Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91984 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

problems with adchoices [Solved]


  • This topic is locked This topic is locked
25 replies to this topic

#1 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 04 June 2014 - 02:07 PM

Hi,

 

My computer has had "adchoices" ads in its' browsers for a while.  I'm not sure how long, but I started to feel like some of the ads smelled "suspicious" or looked different, so I looked into it and realized it's possibly a virus?  I've run Malware Bytes, Spybot, and Avast (possibly more - I've been working on it here and there for a few weeks and have lost track between my computer and my husband's laptop so I can't remember everything I've tried. . .), and tried to clean up all my browser's toolbars, but adchoices still persists.  You guys have helped several times in the past, and here I am again!  Thank you so much in advance!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:02:23 PM, on 6/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Users\Emily Angehr\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\nmnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Auth Service - Unknown owner - C:\Windows\system32\authServer.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxebCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
O23 - Service: lxeb_device -   - C:\Windows\system32\lxebcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12015 bytes
 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 June 2014 - 08:42 PM

Hi lookingforaname,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 08 June 2014 - 06:50 PM

Thanks for your help!   

 

Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Doctor 7.0   
 Spybot - Search & Destroy
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1)
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 June 2014 - 07:47 PM

Hi lookingforaname,

Post the remainder of the logs when they are available.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 08 June 2014 - 08:56 PM

Yup, working through the list slowly but surely.  aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-08 20:51:12
-----------------------------
20:51:12.024    OS Version: Windows x64 6.1.7601 Service Pack 1
20:51:12.024    Number of processors: 4 586 0x503
20:51:12.024    ComputerName: ANGEHR-HP  UserName:
20:51:15.704    Initialize success
20:51:19.920    AVAST engine defs: 14060801
22:48:11.095    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
22:48:11.098    Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
22:48:11.244    Disk 0 MBR read successfully
22:48:11.246    Disk 0 MBR scan
22:48:11.249    Disk 0 unknown MBR code
22:48:11.252    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:48:11.266    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941819 MB offset 206848
22:48:11.301    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11753 MB offset 1929052160
22:48:11.348    Disk 0 scanning C:\Windows\system32\drivers
22:48:23.110    Service scanning
22:48:47.030    Modules scanning
22:48:47.037    Disk 0 trace - called modules:
22:48:47.055    ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys storport.sys hal.dll amdsbs.sys
22:48:47.385    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fa9060]
22:48:47.389    3 CLASSPNP.SYS[fffff8800199743f] -> nt!IofCallDriver -> [0xfffffa8005ddecf0]
22:48:47.393    5 PCTCore64.sys[fffff880011735d7] -> nt!IofCallDriver -> \Device\00000058[0xfffffa8005dc39c0]
22:48:49.722    AVAST engine scan C:\Windows
22:48:55.808    AVAST engine scan C:\Windows\system32
22:52:44.637    AVAST engine scan C:\Windows\system32\drivers
22:53:01.056    AVAST engine scan C:\Users\Emily Angehr
22:55:29.761    Disk 0 MBR has been saved successfully to "C:\Users\Emily Angehr\Desktop\MBR.dat"
22:55:29.767    The log file has been saved successfully to "C:\Users\Emily Angehr\Desktop\aswMBR.txt"

 



#6 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 08 June 2014 - 08:59 PM

MBR attachment here. 



#7 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 08 June 2014 - 09:00 PM

Wait, I don't think that worked.  Here's my second attachment attempt. 

Attached Files

  • Attached File  MBR.zip   526bytes   45 downloads


#8 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 08 June 2014 - 09:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Emily Angehr (administrator) on ANGEHR-HP on 08-06-2014 23:01:04
Running from C:\Users\Emily Angehr\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\authServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe
( ) C:\Windows\System32\lxebcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\SysWOW64\find.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2476127409-1960277300-1013031263-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2476127409-1960277300-1013031263-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2476127409-1960277300-1013031263-1003\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\S-1-5-21-2476127409-1960277300-1013031263-1003\...\MountPoints2: {daf46688-5299-11df-8734-806e6f6e6963} - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/...eferrer:source}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Windows\SysWOW64\nmNsp.dll [241912] ()
Winsock: Catalog5-x64 08 %SystemRoot%\System32\nmNsp.dll [279040] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Extension: Add to Amazon Wish List Button - C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\Extensions\amznUWL2@amazon.com.xpi [2012-11-18]
FF Extension: Exif Viewer - C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2012-08-27]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-12]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 4.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Invenda Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-18]
CHR Extension: (Raindrops) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil [2012-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Poppit) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-18]
CHR Extension: (Google Wallet) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

