Needing help with flash

LyndaV · June 16, 2014

My flash isnt working properly

flashh4 · June 16, 2014

Howdy and welcome to BestTechie !!!

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the Clean button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

NEXT

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

NEXT

Full System Scan with Malwarebytes Antimalware

    Please download http://www.malwarebytes.org/mbam-download.php Malwarebytes !

    Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

Please post these logs as you get them then continue on with the next in line !!

Thanks

Chuck

LyndaV · June 16, 2014

# AdwCleaner v3.212 - Report created 15/06/2014 at 20:38:51

# Updated 05/06/2014 by Xplode

# Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)

# Username : Lynda Bincent - LYNDALAPTOP

# Running from : C:\Users\Lynda Bincent\Downloads\adwcleaner_3.212 (1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Media Get LLC

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\iBryte

Folder Deleted : C:\Program Files\uTorrentControl_v2

Folder Deleted : C:\Program Files\Common Files\Spigot

Folder Deleted : C:\Users\Lynda Bincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

File Deleted : C:\Program Files\Mozilla Firefox\user.js

File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C7BD4D-4A0E-494D-A5C0-E6D2C4A81DD7}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C7BD4D-4A0E-494D-A5C0-E6D2C4A81DD7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKCU\Software\a68cd8b23beb42

Key Deleted : HKLM\SOFTWARE\a68cd8b23beb42

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225025

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1C619DC-1F8C-4EAC-8326-A86571D7E7FF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EE4B6F4-3677-4853-8166-28788CF3C035}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FD10651-262B-41F6-9576-BBB12878D780}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A08176C-7DE3-4D2C-8829-4398157B0433}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Coupons.com

Key Deleted : HKLM\Software\uTorrentControl_v2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7274 octets] - [15/06/2014 20:34:20]

AdwCleaner[R1].txt - [7330 octets] - [15/06/2014 20:35:55]

AdwCleaner[s0].txt - [7067 octets] - [15/06/2014 20:38:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7127 octets] ##########

flashh4 · June 16, 2014

Lynda, thanks for that log, please continue with the next programs !!

Thanks

Chuck

LyndaV · June 16, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x86
Ran by Lynda Bincent on Sun 06/15/2014 at 21:04:46.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-820361396-3150281825-3581644629-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_0_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/15/2014 at 21:11:30.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

flashh4 · June 16, 2014

Lynda, i must warn you about the use of P2P programs ! >>> uTorrent

P2P Warning

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htm
File sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers
USAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
infoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft
Below are a few more articles on P2P that you may wish to read ....
http://www.us-cert.gov/cas/tips/ST05-007.html
http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://www.benedelman.org/spyware/p2p/
http://www.pcworld.com/article/126230/i ... works.html

Either refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!!

Chuck

LyndaV · June 16, 2014

Thank you

flashh4 · June 16, 2014

Lynda forget the Malwarebytes log since it won't open right ! Lets continue with more cleaning & checking !!

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

NEXT

Download DDS and save it to your Desktop. >>> DDS

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

NEXT

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

+++++++++++++++++

Download OldTimer to your desk top !

If you already have a copy of OTL delete it and use this version.

* Double click OTL.exe to launch the program.
* Check the following.

   o Scan all users.
   o Standard Output.
   o Lop check.
   o Purity check.

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

   o OTL.txt (open on your desktop).
   o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

*This may have to be broken into more than one post !

Post next:

1. RougeKiller log

2. DDS log(s)

3. OTL Logs

Thanks

Chuck

Work on these as you have the time & post them, i will read threw them tomorrow & write up a fix !!

