Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Unable to Restore/Proxy Settings Keep Changing [Closed]


  • This topic is locked This topic is locked
27 replies to this topic

#1 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 01 June 2014 - 11:21 PM

My proxy settings keep getting changed to "use proxy server". I had several issues with spyware/malware/viruses. Used SuperAntispyware Remover and now it's WORSE! screen keeps blinking and I can only type a few letters at time because it blinks off the screen or pauses. I have to keep tapping on the mousepad to get the curser back on PLEASE HELP I'M DESPARATE I USE MY LAPTOP FOR WORK TO CREATE JOB ESTIMATES AND QUOTES FOR MY BUSINESS. I AM A WOMAN ALONE!!!!!!!


  • tyler1118 likes this

    Advertisements

Register to Remove


#2 TechieRanger

TechieRanger

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,017 posts

Posted 03 June 2014 - 09:19 AM

Hi, and welcome to our malware removal forum!

My name is Richard and I'll be happy to help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please note the following:

  • The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
  • I will be working on your malware issues. This may or may not solve other issues you may have with your system.
  • While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
  • Ensure that your anti-virus definitions are up-to-date.
  • I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
  • Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
  • During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
  • I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
  • Be sure to follow the directions and run tools/scans in the order listed.
  • If you do not reply to your topic, it will be closed after 3 days.

I will return as soon as possible with more instructions.



Regards,

Richard :wavey:


Posted Image
Richard
Proud Graduate of WTT Classroom

#3 TechieRanger

TechieRanger

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,017 posts

Posted 04 June 2014 - 02:02 PM


 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log(Addition.txt). Please attach it to your reply.

 

Next

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

In your next reply, please provide the following:

  • FRST log.
  • aswMBR log.

Regards,

Richard :wavey:


Posted Image
Richard
Proud Graduate of WTT Classroom

#4 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 05 June 2014 - 06:51 PM

I am running AVG Antivirus 2014 Free version. ShouId I keep it running while following your instructions?



#5 TechieRanger

TechieRanger

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,017 posts

Posted 06 June 2014 - 11:22 AM

you can keep AVG running for now. :)


Regards,

Richard :wavey:


