Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ads constantly popping up! Grrr! [Closed]


  • This topic is locked This topic is locked
18 replies to this topic

#1 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 06 March 2014 - 07:37 PM

I'm getting very irritating ads popping up, and although I've run Malwarebytes Antimalware and the Junkware Removal Tool, they're still hanging around. It's "Ads not by this site" ads, and I don't know what else to do. I don't see any suspicious programs in Add/Remove Programs, nor do I have any suspicious add-ons to remove in my Firefox browser.

 

Here is a hijack this log. Thanks!

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:35:34 PM, on 3/6/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 28.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11945 bytes
 


Edited by Getoutandstayout, 06 March 2014 - 08:36 PM.

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 08 March 2014 - 11:06 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 

#3 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 08 March 2014 - 11:41 AM

Here are the three files.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Owner (administrator) on OWNER-PC on 08-03-2014 12:19:45
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriControl.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-04] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Standby] - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-12-17] (Corel)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2950786308-227742302-1544317472-1000\...\Run: [AdobeBridge] - [X]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKCU - EFC0243D65A64C06A6B274128A5D59AA URL = http://www.google.co...1I7SMSN_enUS527
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326
FF NewTab: about:blank
FF Homepage: www.yahoo.com
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-22d46fdc522044b7\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 12:19 - 2014-03-08 12:20 - 00018820 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 12:18 - 2014-03-08 12:19 - 00000000 ____D () C:\FRST
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-07 20:54 - 2014-03-07 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:00 - 2014-03-07 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:38 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:27 - 2014-03-02 20:38 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:36 - 2014-03-02 20:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:18 - 2014-03-02 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-02-21 11:18 - 2014-03-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-19 19:20 - 2014-02-19 19:21 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 20:42 - 2014-02-16 20:39 - 00000426 _____ () C:\AVScanner.ini
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:21 - 2014-02-20 01:33 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-15 08:10 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-15 08:10 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-15 08:09 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-15 08:09 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-15 08:09 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-15 08:09 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-15 08:09 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-15 08:09 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-15 08:09 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-15 08:09 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-15 08:09 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-15 08:09 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-15 08:09 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-15 08:09 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-15 08:09 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-15 08:09 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-15 08:09 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-15 08:09 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-15 08:09 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-15 08:09 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-15 08:09 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-15 08:09 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-15 08:09 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 08:23 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 08:23 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 08:23 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 08:23 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 21:24 - 2014-02-20 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-12 21:23 - 2014-02-17 21:04 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe

==================== One Month Modified Files and Folders =======

2014-03-08 12:20 - 2014-03-08 12:19 - 00018820 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 12:19 - 2014-03-08 12:18 - 00000000 ____D () C:\FRST
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-08 12:17 - 2013-03-22 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-03-08 12:16 - 2013-12-02 11:43 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-08 12:15 - 2014-01-06 15:49 - 00001344 _____ () C:\windows\Tasks\FreeHDSport TV V6.0-updater.job
2014-03-08 12:15 - 2014-01-06 15:48 - 00002248 _____ () C:\windows\Tasks\FreeHDSport TV V6.0-firefoxinstaller.job
2014-03-08 12:15 - 2013-03-18 21:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 12:15 - 2010-05-03 00:52 - 01375838 _____ () C:\windows\WindowsUpdate.log
2014-03-07 21:09 - 2014-03-07 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 21:09 - 2014-03-07 20:53 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 21:00 - 2014-03-06 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:49 - 2013-11-22 17:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 20:17 - 2013-03-24 00:21 - 00000000 ____D () C:\Qoobox
2014-03-06 20:15 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:14 - 2013-12-08 00:27 - 00015532 _____ () C:\windows\setupact.log
2014-03-06 19:14 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:07 - 2014-02-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:02 - 2013-06-01 11:19 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-06 18:37 - 2009-07-14 00:13 - 00780908 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-06 18:33 - 2010-08-19 01:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-03-06 18:30 - 2013-12-08 00:27 - 00139092 _____ () C:\windows\PFRO.log
2014-03-04 11:36 - 2013-11-13 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\Seths stuff
2014-03-02 21:08 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 21:05 - 2014-01-16 07:41 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 21:05 - 2014-01-16 07:41 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 20:38 - 2014-03-02 20:27 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:38 - 2014-03-02 20:27 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:33 - 2013-03-13 21:33 - 00000000 ____D () C:\ProgramData\Apple
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 20:24 - 2014-03-02 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:34 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-03-02 07:01 - 2013-06-15 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\iFunbox_UserCache
2014-02-23 09:06 - 2013-03-18 21:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 09:05 - 2013-12-11 12:57 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 09:05 - 2013-03-18 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-20 21:17 - 2014-02-12 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-20 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-02-20 16:55 - 2013-06-15 17:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2014-02-20 16:55 - 2013-06-15 17:41 - 00000000 ____D () C:\ProgramData\Real
2014-02-20 08:42 - 2013-10-07 19:31 - 00000000 ____D () C:\Users\Owner\Documents\Scratch Projects
2014-02-20 01:33 - 2014-02-15 08:21 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-19 19:21 - 2014-02-19 19:20 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:09 - 2013-03-24 00:21 - 05183112 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-02-17 21:04 - 2014-02-12 21:23 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-16 20:39 - 2014-02-17 20:42 - 00000426 _____ () C:\AVScanner.ini
2014-02-16 19:43 - 2013-04-13 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-02-16 16:38 - 2013-07-17 06:42 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:36 - 2013-06-08 19:50 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:24 - 2013-06-08 19:05 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe
2014-02-09 16:38 - 2013-05-08 21:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Games
2014-02-09 16:30 - 2014-01-26 15:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-02-06 07:16 - 2014-02-15 08:09 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-15 08:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-15 08:09 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-15 08:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-15 08:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-15 08:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-15 08:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-15 08:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-15 08:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-15 08:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-15 08:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-15 08:09 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-15 08:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-15 08:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-15 08:09 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-15 08:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-15 08:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-15 08:09 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-15 08:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-15 08:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-15 08:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-15 08:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-15 08:09 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-15 08:09 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-15 08:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-15 08:09 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-15 08:09 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-15 08:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-15 08:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-15 08:09 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-15 08:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-02 12:08