LyndaV · June 16, 2014

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lynda Bincent [Admin rights]

Mode : Scan -- Date : 06/16/2014 01:09:56

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 4 Â¤Â¤Â¤

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

Â¤Â¤Â¤ Scheduled tasks : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Files : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ HOSTS File : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Antirootkit : 11 Â¤Â¤Â¤

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x837421e8

[EAT:Addr] (iexplore.exe) jscript9.dll - DllCanUnloadNow : C:\Windows\System32\ieapfltr.dll @ 0x69c71845

[EAT:Addr] (iexplore.exe) jscript9.dll - DllGetClassObject : C:\Windows\System32\ieapfltr.dll @ 0x69c67390

[EAT:Addr] (iexplore.exe) jscript9.dll - DllRegisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca0fe0

[EAT:Addr] (iexplore.exe) jscript9.dll - DllUnregisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca1042

Â¤Â¤Â¤ Web browsers : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ MBR Check : Â¤Â¤Â¤

+++++ PhysicalDrive0: TOSHIBA MK8025GAL ATA Device +++++

--- User ---

[MBR] e83bb28b746d66711df4619ca8757469

[bSP] ef220eb94b0c0129ca22e6354ac2bd9d : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_SCN_06152014_235303.log

LyndaV · June 16, 2014

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.7.2

Run by Lynda Bincent at 1:27:28 on 2014-06-16

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\STacSV.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\aestsrv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - <orphaned>

BHO: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77} : DHCPNameServer = 97.64.209.36 97.64.168.13

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\2716D6164616 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\343405C4 : DHCPNameServer = 192.168.0.2

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\441697370294E6E60275962756C6563737 : DHCPNameServer = 68.87.68.166 68.87.74.166

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\D4162796F6E6F564275656F575966496 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\E4544574541425 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R? aswSnx;aswSnx

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? IEEtwCollectorService;Internet Explorer ETW Collector Service

R? LMIInfo;LogMeIn Kernel Information Provider

R? LMIRfsClientNP;LMIRfsClientNP

R? RdpVideoMiniport;Remote Desktop Video Miniport Driver

R? TsUsbFlt;TsUsbFlt

S? AESTFilters;Andrea ST Filters Service

S? btusbflt;Bluetooth USB Filter

S? LMIRfsDriver;LogMeIn Remote File System Driver

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? MBAMSwissArmy;MBAMSwissArmy

S? MBAMWebAccessControl;MBAMWebAccessControl

S? MpFilter;Microsoft Malware Protection Driver

S? MpKsl9763322e;MpKsl9763322e

S? MpKsl99dc4dc7;MpKsl99dc4dc7

S? NisDrv;Microsoft Network Inspection System

S? NisSrv;Microsoft Network Inspection

S? Skype C2C Service;Skype C2C Service

S? SmartDefragDriver;SmartDefragDriver

S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller

.

=============== Created Last 30 ================

.

2014-06-16 05:41:50 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\MpKsl99dc4dc7.sys

2014-06-16 04:06:45 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\MpKsl9763322e.sys

2014-06-16 04:06:18 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-06-16 04:06:16 -------- d-----w- c:\programdata\RogueKiller

2014-06-16 02:36:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-16 02:34:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-06-16 02:34:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-06-16 02:34:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-06-16 02:34:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-06-16 02:33:27 -------- d-----w- c:\users\lynda bincent\appdata\local\Programs

2014-06-16 02:04:37 -------- d-----w- c:\windows\ERUNT

2014-06-16 01:35:38 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-06-16 01:33:51 -------- d-----w- C:\AdwCleaner

2014-06-15 18:55:47 -------- d-----w- c:\users\lynda bincent\appdata\local\Google

2014-06-15 14:22:02 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\mpengine.dll

2014-06-14 03:58:09 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1666548a-d9fa-4493-a19d-72b1734d3a65}\gapaengine.dll

2014-06-14 03:56:10 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2014-06-11 21:59:22 1389056 ----a-w- c:\windows\system32\msxml6.dll

2014-06-11 21:59:21 2048 ----a-w- c:\windows\system32\msxml6r.dll

2014-06-11 21:59:21 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-06-11 21:59:21 1237504 ----a-w- c:\windows\system32\msxml3.dll

2014-06-11 21:59:17 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2014-06-11 21:59:17 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2014-06-11 21:59:12 391680 ----a-w- c:\windows\system32\aepdu.dll