Posted Image
Richard
Proud Graduate of WTT Classroom

#6 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 06:08 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Frankiej (administrator) on FRANKIEJ-PC on 09-06-2014 15:34:20
Running from C:\Users\Frankiej\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
() C:\Users\Frankiej\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2014-03-07] (Broadcom Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe , "C:\Windows\M57151\Ja634608bLay.com" [X]
HKLM-x32\...\Winlogon: [Shell] explorer.exe, "C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z\TuxO64746Z.exe" [260096 ] () <=== ATTENTION
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Frankiej\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Run: [TouchFreeze] => C:\Users\Frankiej\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\MountPoints2: {96d15567-3e1c-11e2-9923-001f297fea98} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\MountPoints2: {c8d77cd3-67ca-11e2-b9dc-001f297fea98} - E:\V8000_ZTE.exe
IFEO\msconfig.exe: [Debugger] C:\Windows\notepad.exe
IFEO\regedit.exe: [Debugger] C:\Windows\notepad.exe
Startup: C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:44444;https=127.0.0.1:44444
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x407F0C4BC480CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
URLSearchHook: HKCU - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...r=503977909&ir=
SearchScopes: HKCU - DefaultScope {8358C066-388C-4692-906D-8E379EC6BF00} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {8358C066-388C-4692-906D-8E379EC6BF00} URL = https://www.google.c...q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DD80CDAD-ACC0-431A-A580-8E9481B847F2}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ED2CECE6-9F2D-4E51-A412-261397F25E48}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Frankiej\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-27]
FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-11-27]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-31]
CHR Extension: (Google Drive) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-31]
CHR Extension: (Speedial) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-05-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-31]
CHR Extension: (Facebook Color Changer) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2014-06-03]
CHR Extension: (Google Search) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-31]
CHR Extension: (Speed Test) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjlgjphgjlijjbilomfnohfnljllmo [2014-06-03]
CHR Extension: (Online Antivirus AVG, Avira, Bitdefender) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekodkoiccchffhnhklfaaefocmiopldj [2014-06-04]
CHR Extension: (Quote Roller) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonldhmaohklgbbbhpbaajfgafbdlegp [2014-06-03]
CHR Extension: (Skill Builder Spelling - By Kaiserapps) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\glhnohphdlpegcogaebhdnfbhpifddmf [2014-06-03]
CHR Extension: (Color Changer for Facebook) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnafahpcndghkcdngfombklgpffkehmg [2014-06-03]
CHR Extension: (Ultimate Fonts) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjdlaifgnadeanlpdipkcdfjoonkehh [2014-06-03]
CHR Extension: (SingleClick Cleaner) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjmdabjeeddgcfjejbkaffmcehgiilf [2014-06-03]
CHR Extension: (Calculator) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\inhhlmhdllknkepmabbkhnlbaddllabl [2014-06-03]
CHR Extension: (Pixlr Touch Up) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-06-03]
CHR Extension: (Free Invoice Maker) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2014-06-03]
CHR Extension: (Sketchpad 3.5) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2014-06-03]
CHR Extension: (Onlive Clock) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\moddbcckaikhdnigidfcmaeelcobchpm [2014-06-03]
CHR Extension: (InspirARTion - Sketch & Draw!) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhbmpilemgmpbdaniehhmodkkppkelec [2014-06-03]
CHR Extension: (Fix Cleaner) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeicbdoddkeedpdhlcjncealfhflhml [2014-06-03]
CHR Extension: (Google Wallet) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (System) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnemjmlhjkeilmaidemofakmpclcbi [2014-06-03]
CHR Extension: (My Chrome Theme) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-06-03]
CHR Extension: (Floor Plan Creator) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2014-06-03]
CHR Extension: (ToonXn - Offline Games) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocncdpjafpninblmaonahdfdocbbdok [2014-06-03]
CHR Extension: (Click&Clean App) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-03]
CHR Extension: (Gmail) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-31]
CHR Extension: (Secure Shell) - C:\Users\Frankiej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2014-06-03]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-06-03]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2014-06-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2185528 2014-04-15] (AVG)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2014-03-07] (Broadcom Corporation) [File not signed]
S2 HPSLPSVC; C:\Users\Frankiej\AppData\Local\Temp\7zS6EDB\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-09-08] (Hewlett-Packard Development Company L.P.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-01-24] (EldoS Corporation)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-09 15:34 - 2014-06-09 15:35 - 00022021 _____ () C:\Users\Frankiej\Desktop\FRST.txt
2014-06-09 15:33 - 2014-06-09 15:34 - 00000000 ____D () C:\FRST
2014-06-09 15:31 - 2014-06-09 15:32 - 02080768 _____ (Farbar) C:\Users\Frankiej\Desktop\FRST64.exe
2014-06-08 22:57 - 2014-06-08 22:57 - 00001379 _____ () C:\Users\Frankiej\Desktop\DVDMaker - Shortcut.lnk
2014-06-08 22:16 - 2014-06-08 22:16 - 00003182 _____ () C:\Windows\System32\Tasks\{D56D1574-3FB6-43F4-90A5-ED033E9B8F6F}
2014-06-08 16:55 - 2014-06-08 16:55 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-06-06 02:30 - 2014-06-06 02:30 - 00002189 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-06-06 02:30 - 2014-06-06 02:30 - 00002165 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-06-06 02:30 - 2014-04-15 16:23 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-06-06 02:30 - 2014-04-15 16:23 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-06-06 02:30 - 2014-04-15 16:23 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-06-06 02:29 - 2014-06-06 02:29 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-06-06 02:29 - 2014-06-06 02:29 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\AVG
2014-06-06 02:29 - 2014-06-06 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-06-06 02:23 - 2014-06-06 21:07 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-06 01:01 - 2014-06-06 01:01 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchFreeze
2014-06-06 00:57 - 2014-06-06 00:57 - 00274432 _____ () C:\Users\Frankiej\Downloads\TouchFreeze-1.1.0.msi
2014-06-05 23:49 - 2014-06-05 23:52 - 70431144 _____ (AVG) C:\Users\Frankiej\Downloads\avg_tuht_stf_all_2014_423.exe
2014-06-05 22:33 - 2014-06-05 22:33 - 00024646 _____ () C:\Users\Frankiej\Desktop\farbar-recovery-scan-tool.htm
2014-06-05 14:38 - 2014-06-05 14:38 - 00001058 _____ () C:\Windows\PFRO.log
2014-06-05 14:19 - 2014-06-07 22:39 - 00000411 _____ () C:\Windows\setupact.log
2014-06-05 14:19 - 2014-06-05 14:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-06-05 05:14 - 2014-06-05 05:18 - 70431144 _____ (AVG) C:\Users\Frankiej\Downloads\avg_tuh_stf_all_2014_423_24c45.exe
2014-06-05 02:09 - 2014-06-05 02:09 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\AVG2014
2014-06-05 02:01 - 2014-06-05 02:01 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-05 02:01 - 2014-06-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-04 00:19 - 2014-06-05 03:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-04 00:19 - 2014-06-05 02:03 - 00000000 ___HD () C:\$AVG