R2 Auth Service; C:\Windows\system32\authServer.exe [290816 2011-07-28] ()
R2 Auth Service; C:\Windows\SysWOW64\authServer.exe [290816 2010-10-25] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
S4 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [354888 2014-04-28] (Verizon)
R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-08-07] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-08-07] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-02-24] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [233488 2010-03-29] (PC Tools)
R1 pctgntdi; C:\Windows\system32\drivers\pctgntdi64.sys [306648 2010-02-05] (PC Tools)
U3 aswMBR; \??\C:\Users\EMILYA~1\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 23:01 - 2014-06-08 23:01 - 00020393 _____ () C:\Users\Emily Angehr\Desktop\FRST.txt
2014-06-08 23:01 - 2014-06-08 23:01 - 00000000 ____D () C:\FRST
2014-06-08 23:00 - 2014-06-08 23:00 - 02072576 _____ (Farbar) C:\Users\Emily Angehr\Desktop\FRST64.exe
2014-06-08 22:56 - 2014-06-08 22:56 - 00000526 _____ () C:\Users\Emily Angehr\Desktop\MBR.zip
2014-06-08 22:55 - 2014-06-08 22:55 - 00001910 _____ () C:\Users\Emily Angehr\Desktop\aswMBR.txt
2014-06-08 22:55 - 2014-06-08 22:55 - 00000512 _____ () C:\Users\Emily Angehr\Desktop\MBR.dat
2014-06-08 20:07 - 2014-06-08 20:08 - 04745728 _____ (AVAST Software) C:\Users\Emily Angehr\Desktop\aswMBR.exe
2014-06-08 20:05 - 2014-06-08 20:05 - 00854367 _____ () C:\Users\Emily Angehr\Desktop\SecurityCheck.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00012017 _____ () C:\Users\Emily Angehr\Downloads\hijackthis.log
2014-06-04 16:01 - 2014-06-04 16:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emily Angehr\Downloads\HiJackThis.exe
2014-06-04 15:27 - 2014-06-08 21:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 15:27 - 2014-06-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 15:26 - 2014-06-04 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 15:26 - 2014-06-04 15:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Emily Angehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 15:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 15:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 09:18 - 2014-06-04 09:18 - 01327971 _____ () C:\Users\Emily Angehr\Downloads\adwcleaner_3.211(1).exe
2014-05-31 11:29 - 2014-05-31 11:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(9).exe
2014-05-30 19:13 - 2014-05-30 19:13 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(8).exe
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 14:29 - 2014-05-30 14:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(7).exe
2014-05-29 16:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 16:15 - 2014-05-29 16:15 - 01327971 _____ () C:\Users\Emily Angehr\Downloads\adwcleaner_3.211.exe
2014-05-29 12:13 - 2014-05-29 12:13 - 00000070 _____ () C:\Users\Emily Angehr\AppData\Roaming\mbam.context.scan
2014-05-28 18:09 - 2014-05-28 18:09 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(6).exe
2014-05-28 18:04 - 2014-05-28 18:04 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(5).exe
2014-05-26 19:20 - 2014-05-26 19:21 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(4).exe
2014-05-26 19:14 - 2014-05-26 19:14 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(3).exe
2014-05-22 19:56 - 2014-06-08 19:59 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForEmily Angehr.job
2014-05-22 19:56 - 2014-05-29 20:00 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEmily Angehr
2014-05-16 21:25 - 2014-05-16 21:28 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu (1).exe
2014-05-16 07:49 - 2014-06-04 09:31 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\DropboxMaster
2014-05-15 23:56 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 23:56 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 23:56 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 23:56 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 23:56 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 23:56 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 08:05 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:05 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:05 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:05 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:03 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:03 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:03 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:03 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:03 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:03 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:03 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:03 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:03 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:03 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:03 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:03 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:03 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 21:54 - 2014-05-13 21:54 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-11 21:09 - 2014-05-11 21:10 - 00023798 _____ () C:\Windows\wininit.ini
2014-05-11 21:02 - 2014-05-11 21:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 21:00 - 2014-05-11 21:02 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu.exe
2014-05-11 20:27 - 2014-05-11 21:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-11 20:27 - 2014-05-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2014-05-11 20:27 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-11 20:25 - 2014-05-11 20:25 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Emily Angehr\Downloads\spybot-2.3.exe
2014-05-11 20:19 - 2014-05-11 20:19 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller(1).exe
2014-05-11 20:12 - 2014-05-11 20:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller.exe
2014-05-09 14:46 - 2014-05-09 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-08 23:01 - 2014-06-08 23:01 - 00020393 _____ () C:\Users\Emily Angehr\Desktop\FRST.txt
2014-06-08 23:01 - 2014-06-08 23:01 - 00000000 ____D () C:\FRST
2014-06-08 23:01 - 2010-07-20 05:38 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Local\Temp
2014-06-08 23:00 - 2014-06-08 23:00 - 02072576 _____ (Farbar) C:\Users\Emily Angehr\Desktop\FRST64.exe
2014-06-08 22:56 - 2014-06-08 22:56 - 00000526 _____ () C:\Users\Emily Angehr\Desktop\MBR.zip
2014-06-08 22:55 - 2014-06-08 22:55 - 00001910 _____ () C:\Users\Emily Angehr\Desktop\aswMBR.txt
2014-06-08 22:55 - 2014-06-08 22:55 - 00000512 _____ () C:\Users\Emily Angehr\Desktop\MBR.dat
2014-06-08 22:39 - 2013-01-30 08:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 22:38 - 2010-07-19 17:57 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 21:24 - 2014-06-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 20:08 - 2014-06-08 20:07 - 04745728 _____ (AVAST Software) C:\Users\Emily Angehr\Desktop\aswMBR.exe
2014-06-08 20:06 - 2013-12-17 12:17 - 01639383 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 20:05 - 2014-06-08 20:05 - 00854367 _____ () C:\Users\Emily Angehr\Desktop\SecurityCheck.exe