2014-06-11 21:59:12 302592 ----a-w- c:\windows\system32\aeinv.dll

2014-06-11 21:58:57 626688 ----a-w- c:\windows\system32\usp10.dll

2014-06-11 12:29:15 2742784 ----a-w- c:\windows\system32\rdpcorets.dll

2014-06-11 12:29:15 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2014-06-04 19:07:27 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2014-05-29 04:05:19 5694464 ----a-w- c:\windows\system32\mstscax.dll

2014-05-26 19:59:09 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2014-05-26 19:58:59 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-05-26 19:58:56 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2014-05-26 19:58:52 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2014-05-26 19:58:52 17920 ----a-w- c:\windows\system32\wksprtPS.dll

2014-05-26 19:58:52 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-05-26 19:58:51 53248 ----a-w- c:\windows\system32\tsgqec.dll

2014-05-26 19:58:50 855552 ----a-w- c:\windows\system32\rdvidcrl.dll

2014-05-26 19:58:50 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe

2014-05-26 19:58:50 350208 ----a-w- c:\windows\system32\wksprt.exe

2014-05-26 19:58:49 1068544 ----a-w- c:\windows\system32\mstsc.exe

2014-05-26 19:53:33 -------- d-----w- c:\program files\Microsoft

2014-05-26 19:51:20 -------- d-----w- c:\windows\Temp2EF300B1-A887-8409-8FAC-7BAE39C870AA-Signatures

2014-05-26 19:08:24 -------- d-----w- c:\program files\Microsoft Security Client

2014-05-26 18:20:49 792576 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-05-25 03:13:58 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-05-24 01:18:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-23 17:20:09 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{06d3b6ff-f369-4ece-a200-e72c2b7851a7}\mpengine.dll

2014-05-23 16:30:03 -------- d-sh--w- c:\users\lynda bincent\appdata\local\EmieUserList

2014-05-23 16:30:03 -------- d-sh--w- c:\users\lynda bincent\appdata\local\EmieSiteList

2014-05-23 16:25:57 -------- d-sh--w- C:\found.000

2014-05-18 09:54:13 -------- d-s---w- c:\windows\system32\CompatTel

2014-05-18 08:42:15 -------- d-----w- c:\windows\system32\MRT

2014-05-18 08:07:46 640512 ----a-w- c:\windows\system32\advapi32.dll

2014-05-18 08:07:46 619520 ----a-w- c:\windows\system32\tdh.dll

2014-05-18 08:07:46 1289096 ----a-w- c:\windows\system32\ntdll.dll

2014-05-18 08:07:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2014-05-18 08:07:08 231424 ----a-w- c:\windows\system32\mswsock.dll

2014-05-17 23:02:46 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2014-05-17 23:02:46 185344 ----a-w- c:\windows\system32\wwansvc.dll

2014-05-17 23:02:42 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2014-05-17 23:02:42 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys

2014-05-17 23:02:42 2048 ----a-w- c:\windows\system32\iologmsg.dll

2014-05-17 23:02:42 149440 ----a-w- c:\windows\system32\drivers\storport.sys

2014-05-17 23:01:59 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-05-17 22:52:27 381440 ----a-w- c:\windows\system32\wer.dll

2014-05-17 20:58:47 -------- d-----w- C:\007295d5d97d96774a

2014-05-17 20:54:42 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2014-05-17 20:54:39 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

.

==================== Find3M ====================

.

2014-06-15 18:55:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-15 18:55:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll

2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll

2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll

2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll

2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe

2013-06-07 17:55:12 4167680 ----a-w- c:\program files\GUT34ED.tmp

.

============= FINISH: 1:29:58.91 ===============

LyndaV · June 16, 2014

.

==== Installed Programs ======================

.