2014-06-01 20:03 - 2014-06-04 01:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-31 20:38 - 2014-05-31 20:38 - 00003544 ____N () C:\bootsqm.dat
2014-05-30 22:22 - 2014-06-04 01:37 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\SUPERAntiSpyware.com
2014-05-30 22:22 - 2014-06-04 01:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-30 22:22 - 2014-05-30 22:22 - 00001824 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-30 22:22 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-30 22:08 - 2014-05-30 22:08 - 00003070 _____ () C:\Windows\System32\Tasks\{5700E80F-8081-4093-8D92-280B02499DAF}
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Love Song                                                             .scr
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\THe Best Ungu                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Gallery                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\TutoriaL HAcking                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Data DosenKu                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Data DosenKu                                                             .exe
2014-05-30 01:26 - 2014-05-30 01:26 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-30 01:12 - 2014-06-05 04:38 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Avg2014
2014-05-30 01:11 - 2014-05-30 01:12 - 04487240 _____ (AVG Technologies) C:\Users\Frankiej\Downloads\avg_isit_stb_all_2014_4592.exe
2014-05-30 01:08 - 2014-05-30 01:14 - 94770984 _____ (Sophos Limited) C:\Users\Frankiej\Downloads\Sophos Virus Removal Tool.exe
2014-05-30 01:03 - 2014-05-30 01:05 - 27769568 _____ (Microsoft Corporation) C:\Users\Frankiej\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-29 23:53 - 2014-05-29 23:53 - 00001047 _____ () C:\Users\Frankiej\Desktop\MyPC Backup.lnk
2014-05-29 23:53 - 2014-05-29 23:53 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-29 23:53 - 2014-05-29 23:53 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-05-29 23:52 - 2014-05-29 23:50 - 05073168 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-05-29 23:51 - 2014-06-04 01:37 - 00000000 ____D () C:\ProgramData\PC1Data
2014-05-29 23:50 - 2014-05-29 23:50 - 05073168 _____ (PC Cleaners) C:\Users\Frankiej\Downloads\app2_en.exe
2014-05-29 23:21 - 2014-05-29 23:21 - 00000000 _____ () C:\END
2014-05-29 12:55 - 2014-06-05 03:26 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\VideoPlus
2014-05-29 12:55 - 2014-05-29 12:55 - 00003334 _____ () C:\Windows\System32\Tasks\Video Plus
2014-05-29 12:53 - 2014-05-30 12:55 - 00003332 _____ () C:\Windows\System32\Tasks\UpdateService
2014-05-29 12:30 - 2014-05-29 12:31 - 02580315 _____ ( ) C:\Users\Frankiej\Downloads\RegUtility_Setup.exe
2014-05-29 11:40 - 2014-02-17 15:56 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2014-05-29 11:40 - 2014-02-17 15:56 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2014-05-29 11:40 - 2014-02-17 15:56 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2014-05-29 11:40 - 2014-02-17 15:56 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll
2014-05-29 11:39 - 2014-05-29 11:40 - 03227936 _____ (Security Stronghold ) C:\Users\Frankiej\Downloads\Jermy.ARemovalTool.exe
2014-05-29 11:13 - 2014-05-29 11:13 - 00003130 _____ () C:\Windows\System32\Tasks\{B0B271B0-459B-46AD-9A1B-2915ECCC5201}
2014-05-29 10:39 - 2014-05-29 10:39 - 00003118 _____ () C:\Windows\System32\Tasks\{9DA7B07B-3A81-48F1-A106-B9A0DFEF2F51}
2014-05-29 10:26 - 2014-05-29 10:26 - 00003218 _____ () C:\Windows\System32\Tasks\{9C2BF5C6-98BA-4A17-8C40-C171BAEB2A23}
2014-05-29 10:19 - 2014-05-29 10:20 - 01875632 _____ (001Micron Tools ) C:\Users\Frankiej\Downloads\MicronUSBDigiMediaDemo.exe
2014-05-29 10:12 - 2014-05-29 10:12 - 00003268 _____ () C:\Windows\System32\Tasks\{154D9D8D-05BE-42DB-80CC-73EA8A34EC5E}
2014-05-29 10:05 - 2014-05-29 10:05 - 00003134 _____ () C:\Windows\System32\Tasks\{4FA4670A-1FE9-45C1-AD0F-2E3476031448}
2014-05-29 10:04 - 2014-05-29 10:04 - 00003138 _____ () C:\Windows\System32\Tasks\{3414CF17-8A5A-4C04-A7C2-2277092EDB55}
2014-05-29 01:27 - 2014-05-30 12:54 - 00000000 ____D () C:\ProgramData\iolo
2014-05-29 01:27 - 2014-05-29 01:27 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\iolo
2014-05-29 01:27 - 2014-01-24 11:17 - 00030752 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2014-05-25 14:41 - 2014-05-25 14:41 - 00003058 _____ () C:\Windows\System32\Tasks\{23AF68C0-108E-4C87-8CAD-8D1AB57BEE05}
2014-05-25 14:38 - 2014-05-25 14:39 - 17529160 _____ (Google Inc.) C:\Users\Frankiej\Downloads\PicasaSetup.exe
2014-05-25 14:37 - 2014-05-25 14:37 - 00003058 _____ () C:\Windows\System32\Tasks\{65A8EE0D-D34F-4AD2-981A-014E84A5334F}
2014-05-25 14:37 - 2014-05-25 14:37 - 00003044 _____ () C:\Windows\System32\Tasks\{614EA0B0-D6DA-48AA-8A06-60CA5FDD6E4E}
2014-05-25 14:32 - 2014-06-04 01:37 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-25 14:30 - 2014-05-25 14:30 - 00000000 ____D () C:\Users\Frankiej\Downloads\FastStone_Image_Viewer_TSV18Y4UC
2014-05-25 14:25 - 2014-05-25 14:25 - 00002701 _____ () C:\Users\Frankiej\Downloads\legitcheck.hta
2014-05-25 14:25 - 2014-05-25 14:25 - 00002701 _____ () C:\Users\Frankiej\Downloads\legitcheck (1).hta
2014-05-25 14:22 - 2014-05-25 14:22 - 00003270 _____ () C:\Windows\System32\Tasks\{1B05F0DB-21B1-4D58-86BD-4AA458E860AC}
2014-05-25 14:19 - 2014-06-09 15:19 - 00000304 _____ () C:\Windows\Tasks\Speedial.job
2014-05-25 14:19 - 2014-05-25 14:19 - 00003256 _____ () C:\Windows\System32\Tasks\Speedial
2014-05-25 14:18 - 2014-06-04 01:37 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Speedial
2014-05-25 14:17 - 2014-05-25 14:17 - 00000000 __SHD () C:\Users\Frankiej\AppData\Local\EmieUserList
2014-05-25 14:17 - 2014-05-25 14:17 - 00000000 __SHD () C:\Users\Frankiej\AppData\Local\EmieSiteList
2014-05-25 14:15 - 2014-05-25 14:15 - 00003058 _____ () C:\Windows\System32\Tasks\{56B8F314-10CA-404D-8B30-7F35E1003E60}
2014-05-25 14:14 - 2014-05-25 14:14 - 00003080 _____ () C:\Windows\System32\Tasks\{30376243-60AF-4A8B-9F7E-738AD46A7D01}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003172 _____ () C:\Windows\System32\Tasks\{A9B1E11B-96D7-47E7-AC14-463703613A31}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003140 _____ () C:\Windows\System32\Tasks\{F6AAA9BB-90E8-481D-9DBB-957910785A7D}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003064 _____ () C:\Windows\System32\Tasks\{D030D95D-1F8B-4756-9385-5A82004AC689}
2014-05-25 14:00 - 2014-05-25 14:00 - 00003126 _____ () C:\Windows\System32\Tasks\{8B8A28D9-D33F-4AAE-B233-09046B0C6153}
2014-05-25 13:50 - 2014-06-01 09:21 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-05-25 13:50 - 2014-05-25 13:50 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\DriverToolkit
2014-05-25 13:49 - 2014-05-25 13:50 - 02395840 _____ (Megaify Software ) C:\Users\Frankiej\Downloads\driver_setup.exe
2014-05-21 00:25 - 2014-05-21 00:25 - 00000000 ____D () C:\Users\Frankiej\Desktop\6008751190
2014-05-20 02:27 - 2014-05-20 02:27 - 00000000 ____D () C:\Users\Frankiej\Desktop\Quotes
2014-05-19 12:09 - 2014-05-19 12:09 - 00069340 _____ () C:\Users\Frankiej\Downloads\BA_Estimating_Worksheet_sample1.xlsm
2014-05-19 12:03 - 2014-05-19 12:03 - 00082432 _____ () C:\Users\Frankiej\Downloads\BA_Itemized_Bid_Worksheet_KB.xls
2014-05-19 12:03 - 2014-05-19 12:03 - 00082432 _____ () C:\Users\Frankiej\Downloads\BA_Itemized_Bid_Worksheet_KB (1).xls
2014-05-19 12:02 - 2014-05-19 12:02 - 00157696 _____ () C:\Users\Frankiej\Downloads\BA_Estimating_Worksheet_1.1.14.xls