2014-06-08 19:59 - 2014-05-22 19:56 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForEmily Angehr.job
2014-06-08 09:14 - 2012-11-09 13:22 - 00000000 ____D () C:\Users\family - Jessie\AppData\Local\Temp
2014-06-08 08:38 - 2010-07-19 17:57 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 21:21 - 2013-06-08 09:04 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-06-07 21:21 - 2013-05-31 12:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-07 21:19 - 2012-11-09 13:23 - 00000000 ___RD () C:\Users\family - Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 21:19 - 2012-11-09 13:23 - 00000000 ___RD () C:\Users\family - Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-07 20:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 20:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 20:00 - 2013-12-17 12:11 - 00017791 _____ () C:\Windows\setupact.log
2014-06-07 20:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 19:34 - 2010-07-25 16:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-05 19:33 - 2011-11-10 10:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-05 07:28 - 2013-12-17 12:11 - 00233018 _____ () C:\Windows\PFRO.log
2014-06-04 16:02 - 2014-06-04 16:02 - 00012017 _____ () C:\Users\Emily Angehr\Downloads\hijackthis.log
2014-06-04 16:02 - 2014-06-04 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emily Angehr\Downloads\HiJackThis.exe
2014-06-04 15:47 - 2012-07-24 11:43 - 00000000 ___RD () C:\Users\Emily Angehr\Dropbox
2014-06-04 15:27 - 2014-06-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 15:27 - 2014-06-04 15:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 15:27 - 2010-08-21 10:47 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Malwarebytes
2014-06-04 15:27 - 2010-08-21 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 15:26 - 2014-06-04 15:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Emily Angehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 09:41 - 2011-12-09 09:11 - 00000000 ____D () C:\Windows\pss
2014-06-04 09:41 - 2010-07-20 05:43 - 00000000 ___RD () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 09:41 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 09:31 - 2014-05-16 07:49 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\DropboxMaster
2014-06-04 09:31 - 2012-07-24 10:57 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Dropbox
2014-06-04 09:30 - 2010-07-23 10:47 - 00180918 _____ () C:\ProgramData\lxebscan.log
2014-06-04 09:27 - 2014-03-01 11:28 - 00000000 ____D () C:\AdwCleaner
2014-06-04 09:18 - 2014-06-04 09:18 - 01327971 _____ () C:\Users\Emily Angehr\Downloads\adwcleaner_3.211(1).exe
2014-05-31 11:29 - 2014-05-31 11:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(9).exe
2014-05-31 11:29 - 2012-11-22 14:38 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\.minecraft
2014-05-31 10:41 - 2010-07-20 05:39 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 19:13 - 2014-05-30 19:13 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(8).exe
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 14:42 - 2014-01-25 15:41 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-05-30 14:42 - 2014-01-25 15:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-30 14:29 - 2014-05-30 14:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(7).exe
2014-05-29 20:00 - 2014-05-22 19:56 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEmily Angehr
2014-05-29 16:15 - 2014-05-29 16:15 - 01327971 _____ () C:\Users\Emily Angehr\Downloads\adwcleaner_3.211.exe
2014-05-29 12:13 - 2014-05-29 12:13 - 00000070 _____ () C:\Users\Emily Angehr\AppData\Roaming\mbam.context.scan
2014-05-28 21:12 - 2010-11-30 11:10 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Skype
2014-05-28 18:09 - 2014-05-28 18:09 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(6).exe
2014-05-28 18:04 - 2014-05-28 18:04 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(5).exe
2014-05-26 19:21 - 2014-05-26 19:20 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(4).exe
2014-05-26 19:14 - 2014-05-26 19:14 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(3).exe
2014-05-24 10:17 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 10:16 - 2012-07-24 11:43 - 00001043 _____ () C:\Users\Emily Angehr\Desktop\Dropbox.lnk
2014-05-24 10:16 - 2012-07-24 10:59 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 10:13 - 2013-08-17 21:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-17 15:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 21:28 - 2014-05-16 21:25 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu (1).exe
2014-05-16 07:47 - 2010-07-20 05:43 - 00000000 ___RD () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:30 - 2014-05-06 22:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 23:55 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 23:52 - 2010-07-22 15:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 08:00 - 2014-01-01 22:01 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 08:00 - 2012-01-12 17:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 08:00 - 2012-01-12 17:13 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-13 21:54 - 2014-05-13 21:54 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 21:54 - 2013-01-30 08:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:54 - 2012-03-30 09:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:54 - 2011-05-27 09:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 07:50 - 2013-08-23 10:21 - 00001119 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-05-12 07:26 - 2014-06-04 15:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 15:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-08-21 10:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:10 - 2014-05-11 21:09 - 00023798 _____ () C:\Windows\wininit.ini
2014-05-11 21:09 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-11 21:02 - 2014-05-11 21:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 21:02 - 2014-05-11 21:00 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu.exe
2014-05-11 20:28 - 2014-05-11 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2014-05-11 20:27 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-11 20:25 - 2014-05-11 20:25 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Emily Angehr\Downloads\spybot-2.3.exe
2014-05-11 20:19 - 2014-05-11 20:19 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller(1).exe
2014-05-11 20:13 - 2014-03-06 22:07 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Local\WinZip
2014-05-11 20:12 - 2014-05-11 20:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller.exe
2014-05-11 07:03 - 2012-04-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 14:46 - 2014-05-09 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 02:14 - 2014-05-15 08:05 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-15 08:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Emily Angehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhypzr.dll
C:\Users\Emily Angehr\AppData\Local\Temp\Quarantine.exe
C:\Users\family - Jessie\AppData\Local\Temp\msvcp100.dll
C:\Users\family - Jessie\AppData\Local\Temp\msvcr100.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 00:16