Adobe Flash Player 13 Plugin

Adobe Flash Player 14 ActiveX

Apple Application Support

Apple Software Update

CCleaner

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Facebook Video Calling 1.2.0.287

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java 7 Update 7

Java Auto Updater

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

Malwarebytes Anti-Malware version 2.0.2.1012

Microsoft .NET Framework 4.5.1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

PerfectDisk 11 Professional

PokÃ©mon Trading Card Game Online

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Skype Click to Call

Smart Defrag 2

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

WinZip 16.5

.

==== End Of File ===========================

flashh4 · June 16, 2014

Good Morning (here) Lynda, we are gaining on the cleaning !

Did you forget to run & post the OTL log for me ???? The instructions are above in my last post !

I need it before you finish my instructions below !!

==========================

We need to run the RougeKiller again with these instructions this time !

Open RogueKiller :
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+

NEXT

Go to your control panel & under the add/remove /uninstall programs please remove these, if present !

1. Java 7 Update 7

NEXT

Please download Farbar Service Scanner and run it on the computer with the issue. >>> http://download.bleepingcomputer.com/farbar/FSS.exe

    Make sure the following options are checked:
       * Internet Services
      * Windows Firewall
       * System Restore
    Press "Scan" .
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

Please post next:

1. OTL Log

2. RougeKiller log

3. FSS TXT log

Thanks

Chuck

LyndaV · June 16, 2014

OTL logfile created on: 6/16/2014 9:25:30 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lynda Bincent\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 141.95 Mb Available Physical Memory | 13.98% Memory free

1.99 Gb Paging File | 0.83 Gb Available in Paging File | 41.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 50.78 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: LYNDALAPTOP | User Name: Lynda Bincent | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/16 08:47:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lynda Bincent\Downloads\OTL.exe

PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2013/01/09 13:38:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/09/21 17:49:10 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/09/21 17:49:10 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\stacsv.exe

PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\AEstSrv.exe

========== Modules (No Company Name) ==========

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

========== Services (SafeList) ==========

SRV - [2014/06/15 13:55:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/05/18 03:09:37 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/09/21 17:49:10 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\stacsv.exe -- (STacSV)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\LYNDAB~1\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | Auto | Stopped] -- -- (LMIInfo)

DRV - [2014/06/16 08:06:04 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2014/06/16 00:41:50 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4D0FA3D-ACEF-4ADA-AB95-0DE88D03F0C6}\MpKsl99dc4dc7.sys -- (MpKsl99dc4dc7)

DRV - [2014/06/15 23:06:45 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4D0FA3D-ACEF-4ADA-AB95-0DE88D03F0C6}\MpKsl9763322e.sys -- (MpKsl9763322e)

DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/12/10 20:01:01 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/10/15 12:32:35 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/05/23 17:35:39 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/08/11 09:10:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/09/21 17:49:10 | 000,418,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)

DRV - [2008/07/26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

IE - HKLM\..\URLSearchHook: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 3E 9D C9 A0 FD CE 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS521

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

[2012/09/10 07:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\

CHR - Extension: Google Drive = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\

CHR - Extension: YouTube = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

CHR - Extension: Gmail = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}: DhcpNameServer = 97.64.209.36 97.64.168.13

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (SmartDefragBootTime.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

LyndaV · June 16, 2014

========== Files/Folders - Created Within 30 Days ==========

[2014/06/15 23:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller

[2014/06/15 21:36:16 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/06/15 21:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/06/15 21:34:37 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2014/06/15 21:34:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2014/06/15 21:34:36 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2014/06/15 21:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/06/15 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Local\Programs

[2014/06/15 21:04:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/06/15 20:35:38 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/06/15 20:33:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/06/15 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Roaming\Google

[2014/06/15 13:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/06/15 13:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2014/06/15 13:55:47 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Local\Google

[2014/06/11 16:59:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2014/06/11 16:59:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2014/06/11 16:59:17 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2014/06/11 16:59:12 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014/06/11 16:59:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014/06/11 07:29:15 | 002,742,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2014/06/11 07:29:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll

[2014/05/26 14:59:09 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll

[2014/05/26 14:58:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

[2014/05/26 14:58:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys

[2014/05/26 14:58:52 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll

[2014/05/26 14:58:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll

[2014/05/26 14:58:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

[2014/05/26 14:58:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2014/05/26 14:58:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll

[2014/05/26 14:58:50 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe

[2014/05/26 14:58:50 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe

[2014/05/26 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2014/05/26 14:51:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp2EF300B1-A887-8409-8FAC-7BAE39C870AA-Signatures

[2014/05/26 14:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2014/05/26 13:20:49 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll

[2014/05/24 22:13:58 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2014/05/23 20:18:19 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/05/23 11:30:03 | 000,000,000 | -HSD | C] -- C:\Users\Lynda Bincent\AppData\Local\EmieUserList

[2014/05/23 11:30:03 | 000,000,000 | -HSD | C] -- C:\Users\Lynda Bincent\AppData\Local\EmieSiteList

[2014/05/23 11:25:57 | 000,000,000 | -HSD | C] -- C:\found.000

[2014/05/18 04:54:13 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel

[2014/05/18 03:42:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

[2014/05/18 03:09:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2014/05/18 03:09:43 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2014/05/18 03:09:43 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2014/05/18 03:09:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/05/18 03:09:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2014/05/18 03:09:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/05/18 03:09:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2014/05/18 03:09:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/05/18 03:09:41 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2014/05/18 03:09:41 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/05/18 03:09:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/05/18 03:09:40 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/05/18 03:09:40 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/05/18 03:09:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/05/18 03:09:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/05/18 03:09:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/05/18 03:09:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/05/18 03:09:39 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/05/18 03:09:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/05/18 03:09:39 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/05/18 03:09:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2014/05/18 03:09:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2014/05/18 03:09:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2014/05/18 03:09:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2014/05/18 03:09:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/05/18 03:09:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2014/05/18 03:09:37 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/05/18 03:09:37 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/05/18 03:09:37 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2014/05/18 03:09:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2014/05/18 03:09:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/05/18 03:09:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2014/05/18 03:09:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2014/05/18 03:09:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/05/18 03:09:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/05/18 03:09:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2014/05/18 03:09:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/05/18 03:09:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2014/05/18 03:09:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/05/18 03:09:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/05/18 03:09:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/05/18 03:07:46 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll

[2014/05/17 18:03:22 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2014/05/17 18:03:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2014/05/17 18:03:05 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2014/05/17 18:03:04 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2014/05/17 18:03:02 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll

[2014/05/17 18:03:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2014/05/17 18:03:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll

[2014/05/17 18:03:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll

[2014/05/17 18:03:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll

[2014/05/17 18:03:01 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll

[2014/05/17 18:03:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll

[2014/05/17 18:03:01 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll

[2014/05/17 18:03:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2014/05/17 18:02:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll

[2014/05/17 18:02:42 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2014/05/17 18:02:42 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2014/05/17 18:02:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll

[2014/05/17 17:52:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll

[2014/05/17 15:58:47 | 000,000,000 | ---D | C] -- C:\007295d5d97d96774a

[2014/05/17 15:54:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/16 09:07:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/06/16 08:55:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/06/16 08:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000UA.job

[2014/06/16 08:07:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000UA.job

[2014/06/16 08:06:04 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/06/16 00:42:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/06/16 00:42:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/06/16 00:41:44 | 000,026,624 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys

[2014/06/16 00:32:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/06/16 00:32:36 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2014/06/16 00:32:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/06/16 00:32:13 | 798,466,048 | -HS- | M] () -- C:\hiberfil.sys

[2014/06/15 22:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000Core.job

[2014/06/15 21:35:31 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/15 21:24:09 | 000,008,442 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Needing help with flash - Malware Removal - BestTechie Forums.url

[2014/06/15 18:58:40 | 000,002,225 | ---- | M] () -- C:\Users\Lynda Bincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/15 14:32:34 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/06/15 14:07:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000Core.job