2014-05-14 03:21 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 03:21 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 03:21 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 03:21 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 03:21 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 03:21 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 18:32 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 18:32 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 18:32 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 18:32 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 18:32 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 18:32 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 18:32 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 18:32 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 18:32 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 18:32 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 18:32 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 18:32 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 18:32 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 18:32 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 18:32 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 18:32 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 18:32 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 18:32 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 18:32 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 18:32 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 18:32 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 12:46 - 2014-05-13 12:46 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Frankiej\Downloads\VuzeBittorrentClientInstaller (1).exe
2014-05-11 23:45 - 2014-05-11 23:45 - 00001808 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-05-11 23:42 - 2014-05-11 23:42 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Frankiej\Downloads\VuzeBittorrentClientInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-09 15:36 - 2012-05-30 23:32 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Temp
2014-06-09 15:35 - 2014-06-09 15:34 - 00022021 _____ () C:\Users\Frankiej\Desktop\FRST.txt
2014-06-09 15:34 - 2014-06-09 15:33 - 00000000 ____D () C:\FRST
2014-06-09 15:33 - 2012-08-17 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 15:32 - 2014-06-09 15:31 - 02080768 _____ (Farbar) C:\Users\Frankiej\Desktop\FRST64.exe
2014-06-09 15:24 - 2013-02-20 22:54 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 15:19 - 2014-05-25 14:19 - 00000304 _____ () C:\Windows\Tasks\Speedial.job
2014-06-09 15:12 - 2009-07-13 21:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 15:12 - 2009-07-13 21:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 14:53 - 2012-05-28 23:13 - 01091072 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 13:47 - 2012-10-07 05:35 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-09 11:44 - 2013-02-20 22:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 11:14 - 2012-05-31 01:24 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDDBD917-B1F7-464B-BDED-81ABEA2E4F21}
2014-06-08 22:57 - 2014-06-08 22:57 - 00001379 _____ () C:\Users\Frankiej\Desktop\DVDMaker - Shortcut.lnk
2014-06-08 22:16 - 2014-06-08 22:16 - 00003182 _____ () C:\Windows\System32\Tasks\{D56D1574-3FB6-43F4-90A5-ED033E9B8F6F}
2014-06-08 18:43 - 2012-08-05 00:16 - 00000000 ____D () C:\Users\Frankiej\Desktop\Kristina
2014-06-08 16:55 - 2014-06-08 16:55 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-06-08 16:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 16:45 - 2009-07-13 22:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-07 22:40 - 2014-02-24 18:53 - 00000496 __RSH () C:\ProgramData\ntuser.pol
2014-06-07 22:39 - 2014-06-05 14:19 - 00000411 _____ () C:\Windows\setupact.log
2014-06-06 21:08 - 2014-02-07 02:57 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-06-06 21:08 - 2012-12-26 23:34 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-06-06 21:07 - 2014-06-06 02:23 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-06 21:07 - 2013-09-30 05:33 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Microsoft Help
2014-06-06 21:07 - 2013-04-07 23:36 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\hpqLog
2014-06-06 02:34 - 2012-12-26 23:28 - 00000000 ____D () C:\ProgramData\AVG
2014-06-06 02:30 - 2014-06-06 02:30 - 00002189 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-06-06 02:30 - 2014-06-06 02:30 - 00002165 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-06-06 02:29 - 2014-06-06 02:29 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-06-06 02:29 - 2014-06-06 02:29 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\AVG
2014-06-06 02:29 - 2014-06-06 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-06-06 02:29 - 2012-12-26 23:29 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\AVG
2014-06-06 02:28 - 2012-06-09 14:33 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-06-06 01:01 - 2014-06-06 01:01 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchFreeze
2014-06-06 00:57 - 2014-06-06 00:57 - 00274432 _____ () C:\Users\Frankiej\Downloads\TouchFreeze-1.1.0.msi
2014-06-05 23:52 - 2014-06-05 23:49 - 70431144 _____ (AVG) C:\Users\Frankiej\Downloads\avg_tuht_stf_all_2014_423.exe
2014-06-05 22:33 - 2014-06-05 22:33 - 00024646 _____ () C:\Users\Frankiej\Desktop\farbar-recovery-scan-tool.htm
2014-06-05 14:38 - 2014-06-05 14:38 - 00001058 _____ () C:\Windows\PFRO.log
2014-06-05 14:19 - 2014-06-05 14:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-06-05 05:28 - 2014-02-24 19:32 - 00000000 ____D () C:\Windows\SysWOW64\X51335go
2014-06-05 05:25 - 2014-03-07 10:39 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-05 05:18 - 2014-06-05 05:14 - 70431144 _____ (AVG) C:\Users\Frankiej\Downloads\avg_tuh_stf_all_2014_423_24c45.exe
2014-06-05 05:11 - 2013-03-11 12:52 - 00000000 ____D () C:\Users\Frankiej\Documents\kristina
2014-06-05 05:01 - 2012-06-01 11:17 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-06-05 04:57 - 2014-02-06 18:00 - 00000000 ____D () C:\Program Files (x86)\GrabRez
2014-06-05 04:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-05 04:38 - 2014-05-30 01:12 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Avg2014
2014-06-05 03:30 - 2012-07-19 01:03 - 00000000 ____D () C:\Windows\Minidump
2014-06-05 03:26 - 2014-06-04 00:19 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-05 03:26 - 2014-05-29 12:55 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\VideoPlus
2014-06-05 02:09 - 2014-06-05 02:09 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\AVG2014
2014-06-05 02:03 - 2014-06-04 00:19 - 00000000 ___HD () C:\$AVG
2014-06-05 02:01 - 2014-06-05 02:01 - 00000925 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-05 02:01 - 2014-06-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-04 01:37 - 2014-05-30 22:22 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\SUPERAntiSpyware.com
2014-06-04 01:37 - 2014-05-30 22:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-04 01:37 - 2014-05-29 23:51 - 00000000 ____D () C:\ProgramData\PC1Data
2014-06-04 01:37 - 2014-05-25 14:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-04 01:37 - 2014-05-25 14:18 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Speedial
2014-06-04 01:37 - 2014-03-04 06:21 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\uTorrent
2014-06-04 01:37 - 2014-03-03 01:31 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Azureus
2014-06-04 01:37 - 2014-02-24 19:32 - 00000000 _RSHD () C:\Windows\M57151
2014-06-04 01:37 - 2014-02-06 18:06 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\newnext.me
2014-06-04 01:37 - 2014-02-06 18:06 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\genienext
2014-06-04 01:37 - 2013-11-16 10:01 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Apowersoft
2014-06-04 01:37 - 2012-09-25 02:07 - 00000000 ____D () C:\Users\DefaultAppPool
2014-06-04 01:36 - 2014-06-01 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 01:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-06-04 01:33 - 2012-08-17 09:48 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Google
2014-06-04 00:48 - 2012-05-30 23:32 - 00000000 ____D () C:\Users\Frankiej
2014-06-01 20:03 - 2013-12-25 14:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 09:28 - 2014-02-07 13:05 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\FileTypeAssistant
2014-06-01 09:27 - 2013-02-23 11:11 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-06-01 09:26 - 2014-02-09 01:41 - 00000000 ____D () C:\Program Files (x86)\Amine Dries
2014-06-01 09:25 - 2014-03-07 12:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom Wireless