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by Owner at 2014-03-08 12:20:26
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BatteryLifeExtender (HKLM-x32\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.272 - Corel Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2511 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2511 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3604b - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.3604b - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3904 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3228f - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228f - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 2.0.3911 - CyberLink Corp.) Hidden
DeviceIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
DiskAid 6.5.6.0 (HKLM\...\DiskAid_is1) (Version: 6.5.6.0 - DigiDNA)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{34B76DCB-BF7C-440F-B058-C84172C1E338}) (Version: 4.2.8 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.6 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.3 - Samsung)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ExtractNow (HKLM-x32\...\ExtractNow) (Version:  - Nathan Moinvaziri)
FreeHDSport TV V6.0 (HKLM-x32\...\FreeHDSport TV V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
GNS3 0.8.5 (HKLM-x32\...\GNS3) (Version: 0.8.5 - )
HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
ICA (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
iFunbox (v2.6.2375.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.6.2375.747 - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2102 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Wireless Display (HKLM\...\{BF8D7372-5200-4EC7-9FB0-5398D108F81C}) (Version: 1.2.14.0 - Intel Corporation)
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.340 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.340 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM-x32\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MLE (x32 Version: 1.0.0.18 - Corel Corporation) Hidden
Monkey Quest (HKLM-x32\...\Monkey Quest) (Version: 1.0 - Viacom)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
PureHD (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Retrovirus (HKLM-x32\...\Steam App 227800) (Version:  - Cadenza Interactive)
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung Support Center (HKLM-x32\...\{749BDD29-D756-4B9B-8022-3E666A24C13F}) (Version: 1.1.3 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Sendori (HKLM-x32\...\Sendori) (Version: 2.0.16 - Sendori, Inc.)
Setup (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.272 - Corel Corporation) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.5 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.5 - SmartSound Software Inc.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
TouchCopy 12 (HKLM-x32\...\{669211D2-2F83-456E-83D9-EF959AD3681F}) (Version: 12.24 - Wide Angle Software)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Avanset)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VSClassic (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.272 - Corel Corporation) Hidden
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.1 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.1 - The Wireshark developer community, http://www.wireshark.org)

==================== Restore Points  =========================

16-02-2014 21:33:17 Windows Modules Installer
16-02-2014 21:34:54 Windows Modules Installer
26-02-2014 16:23:31 Scheduled Checkpoint
07-03-2014 01:02:55 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-06 20:14 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A44B892-D808-47D0-97BD-63F6D7F27A52} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)
Task: {0C9289E5-A80F-410A-A211-BD7031107F6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {2890490B-FF5D-4E99-8E4B-DCA1179CF705} - System32\Tasks\FreeHDSport TV V6.0-updater => C:\Program Files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe [2014-01-06] (installdaddy) <==== ATTENTION
Task: {31C24409-BBE2-48B5-8415-9D792B680D11} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2950786308-227742302-1544317472-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3AC22EAD-A446-402B-A672-C013CD6021D4} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-13] (Samsung Electronics Co., Ltd.)
Task: {3D43B542-A827-4118-8FE4-1311EA243B72} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {5892B29E-7961-4DAB-9643-7BFD385C41F8} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-04-06] (SAMSUNG Electronics co., LTD.)
Task: {641190D6-FA60-4553-84EE-D23D6C41E201} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {7C8F5E20-D3A1-4AA1-B518-D175D48ECC24} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2950786308-227742302-1544317472-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {97C7A3C8-6BB0-4468-9972-8139DE4C9E56} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-11-10] (Samsung Electronics Co., Ltd.)
Task: {9CDC11A6-C6A0-403D-A0FA-BD79BFADA05B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE37D3DD-D8C3-4D30-AB23-AF6B39836DC5} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-18] (SEC)
Task: {B363571B-0AFD-49EE-8473-28ECA64D7EE7} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-18] (Samsung Electronics. Co. Ltd.)
Task: {CB62B6F3-44D7-4ABF-AA33-321099AE4A90} - System32\Tasks\FreeHDSport TV V6.0-firefoxinstaller => C:\Program Files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-firefoxinstaller.exe [2014-01-06] (installdaddy) <==== ATTENTION
Task: {CBCFE404-CF65-4053-B2C7-F40C86EFEF45} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-02] (AVAST Software)
Task: {D40FED0A-48B9-4956-AE91-CAE45CAB1E30} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FreeHDSport TV V6.0-firefoxinstaller.job => C:\Program Files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-firefoxinstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\FreeHDSport TV V6.0-updater.job => C:\Program Files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-03-04 19:21 - 2010-03-04 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-05-03 00:59 - 2009-07-07 13:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-03-04 19:21 - 2010-03-04 19:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-07 20:13 - 2014-03-07 13:45 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030701\algo.dll
2014-03-08 12:17 - 2014-03-08 04:17 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14030800\algo.dll
2013-12-02 11:42 - 2013-12-02 11:42 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-06 19:00 - 2014-03-06 19:00 - 03630704 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-23 09:05 - 2014-02-23 09:05 - 16265096 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\Local Settings:du5uwGMlLCgRtGRro4fqN1TZI2z
AlternateDataStreams: C:\Users\Owner\AppData\Local:du5uwGMlLCgRtGRro4fqN1TZI2z
AlternateDataStreams: C:\Users\Owner\AppData\Local\Application Data:du5uwGMlLCgRtGRro4fqN1TZI2z