[2014/06/15 13:55:03 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2014/06/15 13:55:03 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2014/06/09 17:33:56 | 000,000,216 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Lynda Vincent.url

[2014/06/09 17:32:14 | 000,000,176 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\QuiBids, The Best Online Auction Site! - QuiBids.com.url

[2014/06/09 17:31:43 | 000,000,164 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Electronics, Cars, Fashion, Collectibles, Coupons and More eBay.url

[2014/06/08 03:48:16 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014/06/08 03:43:43 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014/06/07 22:26:25 | 000,055,109 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Tornado.jpg

[2014/06/07 18:56:25 | 000,038,528 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\BEAUTIFUL CLOUDS.jpg

[2014/05/26 14:53:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/05/26 12:32:20 | 000,232,114 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\census.cache

[2014/05/26 12:32:19 | 000,121,015 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\ars.cache

[2014/05/26 11:19:04 | 000,000,010 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\sponge.last.runtime.cache

[2014/05/26 11:12:27 | 000,000,036 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\housecall.guid.cache

[2014/05/26 10:33:05 | 000,081,550 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Kk and Me.jpg

[2014/05/26 10:32:16 | 000,011,488 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Hurt with Truth but never with a lie.jpg

[2014/05/26 10:32:16 | 000,003,594 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynn.jpg

[2014/05/26 10:31:42 | 000,409,552 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynda.htm

[2014/05/26 10:21:51 | 000,050,938 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynda.jpg

[2014/05/23 20:20:25 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/05/23 20:20:25 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/05/18 04:59:42 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014/05/18 03:09:45 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2014/05/18 03:09:43 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2014/05/18 03:09:43 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2014/05/18 03:09:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/05/18 03:09:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2014/05/18 03:09:43 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/05/18 03:09:42 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2014/05/18 03:09:42 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/05/18 03:09:42 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/05/18 03:09:41 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/05/18 03:09:41 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2014/05/18 03:09:41 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/05/18 03:09:40 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/05/18 03:09:40 | 000,575,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/05/18 03:09:40 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/05/18 03:09:40 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/05/18 03:09:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/05/18 03:09:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/05/18 03:09:40 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2014/05/18 03:09:39 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/05/18 03:09:39 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/05/18 03:09:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2014/05/18 03:09:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2014/05/18 03:09:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2014/05/18 03:09:39 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2014/05/18 03:09:38 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/05/18 03:09:38 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2014/05/18 03:09:37 | 004,254,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/05/18 03:09:37 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/05/18 03:09:37 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/05/18 03:09:37 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2014/05/18 03:09:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2014/05/18 03:09:37 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/05/18 03:09:37 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2014/05/18 03:09:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2014/05/18 03:09:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/05/18 03:09:37 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/05/18 03:09:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2014/05/18 03:09:37 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/05/18 03:09:37 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2014/05/18 03:09:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/05/18 03:09:37 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/05/18 03:07:46 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/15 23:06:18 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys

[2014/06/15 21:35:31 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/15 21:24:08 | 000,008,442 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Needing help with flash - Malware Removal - BestTechie Forums.url

[2014/06/15 14:34:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2014/06/15 13:58:36 | 000,002,225 | ---- | C] () -- C:\Users\Lynda Bincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/15 13:58:36 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/06/15 13:56:01 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/06/15 13:55:59 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/06/09 17:33:54 | 000,000,216 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Lynda Vincent.url

[2014/06/09 17:32:14 | 000,000,176 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\QuiBids, The Best Online Auction Site! - QuiBids.com.url

[2014/06/09 17:31:42 | 000,000,164 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Electronics, Cars, Fashion, Collectibles, Coupons and More eBay.url

[2014/06/07 22:27:05 | 000,055,109 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Tornado.jpg

[2014/06/07 18:58:05 | 000,038,528 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\BEAUTIFUL CLOUDS.jpg

[2014/05/26 14:09:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2014/05/26 12:32:20 | 000,232,114 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\census.cache

[2014/05/26 12:32:19 | 000,121,015 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\ars.cache