2014-06-01 09:25 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 09:25 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-01 09:25 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-01 09:25 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-01 09:25 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-01 09:21 - 2014-05-25 13:50 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-05-31 20:38 - 2014-05-31 20:38 - 00003544 ____N () C:\bootsqm.dat
2014-05-30 22:22 - 2014-05-30 22:22 - 00001824 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-05-30 22:22 - 2014-05-30 22:22 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-30 22:19 - 2012-05-30 23:35 - 00000000 ___RD () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-30 22:08 - 2014-05-30 22:08 - 00003070 _____ () C:\Windows\System32\Tasks\{5700E80F-8081-4093-8D92-280B02499DAF}
2014-05-30 21:55 - 2012-06-14 23:39 - 00000000 ____D () C:\Program Files (x86)\Ares
2014-05-30 19:06 - 2014-02-24 19:32 - 00000109 _____ () C:\Windows\[TheMoonlight].txt
2014-05-30 15:58 - 2012-06-03 22:22 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\FrostWire
2014-05-30 15:41 - 2014-03-15 10:33 - 00000000 ____D () C:\Program Files (x86)\Froyo_Android_Driver
2014-05-30 12:55 - 2014-05-29 12:53 - 00003332 _____ () C:\Windows\System32\Tasks\UpdateService
2014-05-30 12:54 - 2014-05-29 01:27 - 00000000 ____D () C:\ProgramData\iolo
2014-05-30 01:26 - 2014-05-30 01:26 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-30 01:14 - 2014-05-30 01:08 - 94770984 _____ (Sophos Limited) C:\Users\Frankiej\Downloads\Sophos Virus Removal Tool.exe
2014-05-30 01:12 - 2014-05-30 01:11 - 04487240 _____ (AVG Technologies) C:\Users\Frankiej\Downloads\avg_isit_stb_all_2014_4592.exe
2014-05-30 01:05 - 2014-05-30 01:03 - 27769568 _____ (Microsoft Corporation) C:\Users\Frankiej\Downloads\Windows-KB890830-x64-V5.12.exe
2014-05-29 23:53 - 2014-05-29 23:53 - 00001047 _____ () C:\Users\Frankiej\Desktop\MyPC Backup.lnk
2014-05-29 23:53 - 2014-05-29 23:53 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-05-29 23:53 - 2014-05-29 23:53 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-05-29 23:50 - 2014-05-29 23:52 - 05073168 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-05-29 23:50 - 2014-05-29 23:50 - 05073168 _____ (PC Cleaners) C:\Users\Frankiej\Downloads\app2_en.exe
2014-05-29 23:29 - 2012-06-14 23:39 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\Ares
2014-05-29 23:21 - 2014-05-29 23:21 - 00000000 _____ () C:\END
2014-05-29 12:55 - 2014-05-29 12:55 - 00003334 _____ () C:\Windows\System32\Tasks\Video Plus
2014-05-29 12:31 - 2014-05-29 12:30 - 02580315 _____ ( ) C:\Users\Frankiej\Downloads\RegUtility_Setup.exe
2014-05-29 11:40 - 2014-05-29 11:39 - 03227936 _____ (Security Stronghold ) C:\Users\Frankiej\Downloads\Jermy.ARemovalTool.exe
2014-05-29 11:13 - 2014-05-29 11:13 - 00003130 _____ () C:\Windows\System32\Tasks\{B0B271B0-459B-46AD-9A1B-2915ECCC5201}
2014-05-29 10:39 - 2014-05-29 10:39 - 00003118 _____ () C:\Windows\System32\Tasks\{9DA7B07B-3A81-48F1-A106-B9A0DFEF2F51}
2014-05-29 10:26 - 2014-05-29 10:26 - 00003218 _____ () C:\Windows\System32\Tasks\{9C2BF5C6-98BA-4A17-8C40-C171BAEB2A23}
2014-05-29 10:20 - 2014-05-29 10:19 - 01875632 _____ (001Micron Tools ) C:\Users\Frankiej\Downloads\MicronUSBDigiMediaDemo.exe
2014-05-29 10:12 - 2014-05-29 10:12 - 00003268 _____ () C:\Windows\System32\Tasks\{154D9D8D-05BE-42DB-80CC-73EA8A34EC5E}
2014-05-29 10:05 - 2014-05-29 10:05 - 00003134 _____ () C:\Windows\System32\Tasks\{4FA4670A-1FE9-45C1-AD0F-2E3476031448}
2014-05-29 10:04 - 2014-05-29 10:04 - 00003138 _____ () C:\Windows\System32\Tasks\{3414CF17-8A5A-4C04-A7C2-2277092EDB55}
2014-05-29 01:27 - 2014-05-29 01:27 - 00000000 ____D () C:\Users\Frankiej\AppData\Roaming\iolo
2014-05-29 01:04 - 2014-05-08 08:33 - 00000000 ____D () C:\Users\Frankiej\Desktop\Sylvia
2014-05-28 06:01 - 2009-07-13 22:13 - 00762556 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 14:41 - 2014-05-25 14:41 - 00003058 _____ () C:\Windows\System32\Tasks\{23AF68C0-108E-4C87-8CAD-8D1AB57BEE05}
2014-05-25 14:40 - 2013-09-06 22:15 - 00001066 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-05-25 14:39 - 2014-05-25 14:38 - 17529160 _____ (Google Inc.) C:\Users\Frankiej\Downloads\PicasaSetup.exe
2014-05-25 14:37 - 2014-05-25 14:37 - 00003058 _____ () C:\Windows\System32\Tasks\{65A8EE0D-D34F-4AD2-981A-014E84A5334F}
2014-05-25 14:37 - 2014-05-25 14:37 - 00003044 _____ () C:\Windows\System32\Tasks\{614EA0B0-D6DA-48AA-8A06-60CA5FDD6E4E}
2014-05-25 14:30 - 2014-05-25 14:30 - 00000000 ____D () C:\Users\Frankiej\Downloads\FastStone_Image_Viewer_TSV18Y4UC
2014-05-25 14:25 - 2014-05-25 14:25 - 00002701 _____ () C:\Users\Frankiej\Downloads\legitcheck.hta
2014-05-25 14:25 - 2014-05-25 14:25 - 00002701 _____ () C:\Users\Frankiej\Downloads\legitcheck (1).hta
2014-05-25 14:22 - 2014-05-25 14:22 - 00003270 _____ () C:\Windows\System32\Tasks\{1B05F0DB-21B1-4D58-86BD-4AA458E860AC}
2014-05-25 14:19 - 2014-05-25 14:19 - 00003256 _____ () C:\Windows\System32\Tasks\Speedial
2014-05-25 14:17 - 2014-05-25 14:17 - 00000000 __SHD () C:\Users\Frankiej\AppData\Local\EmieUserList
2014-05-25 14:17 - 2014-05-25 14:17 - 00000000 __SHD () C:\Users\Frankiej\AppData\Local\EmieSiteList
2014-05-25 14:15 - 2014-05-25 14:15 - 00003058 _____ () C:\Windows\System32\Tasks\{56B8F314-10CA-404D-8B30-7F35E1003E60}
2014-05-25 14:14 - 2014-05-25 14:14 - 00003080 _____ () C:\Windows\System32\Tasks\{30376243-60AF-4A8B-9F7E-738AD46A7D01}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003172 _____ () C:\Windows\System32\Tasks\{A9B1E11B-96D7-47E7-AC14-463703613A31}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003140 _____ () C:\Windows\System32\Tasks\{F6AAA9BB-90E8-481D-9DBB-957910785A7D}
2014-05-25 14:01 - 2014-05-25 14:01 - 00003064 _____ () C:\Windows\System32\Tasks\{D030D95D-1F8B-4756-9385-5A82004AC689}
2014-05-25 14:00 - 2014-05-25 14:00 - 00003126 _____ () C:\Windows\System32\Tasks\{8B8A28D9-D33F-4AAE-B233-09046B0C6153}
2014-05-25 13:50 - 2014-05-25 13:50 - 00000000 ____D () C:\Users\Frankiej\AppData\Local\DriverToolkit
2014-05-25 13:50 - 2014-05-25 13:49 - 02395840 _____ (Megaify Software ) C:\Users\Frankiej\Downloads\driver_setup.exe
2014-05-24 01:46 - 2013-02-20 22:54 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 00:25 - 2014-05-21 00:25 - 00000000 ____D () C:\Users\Frankiej\Desktop\6008751190
2014-05-20 02:27 - 2014-05-20 02:27 - 00000000 ____D () C:\Users\Frankiej\Desktop\Quotes
2014-05-19 12:09 - 2014-05-19 12:09 - 00069340 _____ () C:\Users\Frankiej\Downloads\BA_Estimating_Worksheet_sample1.xlsm
2014-05-19 12:03 - 2014-05-19 12:03 - 00082432 _____ () C:\Users\Frankiej\Downloads\BA_Itemized_Bid_Worksheet_KB.xls
2014-05-19 12:03 - 2014-05-19 12:03 - 00082432 _____ () C:\Users\Frankiej\Downloads\BA_Itemized_Bid_Worksheet_KB (1).xls
2014-05-19 12:02 - 2014-05-19 12:02 - 00157696 _____ () C:\Users\Frankiej\Downloads\BA_Estimating_Worksheet_1.1.14.xls
2014-05-15 05:45 - 2012-05-30 23:35 - 00000000 ___RD () C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 05:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 18:34 - 2012-08-17 13:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:34 - 2012-08-17 13:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:34 - 2012-08-17 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 03:24 - 2013-09-30 05:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 03:16 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-13 12:46 - 2014-05-13 12:46 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Frankiej\Downloads\VuzeBittorrentClientInstaller (1).exe
2014-05-12 10:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-11 23:45 - 2014-05-11 23:45 - 00001808 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-05-11 23:45 - 2013-02-08 09:54 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-05-11 23:42 - 2014-05-11 23:42 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Frankiej\Downloads\VuzeBittorrentClientInstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Frankiej\opera.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-01 18:06
 