==================== End Of Log ============================



#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 08 June 2014 - 11:50 PM

Hi lookingforaname,

Please post all requested logs into one (1) reply unless the forum tells you it won't fit. Then break up the post as needed to post all logs requested.

When you ran FRST, it should of generated a log called Addition.txt. Please locate it and include it in your next reply.

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Ask
  • Ask.com
  • AVG Secure Search

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt





SearchScopes: HKLM - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
2014-06-07 21:21 - 2013-06-08 09:04 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-06-07 21:21 - 2013-05-31 12:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • New FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 09 June 2014 - 05:37 PM

Hi - concerning these, I couldn't find any of the things listed under Uninstall Programs.  

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Ask
  • Ask.com
  • AVG Secure Search

Please advise, thanks!


    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 June 2014 - 09:55 PM

Hi lookingforaname ,
 

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:


Since the items were not present, just continue with the remainder of the steps.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 10 June 2014 - 06:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014
Ran by Emily Angehr at 2014-06-09 19:39:59 Run:1
Running from C:\Users\Emily Angehr\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {0674C282-CC38-4582-BCA7-75F76E2FFDA0} URL = http://www.ask.com/w...}&l=dis&o=ushpd
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
2014-06-07 21:21 - 2013-06-08 09:04 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-06-07 21:21 - 2013-05-31 12:56 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}' => Key deleted successfully.
'HKCR\CLSID\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}' => Key deleted successfully.
'HKCR\CLSID\{0674C282-CC38-4582-BCA7-75F76E2FFDA0}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
'HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}'=> Key not found.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.

==== End of Fixlog ====

 

 

Ok, so the following AdwCleaner - I must have run in March (which means that is when I started noticing things and running random things to try to self clean), so this is not AdwCleaner[s0] since that was dated march. 

 

 

# AdwCleaner v3.212 - Report created 09/06/2014 at 20:37:57
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Emily Angehr - ANGEHR-HP
# Running from : C:\Users\Emily Angehr\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\prefs.js ]


[ File : C:\Users\family - Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\v2qapc4e.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9054 octets] - [01/03/2014 11:28:40]
AdwCleaner[R1].txt - [2763 octets] - [29/05/2014 16:16:22]
AdwCleaner[R2].txt - [1548 octets] - [04/06/2014 09:19:01]
AdwCleaner[R3].txt - [1403 octets] - [09/06/2014 19:44:08]
AdwCleaner[S0].txt - [9251 octets] - [01/03/2014 11:30:23]
AdwCleaner[S1].txt - [2874 octets] - [29/05/2014 16:34:34]
AdwCleaner[S2].txt - [1615 octets] - [04/06/2014 09:26:59]
AdwCleaner[S3].txt - [1324 octets] - [09/06/2014 20:37:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1384 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Emily Angehr on Mon 06/09/2014 at 21:03:03.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Emily Angehr\AppData\Roaming\mozilla\firefox\profiles\om40z5p6.default\minidumps [304 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/09/2014 at 21:15:01.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by Emily Angehr (administrator) on ANGEHR-HP on 10-06-2014 07:59:07
Running from C:\Users\Emily Angehr\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\authServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe
( ) C:\Windows\System32\lxebcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-05] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2476127409-1960277300-1013031263-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2476127409-1960277300-1013031263-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/...eferrer:source}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Windows\SysWOW64\nmNsp.dll [241912] ()
Winsock: Catalog5-x64 08 %SystemRoot%\System32\nmNsp.dll [279040] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Extension: Add to Amazon Wish List Button - C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\Extensions\amznUWL2@amazon.com.xpi [2012-11-18]
FF Extension: Exif Viewer - C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2012-08-27]
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-12]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 4.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Invenda Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-18]
CHR Extension: (Raindrops) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil [2012-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Poppit) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-18]
CHR Extension: (Google Wallet) - C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