[2014/05/26 11:19:04 | 000,000,010 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\sponge.last.runtime.cache

[2014/05/26 11:12:27 | 000,000,036 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\housecall.guid.cache

[2014/05/26 10:36:52 | 000,081,550 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Kk and Me.jpg

[2014/05/26 10:34:57 | 000,011,488 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Hurt with Truth but never with a lie.jpg

[2014/05/26 10:33:00 | 000,003,594 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynn.jpg

[2014/05/26 10:31:41 | 000,409,552 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynda.htm

[2014/05/26 10:23:11 | 000,050,938 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynda.jpg

[2014/05/18 03:09:40 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/03/06 13:07:17 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2012/09/25 16:56:59 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/18 11:08:32 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/12/18 11:08:32 | 000,351,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/07 18:11:21 | 000,000,000 | ---D | M] -- C:\Users\Lynda Bincent\AppData\Roaming\DVDVideoSoft

[2013/06/07 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Lynda Bincent\AppData\Roaming\IObit

========== Purity Check ==========

< End of report >

LyndaV · June 16, 2014

OTL Extras logfile created on: 6/16/2014 9:25:30 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lynda Bincent\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 141.95 Mb Available Physical Memory | 13.98% Memory free

1.99 Gb Paging File | 0.83 Gb Available in Paging File | 41.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 50.78 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: LYNDALAPTOP | User Name: Lynda Bincent | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05573ABF-35C3-47D3-85D4-ABB81AC38AC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{130F7C14-E4A4-4679-ADF5-0B698A5FDA2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{146B3FE4-4D51-4DEB-AB67-25DE7C993155}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{23D614C2-F8CA-491F-B233-47CCA9E579B4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{247FF247-B826-4F41-8824-3B96F4029479}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2EF1F80A-B174-4AE4-8760-2BEEEC9FA544}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{38B10EBE-27AC-470B-B4E4-B46E4B2EE712}" = rport=445 | protocol=6 | dir=out | app=system |

"{410D3E97-9295-43A6-B2E7-020A1CE9010D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{45E01EAA-EFFA-4B23-81F8-07273067B306}" = rport=138 | protocol=17 | dir=out | app=system |

"{4CE47743-2186-46AE-9AB4-D803B35486CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5253A24A-3533-491D-84DF-29CE86520C62}" = lport=137 | protocol=17 | dir=in | app=system |

"{5D042874-3FFD-4C81-BE1B-81811FF22904}" = lport=138 | protocol=17 | dir=in | app=system |

"{6F10BAAC-B67F-4181-8EE4-607C76EF3C8A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7738EB84-08A4-47E9-80BD-979D776BFA6F}" = lport=445 | protocol=6 | dir=in | app=system |

"{879E4921-A47B-48ED-B368-07165AF165C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{9250A6BA-74FF-47E1-9D73-A8844BF565A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{96F6E91A-3F53-4FEA-A228-9AD2364C5D4F}" = lport=139 | protocol=6 | dir=in | app=system |

"{97D8D5AF-CCE8-4FED-9D41-D3A3AC267DBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9FD0016A-8F13-42A9-B5DA-D9BEDEF23803}" = rport=139 | protocol=6 | dir=out | app=system |

"{A0F20905-D1C7-4D6A-9AFB-25755D6DC53F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BAC3AB67-0D45-417A-8BF6-DA7AEC3826C7}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C2DADFFF-072D-4F3D-A2F3-3A08AA2DCE16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CA00D4E1-89CD-4FDA-B3A5-11917051A4FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CF419647-D89E-4C22-8B6A-E6D9962609DA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D136B570-F0C7-47F7-8C2B-4740EC10D073}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D9623B32-57A6-408C-9EFB-2E4EB4A2C9A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E1C9146D-48AE-4AC0-98DF-AE4D95F56D32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC545A51-C26C-4898-93C7-87F9E44A3E61}" = rport=137 | protocol=17 | dir=out | app=system |