==================== End Of Log ============================
 

Attached Files



#7 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 07:16 PM

Hi Richard, All my programs in my  Star Menu are gone. It is extremely difficult for me to type anything. Seems like the cursor is  jumping back and forth betweentwo programs or something yet I only have this window open. I can type two or three characters and then I have to pause and wait for the cursor to come back. Things are getting worse by the minute! :pullhair: 



#8 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 08:46 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-09 17:22:35
-----------------------------
17:22:35.969    OS Version: Windows x64 6.1.7601 Service Pack 1
17:22:35.969    Number of processors: 2 586 0x6802
17:22:35.970    ComputerName: FRANKIEJ-PC  UserName: Frankiej
17:22:38.904    Initialize success
18:47:55.960    AVAST engine defs: 14060901
18:52:38.240    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:38.255    Disk 0 Vendor: FUJITSU_MHY2120BH 890B Size: 114473MB BusType: 3
18:52:38.396    Disk 0 MBR read successfully
18:52:38.396    Disk 0 MBR scan
18:52:38.474    Disk 0 Windows 7 default MBR code
18:52:38.490    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114471 MB offset 2048
18:52:38.521    Disk 0 scanning C:\Windows\system32\drivers
18:52:57.115    Service scanning
18:53:46.752    Modules scanning
18:53:46.752    Disk 0 trace - called modules:
18:53:46.784    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:53:46.799    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003455060]
18:53:46.799    3 CLASSPNP.SYS[fffff8800193d43f] -> nt!IofCallDriver -> [0xfffffa8003454920]
18:53:46.815    5 hpdskflt.sys[fffff880018e4189] -> nt!IofCallDriver -> [0xfffffa8003212520]
18:53:46.815    7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003218060]
18:53:49.346    AVAST engine scan C:\Windows
18:53:53.534    AVAST engine scan C:\Windows\system32
18:59:12.799    AVAST engine scan C:\Windows\system32\drivers
18:59:39.674    AVAST engine scan C:\Users\Frankiej
19:09:46.877    File: C:\Users\Frankiej\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe  **INFECTED** Win32:Mobogenie-O [Adw]
19:09:49.409    File: C:\Users\Frankiej\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MgAssist.exe  **INFECTED** Win32:Mobogenie-R [Adw]
19:09:51.612    File: C:\Users\Frankiej\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe  **INFECTED** Win32:Mobogenie-N [Adw]
19:10:13.284    File: C:\Users\Frankiej\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\uninst.exe  **INFECTED** Win32:Dropper-gen [Drp]
19:26:18.448    AVAST engine scan C:\ProgramData
19:27:55.713    File: C:\ProgramData\Microsoft\Network\Downloader\Blink 182                                                             .exe  **INFECTED** Win32:VB-BQD [Wrm]
19:27:59.124    File: C:\ProgramData\Microsoft\Network\Downloader\Gallery                                                             .scr  **INFECTED** Win32:VB-BQD [Wrm]
19:28:02.422    File: C:\ProgramData\Microsoft\Network\Downloader\Love Song                                                             .scr  **INFECTED** Win32:VB-BQD [Wrm]
19:28:05.569    File: C:\ProgramData\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe  **INFECTED** Win32:VB-BQD [Wrm]
19:30:02.538    Scan finished successfully
19:35:19.376    Disk 0 MBR has been saved successfully to "C:\Users\Frankiej\Desktop\MBR.dat"
19:35:19.392    The log file has been saved successfully to "C:\Users\Frankiej\Desktop\aswMBR.txt"

 



#9 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 09 June 2014 - 08:54 PM

Richard I cant get the zip file to attach.  Can you help me please?



#10 TechieRanger

TechieRanger

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,017 posts

Posted 10 June 2014 - 05:45 PM

Richard I cant get the zip file to attach.  Can you help me please?

No worries about that. :thumbup:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the same location where FRST.exe is located as fixlist.txt
start
C:\Users\Frankiej\AppData\Roaming\Speedial
C:\Windows\Tasks\Speedial.job
C:\Users\Frankiej\AppData\Local\Temp\SoftUpdater.exe
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe , "C:\Windows\M57151\Ja634608bLay.com" [X]
C:\Windows\M57151\Ja634608bLay.com
HKLM-x32\...\Winlogon: [Shell] explorer.exe, "C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z\TuxO64746Z.exe"
C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Frankiej\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\Frankiej\AppData\Roaming\newnext.me
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
URLSearchHook: HKCU - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...r=503977909&ir=
Toolbar: HKCU - No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Love Song                                                             .scr
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\THe Best Ungu                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Gallery                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\TutoriaL HAcking                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Data DosenKu                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Data DosenKu                                                             .exe
C:\Program Files (x86)\SearchProtect
ProxyServer: http=127.0.0.1:44444;https=127.0.0.1:44444
C:\ProgramData\pclunst.exe
C:\Users\Frankiej\opera.exe
C:\Users\Frankiej\AppData\Local\Mobogenie
C:\ProgramData\Microsoft\Network\Downloader\Blink 182                                                             .exe
C:\ProgramData\Microsoft\Network\Downloader\Gallery                                                             .scr
C:\ProgramData\Microsoft\Network\Downloader\Love Song                                                             .scr
C:\ProgramData\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe
end
NOTICE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the same location the tool is saved (Fixlog.txt) please post it to your reply.