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29875704

Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29875704

Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29874566

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29874566

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13353

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13353

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 03:57:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12230


System errors:
=============
Error: (03/08/2014 03:57:30 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/08/2014 03:57:31 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/07/2014 08:13:23 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/07/2014 01:02:39 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/07/2014 04:21:42 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/06/2014 09:21:39 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/06/2014 08:15:02 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/06/2014 08:14:12 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/06/2014 08:14:11 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/06/2014 08:10:59 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29875704

Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29875704

Error: (03/08/2014 00:15:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29874566

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29874566

Error: (03/08/2014 00:15:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13353

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13353

Error: (03/08/2014 03:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2014 03:57:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12230


CodeIntegrity Errors:
===================================
  Date: 2014-03-06 20:14:12.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-06 20:14:11.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-06 20:14:11.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-06 20:14:11.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 21:23:53.806
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 21:23:53.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 21:23:53.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 21:23:53.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-08 00:25:36.005
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-08 00:25:35.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3892.54 MB
Available physical RAM: 2252.67 MB
Total Pagefile: 7783.27 MB
Available Pagefile: 5385.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:720.25 GB) (Free:580.27 GB) NTFS
Drive d: () (Fixed) (Total:191.16 GB) (Free:186.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3137C1B8)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=720 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=191 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-08 12:38:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000071 ATA_____ rev.0002 931.51GB
Running: GMER.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----
 



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 08 March 2014 - 01:15 PM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
    FreeHDSport TV V6.0 (HKLM-x32\...\FreeHDSport TV V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
    ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
    ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs


Coupon Printer for Windows
FreeHDSport TV V6.0
ScorpionSaver
ScorpionSaver Services



Close the window.

 

 

when finished, do the following:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

Also, create and post a new FRST log.


Proud Member of UNITE & TB
 

#5 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 08 March 2014 - 06:50 PM

I ran FRST but wasn't sure of your instruction "Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt." I saved the code as "fixlist.txt" on my desktop, which is where I saved all my other stuff. I then ran frst.exe and it took only like two seconds to finish. Was I supposed to insert that "fixlist.txt" into the FRST program somehow? The file was just on the desktop.

 

I wasn't able to remove Scorpionsaver from programs; I got an error (see attachment). I also ran the FRST program again and added its log again.

Thanks.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01
Ran by Owner at 2014-03-08 18:15:02 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
FreeHDSport TV V6.0 (HKLM-x32\...\FreeHDSport TV V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
*****************


==== End of Fixlog ====

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-08 18:21:32
-----------------------------
18:21:32.474    OS Version: Windows x64 6.1.7601 Service Pack 1
18:21:32.475    Number of processors: 4 586 0x2502
18:21:32.476    ComputerName: OWNER-PC  UserName: Owner
18:21:34.563    Initialize success
18:21:38.859    AVAST engine defs: 14030800
18:22:16.553    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
18:22:16.557    Disk 0 Vendor: ATA_____ 0002 Size: 953869MB BusType: 11
18:22:17.611    Disk 0 MBR read successfully
18:22:17.614    Disk 0 MBR scan
18:22:17.897    Disk 0 unknown MBR code
18:22:17.973    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20477 MB offset 2048
18:22:18.165    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41938944
18:22:18.289    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       737536 MB offset 42143744
18:22:18.308    Disk 0 Partition - 00     0F Extended LBA            195752 MB offset 1552617472
18:22:18.438    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       195751 MB offset 1552619520
18:22:19.404    Disk 0 scanning C:\windows\system32\drivers
18:23:41.886    Service scanning
18:24:03.622    Modules scanning
18:24:03.973    Disk 0 trace - called modules:
18:24:04.044    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
18:24:04.051    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004650060]
18:24:04.056    3 CLASSPNP.SYS[fffff88001e8043f] -> nt!IofCallDriver -> [0xfffffa80044eca90]
18:24:04.062    5 iaStorF.sys[fffff88001a13a2c] -> nt!IofCallDriver -> \Device\00000071[0xfffffa80043724c0]
18:24:05.204    AVAST engine scan C:\windows
18:28:25.298    AVAST engine scan C:\windows\system32
18:44:40.102    AVAST engine scan C:\windows\system32\drivers
18:44:53.171    AVAST engine scan C:\Users\Owner
18:55:06.245    File: C:\Users\Owner\Downloads\Cisco.Lead2Pass.640-822.399q.vce.exe  **INFECTED** Win32:Adware-gen [Adw]
19:07:43.254    AVAST engine scan C:\ProgramData
19:22:20.857    Scan finished successfully
19:32:04.526    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:32:04.535    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Owner (administrator) on OWNER-PC on 08-03-2014 19:49:57
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\windows\system32\mspaint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Owner\Desktop\Malware Programs\aswMBR.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-04] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Standby] - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-12-17] (Corel)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2950786308-227742302-1544317472-1000\...\Run: [AdobeBridge] - [X]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKCU - EFC0243D65A64C06A6B274128A5D59AA URL = http://www.google.co...1I7SMSN_enUS527
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 64.134.255.2 64.134.255.10