"{ED76692F-E847-4176-B462-00DF1259EC57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F98B70FF-E14D-4159-A26A-2D57DE352CDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FC1160AC-71DC-48CC-8168-978AB1E5BBD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FDCA3F77-C59D-46F0-B360-9E4111A4C6A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{25AD6C30-B525-47A0-8525-0B2442FED18C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2EE305CD-5D50-4CF0-BA00-82981B316CA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{37054615-9177-4321-8CAF-FCDE016876E5}" = protocol=17 | dir=in | app=c:\users\duane\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{3C33BB9B-E2D5-413C-93EB-287CC21364E4}" = protocol=1 | dir=out | [email protected],-28544 |

"{407D0D1B-34E1-42B3-A69E-1E149D71F260}" = protocol=6 | dir=in | app=c:\users\duane\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{45736AED-8F12-4820-A9D4-613C4D473F21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{4983B103-678B-42F4-8491-624D7E718C50}" = protocol=58 | dir=out | [email protected],-28546 |

"{65456A35-D9F8-446D-9153-FF00B3C0E80F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{66BE8E71-D679-4628-BF40-EBF7F922C926}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6DE4154C-2A18-4CF4-9E1A-B154BD643694}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7A96058F-CE64-4175-8F51-9BA764918A04}" = protocol=1 | dir=in | [email protected],-28543 |

"{89BDF013-BA4E-4BFC-B6BF-30AA5E12C9BA}" = protocol=6 | dir=out | app=system |

"{89CF99E3-FDCA-44A1-8D3A-93BD47D7E9E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AA05C409-14EF-4D5F-A3BF-C47E9B952434}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B63D8A6A-AB9D-4A73-99FA-9540E097D191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BAA20A52-9FAD-4885-8340-E9CB8E32CF9E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{BD46B986-F68F-442C-B771-4F9358C7424B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C1A09A1C-6AFE-44B6-AD6E-27D137F319DE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{C67CF20F-3B84-4D05-92BB-33E9EDC7CBE8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C7FC13C1-29B5-4601-BB27-C2CAB7A7362A}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{D9C07777-E3A7-46E7-8BB2-FFF13119D56C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{DD22B246-4842-4A98-A72C-5AB52A401ADB}" = protocol=58 | dir=in | [email protected],-28545 |

"{DD543B16-1215-4CDA-8888-B4072292FF7B}" = dir=in | app=c:\users\duane\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{EB17C3E3-3545-49CE-9959-ED5308266312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F060E994-A608-490D-ADB0-73EFECA6E55F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F3B11E89-183B-4DE9-873B-5AAC61EE1872}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{F97B51AD-6942-4DAB-9430-FE99F5246E72}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}" = WinZip 16.5

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin

"CCleaner" = CCleaner

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"Logitech Vid" = Logitech Vid HD

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Smart Defrag 2_is1" = Smart Defrag 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 6/15/2014 10:26:58 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/15/2014 10:27:55 PM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/15/2014 11:15:48 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%2

Error - 6/15/2014 11:15:57 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/15/2014 11:16:56 PM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/16/2014 1:32:25 AM | Computer Name = LyndaLaptop | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:19:38 AM on ?6/?16/?2014 was unexpected.

Error - 6/16/2014 1:32:36 AM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%2

Error - 6/16/2014 1:32:53 AM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/16/2014 1:33:35 AM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/16/2014 3:01:14 AM | Computer Name = LyndaLaptop | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

< End of report >

LyndaV · June 16, 2014

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lynda Bincent [Admin rights]

Mode : Remove -- Date : 06/16/2014 10:38:09

Â¤Â¤Â¤ Bad processes : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Registry Entries : 6 Â¤Â¤Â¤

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> NOT SELECTED

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> NOT SELECTED

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

Â¤Â¤Â¤ Scheduled tasks : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Files : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ HOSTS File : 0 Â¤Â¤Â¤

Â¤Â¤Â¤ Antirootkit : 8 Â¤Â¤Â¤