In your next reply, please provide the following:
  • Fixlog.txt
  • Description of how your PC is running.
Regards,

Richard:wavey:
Posted Image
Richard
Proud Graduate of WTT Classroom

    Advertisements

Register to Remove


#11 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 14 June 2014 - 04:40 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02
Ran by Frankiej at 2014-06-14 03:11:57 Run:1
Running from C:\Users\Frankiej\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\Frankiej\AppData\Roaming\Speedial
C:\Windows\Tasks\Speedial.job
C:\Users\Frankiej\AppData\Local\Temp\SoftUpdater.exe
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe , "C:\Windows\M57151\Ja634608bLay.com" [X]
C:\Windows\M57151\Ja634608bLay.com
HKLM-x32\...\Winlogon: [Shell] explorer.exe, "C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z\TuxO64746Z.exe"
C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Frankiej\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\Frankiej\AppData\Roaming\newnext.me
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=503977909&ir=
URLSearchHook: HKCU - (No Name) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - No File
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...r=503977909&ir=
Toolbar: HKCU - No Name - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} -  No File
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Love Song                                                             .scr
2014-05-30 22:01 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\THe Best Ungu                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Public\Downloads\Gallery                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\TutoriaL HAcking                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\DefaultAppPool\Downloads\Norman virus Control 5.18                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default\Downloads\Data DosenKu                                                             .exe
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Windows Vista setup                                                             .scr
2014-05-30 17:12 - 2006-10-11 20:09 - 00260096 _____ () C:\Users\Default User\Downloads\Data DosenKu                                                             .exe
C:\Program Files (x86)\SearchProtect
ProxyServer: http=127.0.0.1:44444;https=127.0.0.1:44444
C:\ProgramData\pclunst.exe
C:\Users\Frankiej\opera.exe
C:\Users\Frankiej\AppData\Local\Mobogenie
C:\ProgramData\Microsoft\Network\Downloader\Blink 182                                                             .exe
C:\ProgramData\Microsoft\Network\Downloader\Gallery                                                             .scr
C:\ProgramData\Microsoft\Network\Downloader\Love Song                                                             .scr
C:\ProgramData\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe
end
*****************
 
C:\Users\Frankiej\AppData\Roaming\Speedial => Moved successfully.
C:\Windows\Tasks\Speedial.job => Moved successfully.
"C:\Users\Frankiej\AppData\Local\Temp\SoftUpdater.exe" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
C:\Windows\M57151\Ja634608bLay.com => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
C:\Users\Frankiej\AppData\Roaming\Microsoft\Windows\Templates\O64746Z => Moved successfully.
HKU\S-1-5-21-4173978000-302764023-2076146801-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
C:\Users\Frankiej\AppData\Roaming\newnext.me => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cce665dd-f6dd-4808-968e-eaec971f70ef} => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} => value deleted successfully.
'HKCR\CLSID\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}'=> Key not found.
C:\Users\Public\Downloads\Love Song                                                             .scr => Moved successfully.
C:\Users\DefaultAppPool\Downloads\THe Best Ungu                                                             .scr => Moved successfully.
C:\Users\Public\Downloads\Norman virus Control 5.18                                                             .exe => Moved successfully.
C:\Users\Public\Downloads\Gallery                                                             .scr => Moved successfully.
C:\Users\DefaultAppPool\Downloads\TutoriaL HAcking                                                             .exe => Moved successfully.
C:\Users\DefaultAppPool\Downloads\Norman virus Control 5.18                                                             .exe => Moved successfully.
C:\Users\Default\Downloads\Windows Vista setup                                                             .scr => Moved successfully.
C:\Users\Default\Downloads\Data DosenKu                                                             .exe => Moved successfully.
"C:\Users\Default User\Downloads\Windows Vista setup                                                             .scr" => File/Directory not found.
"C:\Users\Default User\Downloads\Data DosenKu                                                             .exe" => File/Directory not found.
C:\Program Files (x86)\SearchProtect => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
C:\Users\Frankiej\opera.exe => Moved successfully.
C:\Users\Frankiej\AppData\Local\Mobogenie => Moved successfully.
C:\ProgramData\Microsoft\Network\Downloader\Blink 182                                                             .exe => Moved successfully.
C:\ProgramData\Microsoft\Network\Downloader\Gallery                                                             .scr => Moved successfully.
C:\ProgramData\Microsoft\Network\Downloader\Love Song                                                             .scr => Moved successfully.
C:\ProgramData\Microsoft\Network\Downloader\New mp3 BaraT !!                                                             .exe => Moved successfully.
 
==== End of Fixlog ====
 
Richard - I am only able to type maybe 4 characters at a time before my cursor disappears or stops blinking. I am not able to type until I tap on the mousepad (touchpad) or until I see the cursor begin to blink again.I notice that when my cursor stops blinking, the blue bar at the  top of the screen where the tabs are, Blinks (actually, the tabs do not blink just the blue bar across the top  When I googled it, I noticed a lot of comments regarding moving my wrist over the touchpad - but I can assure you this is not what's happening with me. For some reason the cursor freezes or hangs for about 2 - 10 seconds. It's the most frustrating thing. Especially, when I type over 95 wpm! Please help. By the way, your help is GREATLY APPRECIATED!! THANK YOU SO MUCH. 
 
Regards,
 
Kristina Chapa


#12 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 14 June 2014 - 10:24 AM

Good morning Richard. I just wanted to be sure that you are understanding my issue with my cursor disappearing/freezing. I'm sure it's some sort of bug/virus because it did not occur until I inserted someone else's flash drive in my laptop. After that, all hell broke lose. I remember seeing a folder that said some name followed by the word "porn" with no spaces when I inserted the drive - all my mp3 files were being transferred as .scr files after that as well.Then I noticed that porn folder but it wason my laptop withmy computer name in front of it! I noticed you "moved" some files that were on the infected flash drive (Blink182/Love Song/New Mp3 Bara T!!) . My laptop seems to be running better with the exceptionof the disappearing/freezingcursor. I really hopeyou canhelp resolve this.

 

Have a great day.

 

Thank you.



#13 TechieRanger

TechieRanger

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,017 posts

Posted 14 June 2014 - 08:44 PM


Thanks for letting me know! ^_^
 
I will be looking into the disappearing/freezing cursor issue but first let's run CF, in case there is more work to be done. :thumbup:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, please provide the following:

  • CF log.
  • Update on how your PC is running.