R2 Auth Service; C:\Windows\system32\authServer.exe [290816 2011-07-28] () [File not signed]
R2 Auth Service; C:\Windows\SysWOW64\authServer.exe [290816 2010-10-25] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
S4 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-09-24] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [354888 2014-04-28] (Verizon)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-08-07] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-08-07] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-06] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-02-24] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [233488 2010-03-29] (PC Tools)
R1 pctgntdi; C:\Windows\system32\drivers\pctgntdi64.sys [306648 2010-02-05] (PC Tools)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 07:59 - 2014-06-10 07:59 - 00019269 _____ () C:\Users\Emily Angehr\Desktop\FRST.txt
2014-06-09 21:15 - 2014-06-09 21:15 - 00000780 _____ () C:\Users\Emily Angehr\Desktop\JRT.txt
2014-06-09 20:59 - 2014-06-09 20:59 - 01016261 _____ (Thisisu) C:\Users\Emily Angehr\Desktop\JRT.exe
2014-06-09 19:43 - 2014-06-09 19:43 - 01333465 _____ () C:\Users\Emily Angehr\Desktop\adwcleaner_3.212.exe
2014-06-09 19:39 - 2014-06-09 19:39 - 00000000 ____D () C:\Users\Emily Angehr\Desktop\FRST-OlderVersion
2014-06-08 23:02 - 2014-06-08 23:03 - 00050024 _____ () C:\Users\Emily Angehr\Desktop\Addition.txt
2014-06-08 23:01 - 2014-06-10 07:59 - 00000000 ____D () C:\FRST
2014-06-08 23:00 - 2014-06-09 19:39 - 02080768 _____ (Farbar) C:\Users\Emily Angehr\Desktop\FRST64.exe
2014-06-08 22:56 - 2014-06-08 22:56 - 00000526 _____ () C:\Users\Emily Angehr\Desktop\MBR.zip
2014-06-08 22:55 - 2014-06-08 22:55 - 00001910 _____ () C:\Users\Emily Angehr\Desktop\aswMBR.txt
2014-06-08 22:55 - 2014-06-08 22:55 - 00000512 _____ () C:\Users\Emily Angehr\Desktop\MBR.dat
2014-06-08 20:07 - 2014-06-08 20:08 - 04745728 _____ (AVAST Software) C:\Users\Emily Angehr\Desktop\aswMBR.exe
2014-06-08 20:05 - 2014-06-08 20:05 - 00854367 _____ () C:\Users\Emily Angehr\Desktop\SecurityCheck.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00012017 _____ () C:\Users\Emily Angehr\Downloads\hijackthis.log
2014-06-04 16:01 - 2014-06-04 16:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emily Angehr\Downloads\HiJackThis.exe
2014-06-04 15:27 - 2014-06-10 07:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 15:27 - 2014-06-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 15:26 - 2014-06-04 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 15:26 - 2014-06-04 15:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Emily Angehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 15:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 15:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-31 11:29 - 2014-05-31 11:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(9).exe
2014-05-30 19:13 - 2014-05-30 19:13 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(8).exe
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 14:29 - 2014-05-30 14:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(7).exe
2014-05-29 16:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 12:13 - 2014-05-29 12:13 - 00000070 _____ () C:\Users\Emily Angehr\AppData\Roaming\mbam.context.scan
2014-05-28 18:09 - 2014-05-28 18:09 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(6).exe
2014-05-28 18:04 - 2014-05-28 18:04 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(5).exe
2014-05-26 19:20 - 2014-05-26 19:21 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(4).exe
2014-05-26 19:14 - 2014-05-26 19:14 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(3).exe
2014-05-22 19:56 - 2014-06-10 07:59 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForEmily Angehr.job
2014-05-22 19:56 - 2014-05-29 20:00 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEmily Angehr
2014-05-16 21:25 - 2014-05-16 21:28 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu (1).exe
2014-05-16 07:49 - 2014-06-04 09:31 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\DropboxMaster
2014-05-15 23:56 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 23:56 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 23:56 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 23:56 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 23:56 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 23:56 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 08:05 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:05 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:05 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:05 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:03 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:03 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:03 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:03 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:03 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:03 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:03 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:03 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:03 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:03 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:03 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:03 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:03 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:03 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:03 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:03 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:03 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 21:54 - 2014-05-13 21:54 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-11 21:09 - 2014-05-11 21:10 - 00023798 _____ () C:\Windows\wininit.ini
2014-05-11 21:02 - 2014-05-11 21:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 21:00 - 2014-05-11 21:02 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu.exe
2014-05-11 20:27 - 2014-05-11 21:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-11 20:27 - 2014-05-11 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2014-05-11 20:27 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-11 20:25 - 2014-05-11 20:25 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Emily Angehr\Downloads\spybot-2.3.exe
2014-05-11 20:19 - 2014-05-11 20:19 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller(1).exe
2014-05-11 20:12 - 2014-05-11 20:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller.exe

