:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-07-26 07:39 - 2014-07-26 07:38 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-26 07:34 - 2011-08-26 15:10 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-07-26 07:22 - 2014-07-26 07:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-26 07:22 - 2014-07-26 07:21 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-26 07:21 - 2014-07-26 07:21 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-26 07:20 - 2014-07-26 07:20 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-26 00:58 - 2014-07-26 00:58 - 00000820 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-07-26 00:58 - 2014-07-26 00:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-25 13:18 - 2011-03-20 13:41 - 00000000 ____D () C:\Extras
2014-07-23 00:45 - 2014-07-23 00:45 - 00000000 ____D () C:\Program Files\Safer Networking
2014-07-23 00:37 - 2006-11-02 08:18 - 00000000 ____D () C:\Windows\Branding
2014-07-16 20:50 - 2012-09-11 16:47 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-13 14:20
==================== End Of Log ============================