Regards,

Richard :wavey:


Posted Image
Richard
Proud Graduate of WTT Classroom

#14 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 15 June 2014 - 02:57 PM

H Richard-I disabled all the AVG stuff and I dwnloaded and ran the ComboFix.  At the end whenever it was generating the cf.log I got the dreaded BLUE SCREEN OF DEATH  I wasnt able to catch the error code I just got a quik glance but I believe it said something like  Windows was being shut down before any damage was done. Did I do something wrong?  I did not touch the laptop while CF was running. I'm so worried I will lose everything on my machine. I can not even transfer anything on here to a disk because now my cd burner doesn't work either.  What shall I do now?

:wall:  :pullhair:  :pullhair:  :pullhair:



#15 KristinaChapa

KristinaChapa

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 15 June 2014 - 03:35 PM

Ok Richard. :woot: I ran it again and this time the log popped up at the end. So, here you go...Oh! PC seems to be working a little better. Still can't type anymore than 3-4 characters before it freezes/hangs. The title bar at the top of the screen is constantly flashing when the cursor hangs. If you only knew just how long it took me to type this!!!!

ComboFix 14-06-13.01 - Frankiej 06/15/2014   7:52.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2943.1577 [GMT -7:00]
Running from: c:\users\Frankiej\Desktop\ComboFix.exe
AV: AVG Premium Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Premium Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-15 to 2014-06-15  )))))))))))))))))))))))))))))))
.
.
2014-06-15 15:05 . 2014-06-15 15:05 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-06-15 15:05 . 2014-06-15 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-14 19:04 . 2014-06-14 19:04 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-06-11 18:41 . 2014-05-30 07:50 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-06-09 22:33 . 2014-06-14 10:12 -------- d-----w- C:\FRST
2014-06-06 10:47 . 2014-06-06 10:47 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-06-06 09:30 . 2014-04-15 23:23 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2014-06-06 09:30 . 2014-04-15 23:23 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-06-06 09:30 . 2014-04-15 23:23 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-06-06 09:29 . 2014-06-06 09:29 -------- d-----w- c:\users\Frankiej\AppData\Local\AVG
2014-06-06 09:23 . 2014-06-07 04:07 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-05 09:09 . 2014-06-05 09:09 -------- d-----w- c:\users\Frankiej\AppData\Roaming\AVG2014
2014-06-04 07:19 . 2014-06-05 09:03 -------- d-----w- C:\$AVG
2014-06-04 07:19 . 2014-06-05 10:26 -------- d-----w- c:\programdata\AVG2014
2014-06-02 03:03 . 2014-06-04 08:36 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-31 05:22 . 2014-06-04 08:37 -------- d-----w- c:\users\Frankiej\AppData\Roaming\SUPERAntiSpyware.com
2014-05-31 05:22 . 2014-06-04 08:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-31 05:22 . 2014-05-31 05:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-30 08:26 . 2014-05-30 08:26 -------- d-----w- c:\programdata\Sophos
2014-05-30 08:12 . 2014-06-05 11:38 -------- d-----w- c:\users\Frankiej\AppData\Local\Avg2014
2014-05-30 06:53 . 2014-05-30 06:53 -------- d-----w- c:\program files (x86)\MyPC Backup
2014-05-30 06:51 . 2014-06-04 08:37 -------- d-----w- c:\programdata\PC1Data
2014-05-29 19:55 . 2014-06-05 10:26 -------- d-----w- c:\users\Frankiej\AppData\Roaming\VideoPlus
2014-05-29 19:54 . 2014-05-29 19:54 -------- d-----w- c:\users\Frankiej\AppData\Roaming\VideoDrivers
2014-05-29 18:40 . 2014-02-17 22:56 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-05-29 18:40 . 2014-02-17 22:56 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-05-29 18:40 . 2014-02-17 22:56 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2014-05-29 18:40 . 2014-02-17 22:56 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2014-05-29 08:27 . 2014-01-24 18:17 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2014-05-29 08:27 . 2014-05-30 19:54 -------- d-----w- c:\programdata\iolo
2014-05-29 08:27 . 2014-05-29 08:27 -------- d-----w- c:\users\Frankiej\AppData\Roaming\iolo
2014-05-25 21:17 . 2014-05-25 21:17 -------- d-sh--w- c:\users\Frankiej\AppData\Local\EmieUserList
2014-05-25 21:17 . 2014-05-25 21:17 -------- d-sh--w- c:\users\Frankiej\AppData\Local\EmieSiteList
2014-05-25 20:50 . 2014-05-25 20:50 -------- d-----w- c:\users\Frankiej\AppData\Local\DriverToolkit
2014-05-25 20:50 . 2014-06-01 16:21 -------- d-----w- c:\program files (x86)\DriverToolkit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-14 09:28 . 2012-08-17 20:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 09:28 . 2012-08-17 20:54 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 16:29 . 2012-06-01 18:18 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-13 21:20 . 2014-05-13 21:20 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-05-13 21:20 . 2014-05-13 21:20 273176 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-05-13 21:06 . 2014-05-13 21:06 323352 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-05-13 21:05 . 2014-05-13 21:05 191768 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-05-13 21:05 . 2014-05-13 21:05 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-05-13 21:05 . 2014-05-13 21:05 130328 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 21:04 . 2014-05-13 21:04 236312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 21:04 . 2014-05-13 21:04 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-04-15 09:34 . 2014-04-15 09:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-15 03:13 . 2014-04-16 17:57 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22 . 2014-05-14 01:32 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 01:32 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 01:32 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 01:32 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 01:32 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 01:32 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 01:32 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 01:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 01:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-25 02:43 . 2014-05-14 01:32 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-03-19 22:23 . 2014-03-19 22:23 50896 ----a-w- c:\windows\system32\drivers\point64.sys
2014-03-19 22:23 . 2014-03-19 22:23 29904 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2013-11-12 19:59 2048 --sha-w- c:\windows\actofvl\clip.exe
.
<pre>
c:\program files (x86)\Common Files\microsoft shared\Data DosenKu                                                             .exe
c:\program files (x86)\Common Files\microsoft shared\New mp3 BaraT !!                                                             .exe
</pre>
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"TouchFreeze"="c:\users\Frankiej\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe" [2012-07-25 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
.
c:\users\Frankiej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2014-3-14 2901032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-06 02:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [N/A]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 04:25 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 09:28]
.
2014-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-21 05:54]
.
2014-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-21 05:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-03-07 4789248]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Frankiej\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DD80CDAD-ACC0-431A-A580-8E9481B847F2}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{ED2CECE6-9F2D-4E51-A412-261397F25E48}: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-15  08:11:46
ComboFix-quarantined-files.txt  2014-06-15 15:11
ComboFix2.txt  2014-06-15 14:19
.
Pre-Run: 12,867,436,544 bytes free
Post-Run: 12,562,206,720 bytes free
.
- - End Of File - - 83F7D03FB9D2A8A8E1816C077140D461
5FB38429D5D77768867C76DCBDB35194

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users