==================== One Month Modified Files and Folders =======

2014-06-10 07:59 - 2014-06-10 07:59 - 00019269 _____ () C:\Users\Emily Angehr\Desktop\FRST.txt
2014-06-10 07:59 - 2014-06-08 23:01 - 00000000 ____D () C:\FRST
2014-06-10 07:59 - 2014-05-22 19:56 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForEmily Angehr.job
2014-06-10 07:59 - 2010-07-20 05:38 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Local\Temp
2014-06-10 07:55 - 2014-06-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 07:55 - 2010-07-19 17:57 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 07:46 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:46 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 07:39 - 2013-01-30 08:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 07:39 - 2010-07-19 17:57 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 07:37 - 2013-12-17 12:11 - 00018441 _____ () C:\Windows\setupact.log
2014-06-10 07:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 21:35 - 2013-12-17 12:17 - 01686759 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 21:15 - 2014-06-09 21:15 - 00000780 _____ () C:\Users\Emily Angehr\Desktop\JRT.txt
2014-06-09 20:59 - 2014-06-09 20:59 - 01016261 _____ (Thisisu) C:\Users\Emily Angehr\Desktop\JRT.exe
2014-06-09 20:39 - 2013-12-17 12:11 - 00233328 _____ () C:\Windows\PFRO.log
2014-06-09 20:38 - 2014-03-01 11:28 - 00000000 ____D () C:\AdwCleaner
2014-06-09 19:43 - 2014-06-09 19:43 - 01333465 _____ () C:\Users\Emily Angehr\Desktop\adwcleaner_3.212.exe
2014-06-09 19:39 - 2014-06-09 19:39 - 00000000 ____D () C:\Users\Emily Angehr\Desktop\FRST-OlderVersion
2014-06-09 19:39 - 2014-06-08 23:00 - 02080768 _____ (Farbar) C:\Users\Emily Angehr\Desktop\FRST64.exe
2014-06-08 23:03 - 2014-06-08 23:02 - 00050024 _____ () C:\Users\Emily Angehr\Desktop\Addition.txt
2014-06-08 22:56 - 2014-06-08 22:56 - 00000526 _____ () C:\Users\Emily Angehr\Desktop\MBR.zip
2014-06-08 22:55 - 2014-06-08 22:55 - 00001910 _____ () C:\Users\Emily Angehr\Desktop\aswMBR.txt
2014-06-08 22:55 - 2014-06-08 22:55 - 00000512 _____ () C:\Users\Emily Angehr\Desktop\MBR.dat
2014-06-08 20:08 - 2014-06-08 20:07 - 04745728 _____ (AVAST Software) C:\Users\Emily Angehr\Desktop\aswMBR.exe
2014-06-08 20:05 - 2014-06-08 20:05 - 00854367 _____ () C:\Users\Emily Angehr\Desktop\SecurityCheck.exe
2014-06-08 09:14 - 2012-11-09 13:22 - 00000000 ____D () C:\Users\family - Jessie\AppData\Local\Temp
2014-06-07 21:19 - 2012-11-09 13:23 - 00000000 ___RD () C:\Users\family - Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-07 21:19 - 2012-11-09 13:23 - 00000000 ___RD () C:\Users\family - Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-05 19:34 - 2010-07-25 16:29 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-05 19:33 - 2011-11-10 10:45 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-04 16:02 - 2014-06-04 16:02 - 00012017 _____ () C:\Users\Emily Angehr\Downloads\hijackthis.log
2014-06-04 16:02 - 2014-06-04 16:01 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emily Angehr\Downloads\HiJackThis.exe
2014-06-04 15:47 - 2012-07-24 11:43 - 00000000 ___RD () C:\Users\Emily Angehr\Dropbox
2014-06-04 15:27 - 2014-06-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 15:27 - 2014-06-04 15:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 15:27 - 2010-08-21 10:47 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Malwarebytes
2014-06-04 15:27 - 2010-08-21 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-04 15:26 - 2014-06-04 15:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Emily Angehr\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 09:41 - 2011-12-09 09:11 - 00000000 ____D () C:\Windows\pss
2014-06-04 09:41 - 2010-07-20 05:43 - 00000000 ___RD () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 09:41 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 09:31 - 2014-05-16 07:49 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\DropboxMaster
2014-06-04 09:31 - 2012-07-24 10:57 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Dropbox
2014-06-04 09:30 - 2010-07-23 10:47 - 00180918 _____ () C:\ProgramData\lxebscan.log
2014-05-31 11:29 - 2014-05-31 11:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(9).exe
2014-05-31 11:29 - 2012-11-22 14:38 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\.minecraft
2014-05-31 10:41 - 2010-07-20 05:39 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 19:13 - 2014-05-30 19:13 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(8).exe
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-30 14:42 - 2014-01-25 15:41 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-05-30 14:42 - 2014-01-25 15:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-05-30 14:29 - 2014-05-30 14:29 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(7).exe