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326
FF NewTab: about:blank
FF Homepage: www.yahoo.com
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-22d46fdc522044b7\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]
U3 kgloapow; \??\C:\Users\Owner\AppData\Local\Temp\kgloapow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 19:32 - 2014-03-08 19:32 - 00002309 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-03-08 19:32 - 2014-03-08 19:32 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-03-08 12:38 - 2014-03-08 12:38 - 00000369 _____ () C:\Users\Owner\Desktop\ark.txt
2014-03-08 12:23 - 2014-03-08 12:23 - 00380416 _____ () C:\Users\Owner\Downloads\GMER.exe
2014-03-08 12:20 - 2014-03-08 12:20 - 00035125 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-08 12:19 - 2014-03-08 19:49 - 00019141 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 12:18 - 2014-03-08 19:49 - 00000000 ____D () C:\FRST
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-07 21:00 - 2014-03-08 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 20:54 - 2014-03-07 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:38 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:27 - 2014-03-02 20:38 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:36 - 2014-03-02 20:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:18 - 2014-03-02 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-02-21 11:18 - 2014-03-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-19 19:20 - 2014-02-19 19:21 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 20:42 - 2014-02-16 20:39 - 00000426 _____ () C:\AVScanner.ini
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:21 - 2014-02-20 01:33 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-15 08:10 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-15 08:10 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-15 08:09 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-15 08:09 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-15 08:09 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-15 08:09 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-15 08:09 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-15 08:09 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-15 08:09 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-15 08:09 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-15 08:09 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-15 08:09 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-15 08:09 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-15 08:09 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-15 08:09 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-15 08:09 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-15 08:09 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-15 08:09 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-15 08:09 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-15 08:09 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-15 08:09 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-15 08:09 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-15 08:09 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 08:23 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 08:23 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 08:23 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 08:23 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 21:24 - 2014-02-20 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-12 21:23 - 2014-02-17 21:04 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe

==================== One Month Modified Files and Folders =======

2014-03-08 19:50 - 2014-03-08 12:19 - 00019141 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 19:49 - 2014-03-08 12:18 - 00000000 ____D () C:\FRST
2014-03-08 19:32 - 2014-03-08 19:32 - 00002309 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-03-08 19:32 - 2014-03-08 19:32 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-03-08 19:18 - 2010-05-03 00:52 - 01392251 _____ () C:\windows\WindowsUpdate.log
2014-03-08 19:03 - 2013-12-08 00:27 - 00015644 _____ () C:\windows\setupact.log
2014-03-08 18:57 - 2013-03-18 21:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 17:02 - 2009-07-14 00:13 - 00780908 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-08 12:38 - 2014-03-08 12:38 - 00000369 _____ () C:\Users\Owner\Desktop\ark.txt
2014-03-08 12:38 - 2014-03-07 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 12:23 - 2014-03-08 12:23 - 00380416 _____ () C:\Users\Owner\Downloads\GMER.exe
2014-03-08 12:20 - 2014-03-08 12:20 - 00035125 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-08 12:17 - 2013-03-22 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-03-08 12:16 - 2013-12-02 11:43 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-07 21:09 - 2014-03-07 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 21:09 - 2014-03-07 20:53 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:49 - 2013-11-22 17:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 20:17 - 2013-03-24 00:21 - 00000000 ____D () C:\Qoobox
2014-03-06 20:15 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:14 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:07 - 2014-02-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:02 - 2013-06-01 11:19 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-06 18:33 - 2010-08-19 01:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-03-06 18:30 - 2013-12-08 00:27 - 00139092 _____ () C:\windows\PFRO.log
2014-03-04 11:36 - 2013-11-13 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\Seths stuff
2014-03-02 21:08 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 21:05 - 2014-01-16 07:41 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 21:05 - 2014-01-16 07:41 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 20:38 - 2014-03-02 20:27 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:38 - 2014-03-02 20:27 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:33 - 2013-03-13 21:33 - 00000000 ____D () C:\ProgramData\Apple
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 20:24 - 2014-03-02 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:34 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-03-02 07:01 - 2013-06-15 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\iFunbox_UserCache
2014-02-23 09:06 - 2013-03-18 21:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 09:05 - 2013-12-11 12:57 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 09:05 - 2013-03-18 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-20 21:17 - 2014-02-12 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-20 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-02-20 16:55 - 2013-06-15 17:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2014-02-20 16:55 - 2013-06-15 17:41 - 00000000 ____D () C:\ProgramData\Real
2014-02-20 08:42 - 2013-10-07 19:31 - 00000000 ____D () C:\Users\Owner\Documents\Scratch Projects
2014-02-20 01:33 - 2014-02-15 08:21 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-19 19:21 - 2014-02-19 19:20 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:09 - 2013-03-24 00:21 - 05183112 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-02-17 21:04 - 2014-02-12 21:23 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-16 20:39 - 2014-02-17 20:42 - 00000426 _____ () C:\AVScanner.ini
2014-02-16 19:43 - 2013-04-13 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-02-16 16:38 - 2013-07-17 06:42 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:36 - 2013-06-08 19:50 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:24 - 2013-06-08 19:05 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe
2014-02-09 16:38 - 2013-05-08 21:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Games
2014-02-09 16:30 - 2014-01-26 15:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-02-06 07:16 - 2014-02-15 08:09 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-15 08:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-15 08:09 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-15 08:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-15 08:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-15 08:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-15 08:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-15 08:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-15 08:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-15 08:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-15 08:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-15 08:09 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-15 08:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-15 08:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-15 08:09 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-15 08:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-15 08:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-15 08:09 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-15 08:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-15 08:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-15 08:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-15 08:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-15 08:09 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-15 08:09 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-15 08:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-15 08:09 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-15 08:09 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-15 08:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-15 08:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-15 08:09 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-15 08:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-02 12:08