2014-05-29 20:00 - 2014-05-22 19:56 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEmily Angehr
2014-05-29 12:13 - 2014-05-29 12:13 - 00000070 _____ () C:\Users\Emily Angehr\AppData\Roaming\mbam.context.scan
2014-05-28 21:12 - 2010-11-30 11:10 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Skype
2014-05-28 18:09 - 2014-05-28 18:09 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(6).exe
2014-05-28 18:04 - 2014-05-28 18:04 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(5).exe
2014-05-26 19:21 - 2014-05-26 19:20 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(4).exe
2014-05-26 19:14 - 2014-05-26 19:14 - 00675988 _____ () C:\Users\Emily Angehr\Downloads\Minecraft(3).exe
2014-05-24 10:17 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 10:16 - 2012-07-24 11:43 - 00001043 _____ () C:\Users\Emily Angehr\Desktop\Dropbox.lnk
2014-05-24 10:16 - 2012-07-24 10:59 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 10:13 - 2013-08-17 21:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-17 15:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 21:28 - 2014-05-16 21:25 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu (1).exe
2014-05-16 07:47 - 2010-07-20 05:43 - 00000000 ___RD () C:\Users\Emily Angehr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:30 - 2014-05-06 22:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 23:55 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 23:52 - 2010-07-22 15:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 08:00 - 2014-01-01 22:01 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 08:00 - 2012-01-12 17:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 08:00 - 2012-01-12 17:13 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-13 21:54 - 2014-05-13 21:54 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 21:54 - 2013-01-30 08:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:54 - 2012-03-30 09:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 21:54 - 2011-05-27 09:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 07:50 - 2013-08-23 10:21 - 00001119 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-05-12 07:26 - 2014-06-04 15:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 15:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2010-08-21 10:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 21:10 - 2014-05-11 21:09 - 00023798 _____ () C:\Windows\wininit.ini
2014-05-11 21:09 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-11 21:02 - 2014-05-11 21:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-11 21:02 - 2014-05-11 21:00 - 02347384 _____ (ESET) C:\Users\Emily Angehr\Downloads\esetsmartinstaller_enu.exe
2014-05-11 20:28 - 2014-05-11 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-11 20:27 - 2014-05-11 20:27 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-11 20:25 - 2014-05-11 20:25 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Emily Angehr\Downloads\spybot-2.3.exe
2014-05-11 20:19 - 2014-05-11 20:19 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller(1).exe
2014-05-11 20:13 - 2014-03-06 22:07 - 00000000 ____D () C:\Users\Emily Angehr\AppData\Local\WinZip
2014-05-11 20:12 - 2014-05-11 20:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Emily Angehr\Downloads\tdsskiller.exe
2014-05-11 07:03 - 2012-04-25 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Emily Angehr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbhypzr.dll
C:\Users\Emily Angehr\AppData\Local\Temp\Quarantine.exe
C:\Users\family - Jessie\AppData\Local\Temp\msvcp100.dll
C:\Users\family - Jessie\AppData\Local\Temp\msvcr100.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:16

==================== End Of Log ============================



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 June 2014 - 10:05 AM

Hi lookingforaname,

If you still have this log from AdwCleaner please post it in your next reply.
AdwCleaner[S0].txt - [9251 octets] - [01/03/2014 11:30:23]

Complete any of the steps below that relate to the browsers you use.

bullseye_zpse9eaf36e.gif Disable Plug-ins in Google Chrome

  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Locate the Privacy Section, select Content Settings
  • In the pop up window scroll to Plug-Ins, select Disable individual plug-ins...
  • Locate the following plug-ins and set them to Disable:
    • AdChoices
  • NEXT

=========================

bullseye_zpse9eaf36e.gif Delete cache and other browser data in Chrome

  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
    • Clear browsing history
    • Clear download history
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Clear saved passwords
    • Clear saved Auto-fill form data
    • Clear data from hosted apps
    • De-authorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.