==================== End Of Log ============================

Attached Thumbnails

  • Error-Scorpion-Saver-removal.jpg


#6 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 08 March 2014 - 06:52 PM

I ran FRST but wasn't sure of your instruction "Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt." I saved the code as "fixlist.txt" on my desktop, which is where I saved all my other stuff. I then ran frst.exe and it took only like two seconds to finish. Was I supposed to insert that "fixlist.txt" into the FRST program somehow? The file was just on the desktop.

 

I wasn't able to remove Scorpionsaver from programs; I got an error (see attachment). I also ran the FRST program again and added its log again.

Thanks.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2014 01
Ran by Owner at 2014-03-08 18:15:02 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
FreeHDSport TV V6.0 (HKLM-x32\...\FreeHDSport TV V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
*****************


==== End of Fixlog ====

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-08 18:21:32
-----------------------------
18:21:32.474    OS Version: Windows x64 6.1.7601 Service Pack 1
18:21:32.475    Number of processors: 4 586 0x2502
18:21:32.476    ComputerName: OWNER-PC  UserName: Owner
18:21:34.563    Initialize success
18:21:38.859    AVAST engine defs: 14030800
18:22:16.553    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
18:22:16.557    Disk 0 Vendor: ATA_____ 0002 Size: 953869MB BusType: 11
18:22:17.611    Disk 0 MBR read successfully
18:22:17.614    Disk 0 MBR scan
18:22:17.897    Disk 0 unknown MBR code
18:22:17.973    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        20477 MB offset 2048
18:22:18.165    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41938944
18:22:18.289    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       737536 MB offset 42143744
18:22:18.308    Disk 0 Partition - 00     0F Extended LBA            195752 MB offset 1552617472
18:22:18.438    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       195751 MB offset 1552619520
18:22:19.404    Disk 0 scanning C:\windows\system32\drivers
18:23:41.886    Service scanning
18:24:03.622    Modules scanning
18:24:03.973    Disk 0 trace - called modules:
18:24:04.044    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
18:24:04.051    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004650060]
18:24:04.056    3 CLASSPNP.SYS[fffff88001e8043f] -> nt!IofCallDriver -> [0xfffffa80044eca90]
18:24:04.062    5 iaStorF.sys[fffff88001a13a2c] -> nt!IofCallDriver -> \Device\00000071[0xfffffa80043724c0]
18:24:05.204    AVAST engine scan C:\windows
18:28:25.298    AVAST engine scan C:\windows\system32
18:44:40.102    AVAST engine scan C:\windows\system32\drivers
18:44:53.171    AVAST engine scan C:\Users\Owner
18:55:06.245    File: C:\Users\Owner\Downloads\Cisco.Lead2Pass.640-822.399q.vce.exe  **INFECTED** Win32:Adware-gen [Adw]
19:07:43.254    AVAST engine scan C:\ProgramData
19:22:20.857    Scan finished successfully
19:32:04.526    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:32:04.535    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Owner (administrator) on OWNER-PC on 08-03-2014 19:49:57
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\windows\system32\mspaint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Owner\Desktop\Malware Programs\aswMBR.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-04] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2010-01-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Standby] - C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2009-12-17] (Corel)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-10-07] (Sendori, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2950786308-227742302-1544317472-1000\...\Run: [AdobeBridge] - [X]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKCU - EFC0243D65A64C06A6B274128A5D59AA URL = http://www.google.co...1I7SMSN_enUS527
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 64.134.255.2 64.134.255.10

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326
FF NewTab: about:blank
FF Homepage: www.yahoo.com
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-22d46fdc522044b7\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120096 2013-10-07] (Sendori, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-04] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-10-07] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-10-07] (Sendori)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-02] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-05] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-12] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 aswMBR; \??\C:\Users\Owner\AppData\Local\Temp\aswMBR.sys [X]
U3 kgloapow; \??\C:\Users\Owner\AppData\Local\Temp\kgloapow.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 19:32 - 2014-03-08 19:32 - 00002309 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-03-08 19:32 - 2014-03-08 19:32 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-03-08 12:38 - 2014-03-08 12:38 - 00000369 _____ () C:\Users\Owner\Desktop\ark.txt
2014-03-08 12:23 - 2014-03-08 12:23 - 00380416 _____ () C:\Users\Owner\Downloads\GMER.exe
2014-03-08 12:20 - 2014-03-08 12:20 - 00035125 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-08 12:19 - 2014-03-08 19:49 - 00019141 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 12:18 - 2014-03-08 19:49 - 00000000 ____D () C:\FRST
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-07 21:00 - 2014-03-08 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-07 20:54 - 2014-03-07 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:36 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 21:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:38 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:27 - 2014-03-02 20:38 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:36 - 2014-03-02 20:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:18 - 2014-03-02 11:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-02-21 11:18 - 2014-03-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-19 19:20 - 2014-02-19 19:21 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 20:42 - 2014-02-16 20:39 - 00000426 _____ () C:\AVScanner.ini
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:21 - 2014-02-20 01:33 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-15 08:10 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-15 08:10 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-15 08:09 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-15 08:09 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-15 08:09 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-15 08:09 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-15 08:09 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-15 08:09 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-15 08:09 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-15 08:09 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-15 08:09 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-15 08:09 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-15 08:09 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-15 08:09 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-15 08:09 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-15 08:09 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-15 08:09 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-15 08:09 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-15 08:09 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-15 08:09 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-15 08:09 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-15 08:09 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-15 08:09 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-15 08:09 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-15 08:09 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-15 08:09 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-15 08:09 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-15 08:09 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-15 08:09 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-15 08:09 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-15 08:09 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-13 08:23 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 08:23 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 08:23 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 08:23 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 08:23 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-12 21:24 - 2014-02-20 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-12 21:23 - 2014-02-17 21:04 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe

==================== One Month Modified Files and Folders =======

2014-03-08 19:50 - 2014-03-08 12:19 - 00019141 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-03-08 19:49 - 2014-03-08 12:18 - 00000000 ____D () C:\FRST
2014-03-08 19:32 - 2014-03-08 19:32 - 00002309 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-03-08 19:32 - 2014-03-08 19:32 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-03-08 19:18 - 2010-05-03 00:52 - 01392251 _____ () C:\windows\WindowsUpdate.log
2014-03-08 19:03 - 2013-12-08 00:27 - 00015644 _____ () C:\windows\setupact.log
2014-03-08 18:57 - 2013-03-18 21:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 17:02 - 2009-07-14 00:13 - 00780908 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-08 12:38 - 2014-03-08 12:38 - 00000369 _____ () C:\Users\Owner\Desktop\ark.txt
2014-03-08 12:38 - 2014-03-07 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-08 12:23 - 2014-03-08 12:23 - 00380416 _____ () C:\Users\Owner\Downloads\GMER.exe
2014-03-08 12:20 - 2014-03-08 12:20 - 00035125 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-03-08 12:17 - 2014-03-08 12:17 - 02156544 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-08 12:17 - 2013-03-22 01:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-03-08 12:16 - 2013-12-02 11:43 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-07 21:09 - 2014-03-07 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 21:09 - 2014-03-07 20:53 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-03-07 20:54 - 2014-03-07 20:54 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-07 20:53 - 2014-03-07 20:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-07 20:49 - 2014-03-07 20:49 - 00002226 _____ () C:\Users\Owner\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:49 - 2013-11-22 17:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-03-07 20:47 - 2014-03-07 20:47 - 02218636 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2014-03-06 20:35 - 2014-03-06 20:35 - 00011947 _____ () C:\Users\Owner\Desktop\hijackthis7.log
2014-03-06 20:17 - 2014-03-06 20:17 - 00047074 _____ () C:\ComboFix.txt
2014-03-06 20:17 - 2013-03-24 00:21 - 00000000 ____D () C:\Qoobox
2014-03-06 20:15 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:25 - 2009-07-13 23:45 - 00014144 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 19:14 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-06 19:11 - 2014-03-06 19:11 - 00006285 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-06 19:07 - 2014-02-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-03-06 19:03 - 2014-03-06 19:03 - 00001504 _____ () C:\Users\Owner\Desktop\RKreport[2]_D_03062014_02d1903.txt
2014-03-06 19:02 - 2013-06-01 11:19 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2014-03-06 19:00 - 2014-03-06 19:00 - 00001538 _____ () C:\Users\Owner\Desktop\RKreport[1]_S_03062014_02d1900.txt
2014-03-06 18:44 - 2014-03-06 18:44 - 00000000 ____D () C:\windows\pss
2014-03-06 18:33 - 2010-08-19 01:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-03-06 18:30 - 2013-12-08 00:27 - 00139092 _____ () C:\windows\PFRO.log
2014-03-04 11:36 - 2013-11-13 21:09 - 00000000 ____D () C:\Users\Owner\Desktop\Seths stuff
2014-03-02 21:08 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskAid
2014-03-02 21:05 - 2014-01-16 07:41 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 21:05 - 2014-01-16 07:41 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2950786308-227742302-1544317472-1000
2014-03-02 20:38 - 2014-03-02 20:27 - 00000991 _____ () C:\Users\Public\Desktop\DiskAid.lnk
2014-03-02 20:38 - 2014-03-02 20:27 - 00000000 ____D () C:\Program Files (x86)\DiskAid
2014-03-02 20:37 - 2014-03-02 20:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iTunes
2014-03-02 20:37 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-02 20:36 - 2014-03-02 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-03-02 20:33 - 2013-03-13 21:33 - 00000000 ____D () C:\ProgramData\Apple
2014-03-02 20:30 - 2014-03-02 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-02 20:28 - 2014-03-02 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\DigiDNA
2014-03-02 20:27 - 2014-03-02 20:27 - 12840328 _____ (DigiDNA ) C:\Users\Owner\Downloads\DiskAid_6_5_6.exe
2014-03-02 20:24 - 2014-03-02 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MediaMonkey
2014-03-02 11:37 - 2014-03-02 11:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\MediaMonkey
2014-03-02 11:34 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Syncios
2014-03-02 11:18 - 2014-03-02 11:18 - 00000000 ____D () C:\Users\Owner\Documents\Syncios
2014-03-02 11:17 - 2014-03-02 11:17 - 17367264 _____ (Anvsoft, Inc. ) C:\Users\Owner\Downloads\syncios.exe
2014-03-02 07:01 - 2013-06-15 08:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\iFunbox_UserCache
2014-02-23 09:06 - 2013-03-18 21:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-23 09:05 - 2013-12-11 12:57 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-23 09:05 - 2013-03-18 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 11:15 - 2014-02-21 11:15 - 02021104 _____ (Coupons.com Incorporated) C:\Users\Owner\Desktop\CouponPrinterCPS.exe
2014-02-20 21:17 - 2014-02-12 21:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\MetaGeek,_LLC
2014-02-20 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-02-20 16:55 - 2013-06-15 17:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2014-02-20 16:55 - 2013-06-15 17:41 - 00000000 ____D () C:\ProgramData\Real
2014-02-20 08:42 - 2013-10-07 19:31 - 00000000 ____D () C:\Users\Owner\Documents\Scratch Projects
2014-02-20 01:33 - 2014-02-15 08:21 - 01037734 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2014-02-19 19:21 - 2014-02-19 19:20 - 34637975 _____ (MIT Media Lab Lifelong Kindergarten Group) C:\Users\Owner\Downloads\ScratchInstaller1.4.exe
2014-02-17 21:09 - 2013-03-24 00:21 - 05183112 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-02-17 21:04 - 2014-02-12 21:23 - 00002471 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00001077 _____ () C:\Users\Owner\Desktop\Kaspersky Security Scan.lnk
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-17 20:59 - 2014-02-17 20:59 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-02-17 20:57 - 2014-02-17 20:57 - 00185800 _____ (Лаборатория Касперского) C:\Users\Owner\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-16 20:39 - 2014-02-17 20:42 - 00000426 _____ () C:\AVScanner.ini
2014-02-16 19:43 - 2013-04-13 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\vlc
2014-02-16 16:38 - 2013-07-17 06:42 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:36 - 2013-06-08 19:50 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 16:36 - 2014-02-15 16:36 - 00000000 ____D () C:\Users\Owner\Documents\Verizon
2014-02-15 08:24 - 2013-06-08 19:05 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-15 08:14 - 2014-02-15 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.adobe.amp
2014-02-12 21:23 - 2014-02-12 21:23 - 00000000 ____D () C:\Program Files (x86)\inSSIDer Home
2014-02-12 21:22 - 2014-02-12 21:22 - 04767744 _____ () C:\Users\Owner\Downloads\inSSIDer-installer.msi
2014-02-09 17:09 - 2014-02-09 17:09 - 00921000 _____ (Oracle Corporation) C:\Users\Owner\Downloads\77jxpiinstall.exe
2014-02-09 16:38 - 2013-05-08 21:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Games
2014-02-09 16:30 - 2014-01-26 15:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-02-06 07:16 - 2014-02-15 08:09 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-15 08:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-15 08:09 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-15 08:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-15 08:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-15 08:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-15 08:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-15 08:09 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-15 08:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-15 08:09 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-15 08:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-15 08:09 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-15 08:09 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-15 08:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-15 08:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-15 08:09 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-15 08:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-15 08:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-15 08:09 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-15 08:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-15 08:09 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-15 08:09 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-15 08:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-15 08:09 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-15 08:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-15 08:09 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-15 08:09 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-15 08:09 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-15 08:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-15 08:09 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-15 08:09 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-15 08:09 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-15 08:09 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-15 08:09 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-15 08:09 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-02 12:08

==================== End Of Log ============================



#7 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 08 March 2014 - 06:54 PM

This post failed to upload initially, then I wasn't able to edit it once it went up. I'm re-attaching the image of the failed removal of Scorpion Saver that I mentioned to you.

Attached Thumbnails

  • Error-Scorpion-Saver-removal.jpg


#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 March 2014 - 07:16 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
    Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml
    CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
    R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
    
    C:\Users\Owner\Desktop\CouponPrinterCPS.exe
    C:\Program Files (x86)\Coupons.com CouponBar
    
    CMD: netsh winsock reset
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 

#9 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 12 March 2014 - 05:56 PM

The fixlog.txt first. After that is the Malwarebytes log - but I inadvertently ran the quick scan out of habit before I realized it should have been a full scan. The quick scan found an item, and so did the full scan. I'm posting both logs.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Owner at 2014-03-11 21:11:33 Run:2
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)

C:\Users\Owner\Desktop\CouponPrinterCPS.exe
C:\Program Files (x86)\Coupons.com CouponBar

CMD: netsh winsock reset
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\searchplugins\bingp.xml => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf => Key deleted successfully.
"C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
C:\Users\Owner\Desktop\CouponPrinterCPS.exe => Moved successfully.
"C:\Program Files (x86)\Coupons.com CouponBar" => File/Directory not found.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Owner :: OWNER-PC [administrator]

3/11/2014 9:12:56 PM
mbam-log-2014-03-11 (21-12-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226810
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.FreeHDSportTV.A) -> Quarantined and deleted successfully.