=========================

bullseye_zpse9eaf36e.gif Disable FireFox plug-in

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to disable.
    • AdChoices
    • McAfee Security Scan
  • Click the Disable button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

bullseye_zpse9eaf36e.gif Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)

  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
    • Cookies
    • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now

=========================

bullseye_zpse9eaf36e.gif Manage Add-Ons in Internet Explorer

  • Locate the ietoolsbutton.jpg in the upper right hand corner of the Internet Explorer browser window.
  • Left click, then choose Manage add-ons > Toolbars and Extensions
  • Locate the following add-ons (if present)
    • AdChoices
  • Select the add-on, and click the Disable button.
  • Do this for each entry present, then close

=========================

bullseye_zpse9eaf36e.gif Clear Browser Cache in IE11

  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button ietoolsbutton.jpg, and then select theGeneral tab, then select Browsing history select the Delete button.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • Cookies and website data
    • History
  • Click Delete

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • McAfee Security Scan

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • How is the computer running at the moment?
  • Are you being redirected by AdChoices or do they just appear in the webpages you view?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 lookingforaname

lookingforaname

    Authentic Member

  • Authentic Member
  • PipPip
  • 147 posts

Posted 10 June 2014 - 01:38 PM

Hi, thanks for your help.  I'm not seeing the Adchoices thing anymore.  I had only been seeing it in browser windows, it hadn't been redirecting (was it months ago when I started running random virus tools?  possibly - I've had so many viruses off in the past ten years over multiple computers that it starts blending together).  McAfee was also a recent thing I'm not sure when that got downloaded, but it wasn't intentional. 

 

When I went to remove/disable add-ons on all 3 browsers, none were there except McAfee and that had already been disabled.   Again, I may have already done that step working on this issue previously.

 

Here is the AdwCleaner from awhile back.

 

# AdwCleaner v3.020 - Report created 01/03/2014 at 10:30:23
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Emily Angehr - ANGEHR-HP
# Running from : C:\Users\Emily Angehr\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\DivX_Browser_Bar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Emily Angehr\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Emily Angehr\AppData\Local\StartNow
Folder Deleted : C:\Users\Emily Angehr\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Emily Angehr\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Emily Angehr\AppData\LocalLow\DivX_Browser_Bar
Folder Deleted : C:\Users\family - Jessie\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\family - Jessie\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\family - Jessie\AppData\LocalLow\verizontb
Folder Deleted : C:\Users\family - Jessie\AppData\Roaming\SearchProtect
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C21D1F22-9398-47B5-9E59-F37E590E4F8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0CCB2252-A9C2-45E4-A562-CEE161BAD856}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014
Ran by Emily Angehr at 2014-06-10 15:28:45 Run:2
Running from C:\Users\Emily Angehr\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-05-30 14:42 - 2014-05-30 14:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
*****************

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}'=> Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => Value not found.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
McComponentHostService => Service not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => File/Directory not found.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.

==== End of Fixlog ====
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DivX_Browser_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Emily Angehr\AppData\Roaming\Mozilla\Firefox\Profiles\om40z5p6.default\prefs.js ]

Line Deleted : user_pref("CT3288691.FF19Solved", "true");
Line Deleted : user_pref("CT3288691.UserID", "UN23166625502920410");
Line Deleted : user_pref("CT3288691.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3288691.fullUserID", "UN23166625502920410.IN.20130818152209");
Line Deleted : user_pref("CT3288691.installDate", "18/08/2013 15:22:09");
Line Deleted : user_pref("CT3288691.installSessionId", "{3DCADF08-E260-4113-9372-A35FADC9E7B3}");
Line Deleted : user_pref("CT3288691.installSp", "true");
Line Deleted : user_pref("CT3288691.installerVersion", "1.5.4.5");
Line Deleted : user_pref("CT3288691.keyword", "true");
Line Deleted : user_pref("CT3288691.originalHomepage", "hxxp://www.google.com/firefox");
Line Deleted : user_pref("CT3288691.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=");
Line Deleted : user_pref("CT3288691.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3288691.originalSearchEngineName", "");
Line Deleted : user_pref("CT3288691.searchRevert", "false");
Line Deleted : user_pref("CT3288691.searchUserMode", "2");
Line Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3288691.xpeMode", "0");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");

[ File : C:\Users\family - Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\v2qapc4e.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Emily Angehr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [9054 octets] - [01/03/2014 10:28:40]
AdwCleaner[S0].txt - [9087 octets] - [01/03/2014 10:30:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9147 octets] ##########
 



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 June 2014 - 03:55 PM

Hi lookingforaname,

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

  • VigienLen likes this
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users