(end)
 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Owner :: OWNER-PC [administrator]

3/11/2014 9:30:41 PM
mbam-log-2014-03-11 (21-30-41).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 548494
Time elapsed: 2 hour(s), 29 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\Downloads\Dreamweaver-CS5\1Adobe.Dreamweaver.CS.5\KeyGen\Adobe_DW_CS5_KeyGen.rar (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\Dreamweaver-CS5\Adobe.Dreamweaver.CS.5\KeyGen\Adobe_DW_CS5_KeyGen.rar (Malware.Gen) -> Quarantined and deleted successfully.

(end)
 



#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 13 March 2014 - 07:48 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 

    Advertisements

Register to Remove


#11 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 16 March 2014 - 04:04 PM

The ESET online scan site would not come up, either in IE or Firefox. I'm posting the results of the other two scans.

 

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 17:27:02
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Owner\AppData\Local\emaze
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\windows\System32\AdpeakProxy.ini
File Deleted : C:\windows\System32\AdpeakProxy64.dll
File Deleted : C:\windows\System32\AdpeakProxyOff.ini

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKCU\Software\5f0d7dab56dea17
Key Deleted : HKLM\SOFTWARE\5f0d7dab56dea17
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4573 octets] - [17/11/2013 13:35:53]
AdwCleaner[R1].txt - [7720 octets] - [13/03/2014 19:25:26]
AdwCleaner[R2].txt - [7780 octets] - [16/03/2014 17:26:05]
AdwCleaner[S0].txt - [7789 octets] - [16/03/2014 17:27:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7849 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 03/16/2014 at 17:54:42.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\m0n8rcd9.default-1390617411326\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/16/2014 at 18:03:09.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 March 2014 - 04:34 AM

Pleae reboot into safe mode and try again to run ESET.


Proud Member of UNITE & TB
 

#13 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 20 March 2014 - 07:51 AM

Sorry for the delay. I'll get to it first thing after work today.



#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 March 2014 - 08:04 AM

OK! :)


Proud Member of UNITE & TB
 

#15 Getoutandstayout

Getoutandstayout

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 20 March 2014 - 08:05 PM

Here is the result of the ESET scan. Thanks!

 

 

 

C:\Program Files (x86)\OpenDownloaderManager\mt.exe    Win32/BrowseFox.C potentially unwanted application
C:\ProgramData\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Custom.dll    Win32/InstalleRex.M potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\102_dealply_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\103_intext_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\104_jollywallet_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\105_corticas_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\108_icm_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\119_similar_web_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\120_luck_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\123_intext_adv_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\125_arcadi2_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\126_revizer_ws_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\127_revizer_p_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\128_superfish_pricora_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\135_arcadi3_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\138_getdeal_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\141_corticas_ru_m.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\142_intext_fa_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\155_ibario_pops_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\159_cortica_rollover_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\175_coolmirage_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\180_bpo_serp_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\184_noproblemppc_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\189_active_sanity.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\190_pops_5_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\191_ciuvo_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\194_retargeting_bi_m.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\91_monetizationLoader.js.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m0n8rcd9.default-1390617411326\extensions\01e89cb1-f65e-4d01-9a8c-16784b40f1e3@2579a6e9-6ce6-413f-94ce-37240c823447.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir    Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir    Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{8b29f98a-ca21-9102-75e3-c79a5aa0f795}\U\00000004.@.vir    Win64/Conedex.C trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{8b29f98a-ca21-9102-75e3-c79a5aa0f795}\U\80000000.@.vir    Win64/Sirefef.AW trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{8b29f98a-ca21-9102-75e3-c79a5aa0f795}\U\80000032.@.vir    Win32/Sirefef.FV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{8b29f98a-ca21-9102-75e3-c79a5aa0f795}\U\80000064.@.vir    Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\01.06.2013_11.11.51\zasubsys0000\zafs0000\tsk0000.dta    Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\01.06.2013_11.11.51\zasubsys0000\zafs0000\tsk0001.dta    Win64/Sirefef.W trojan
C:\Users\All Users\InstallMate\{C9EAC1DB-5370-4609-A4E2-1B521209E32D}\Custom.dll    Win32/InstalleRex.M potentially unwanted application
C:\Users\Owner\Documents\ICND\Cisco.Lead2Pass.640-816.271q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Users\Owner\Documents\ICND\Cisco.Lead2Pass.640-822.399q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Users\Owner\Downloads\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Owner\Downloads\Cisco.Lead2Pass.640-816.271q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Users\Owner\Downloads\Cisco.Lead2Pass.640-822.399q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Users\Owner\Downloads\JetAudio_Basic-SEO-10013740.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Owner\Downloads\syncios.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-816.271q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Users\Owner\Downloads\CCNA\Cisco.Lead2Pass.640-822.399q.vce.exe    Win32/InstallMonetizer.AL potentially unwanted application
C:\Windows\Installer\MSI45F3.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\_OTL\MovedFiles\06032013_191416\C_Users\Owner\Downloads\WinZip170.exe    a variant of Win32/OpenInstall potentially unwanted application
 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users