Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Post avast keeps repeting same16 threats, music plays auto, things running in background

    tryied to add as attachment but could not hope u can help.

    Ryan
    i could not find the button that says notify on repost

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 03/10/2014 at 04:28 PM

    Application Version : 5.7.1018

    Core Rules Database Version : 11084
    Trace Rules Database Version: 8896

    Scan type : Complete Scan
    Total Scan Time : 00:10:44

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC Off - Administrator

    Memory items scanned : 624
    Memory threats detected : 0
    Registry items scanned : 70274
    Registry threats detected : 0
    File items scanned : 15500
    File threats detected : 20

    Adware.Tracking Cookie
    C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Cookies\WINV16Q1.txt [ /atdmt.com ]
    C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Cookies\APAWLGGB.txt [ /c.atdmt.com ]
    C:\USERS\MELINDA\Cookies\APAWLGGB.txt [ Cookie:melinda@c.atdmt.com/ ]
    .doubleclick.net [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    stats.adotube.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    media1.ancestry.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    media1.ancestry.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MELINDA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.03.05.12

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Melinda :: MININT-PU3KMGO [administrator]

    3/10/2014 4:32:13 PM
    mbam-log-2014-03-10 (16-32-13).txt

    Scan type: Full scan (C:\|D:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 351645
    Time elapsed: 47 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 5:23:52 PM, on 3/10/2014
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17267)


    Boot mode: Normal

    Running processes:
    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Users\Melinda\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    O4 - HKLM\..\Run: [pcreg] C:\Program Files\pcreg\service.exe
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [C3] C:\Program Files (x86)\Vivox\C3\c3.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [pcreg] C:\Program Files\pcreg\service.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater18.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11372 bytes

  2. The Following User Says Thank You to lions6281 For This Useful Post:


  3. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. The Following User Says Thank You to fireman4it For This Useful Post:


  5. #3
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Default

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-03-2014 01
    Ran by Melinda (administrator) on MININT-PU3KMGO on 10-03-2014 19:52:52
    Running from C:\Users\Melinda\Desktop
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
    () C:\Program Files\pcreg\pcreg.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
    HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
    HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
    HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
    HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-03] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2539544 2014-03-02] ()
    HKLM-x32\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-09] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [C3] - C:\Program Files (x86)\Vivox\C3\c3.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {2522b59a-343b-11e1-96b4-f04da25d6069} - F:\TL_Bootstrap.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {6444c980-55eb-11e0-a0b3-806e6f6e6963} - E:\TurboTax_Promotional_CD.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {c2ad2bca-4c0f-11e2-8327-f04da25d6069} - F:\iLinker.exe
    AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found
    AppInit_DLLs: c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll => c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll File Not Found
    AppInit_DLLs: c:\progra~3\wincert\win64c~1.dll => c:\progra~3\wincert\win64c~1.dll File Not Found
    AppInit_DLLs: c:\progra~2\linkey\ieexte~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=f1f30145-415f-488f-9f61-39b76a7a2022&searchtype=ds&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {1D2AD774-4942-425E-AD03-EC65E04ACA4E} URL = http://websearch.ask.com/redirect?client=ie&tb=LPY&o=100000042&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=V8&apn_dtid=YYYYYYYYUS&apn_uid=428cf9f8-da62-424b-8622-0b46f74fbf3a&apn_sauid=667024A4-2512-41E7-AEB2-024440925C29&
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR HomePage:
    CHR DefaultSearchKeyword: ask.com
    CHR DefaultSearchProvider: default-search.net
    CHR DefaultSearchURL: http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Display Engine v2) - C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-29]
    CHR Extension: (Google Search) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-29]
    CHR Extension: (avast! Online Security) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-09]
    CHR Extension: (RealDownloader) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-03]
    CHR Extension: (VideoDownloadConverter) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-28]
    CHR Extension: (Google Wallet) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-29]
    CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-09]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-09] (AVAST Software)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [25600 2014-01-20] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-02] (AVG Secure Search)

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-09] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-09] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
    R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [66600 2009-12-22] (Atheros Communications, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-10 19:52 - 2014-03-10 19:53 - 00019130 _____ () C:\Users\Melinda\Desktop\FRST.txt
    2014-03-10 19:52 - 2014-03-10 19:52 - 00000000 ____D () C:\FRST
    2014-03-10 19:51 - 2014-03-10 19:52 - 02157056 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
    2014-03-10 15:53 - 2014-03-10 17:23 - 00011374 _____ () C:\Users\Melinda\Desktop\hijackthis.log
    2014-03-10 15:53 - 2014-03-10 15:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Melinda\Desktop\HijackThis.exe
    2014-03-10 15:37 - 2014-03-10 15:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG Secure Search
    2014-03-09 21:00 - 2014-03-09 21:00 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-09 21:00 - 2014-03-09 21:00 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\AVAST Software
    2014-03-09 20:59 - 2014-03-09 21:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-09 20:59 - 2014-03-09 20:59 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-03-09 20:59 - 2014-03-09 20:59 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-03-09 20:59 - 2014-03-09 20:59 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-03-09 20:58 - 2014-03-09 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-03-09 20:32 - 2014-03-09 20:33 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{E8DCA3AF-3FAF-4916-96B0-4A85A13B1C98}
    2014-03-09 20:03 - 2014-03-10 15:37 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-08 21:43 - 2014-03-10 15:37 - 00000448 _____ () C:\Windows\setupact.log
    2014-03-08 21:43 - 2014-03-08 21:43 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-08 13:04 - 2014-03-08 20:10 - 00007604 _____ () C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
    2014-03-05 19:37 - 2014-03-09 20:12 - 00000083 _____ () C:\Windows\system32\yeinljl.zmv
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000064 _____ () C:\Windows\system32\zejun.ksd
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000000 _____ () C:\Windows\system32\vfxe.rne
    2014-03-05 19:11 - 2014-03-05 19:11 - 00268613 ____S () C:\Windows\system32\uxuru.kgk
    2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{19FE99FE-7C46-4847-ABD9-55BC5F440ADF}
    2014-03-03 07:36 - 2014-03-03 07:36 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{0621C30C-412C-4F55-A68C-93FDD6640DC9}
    2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search
    2014-02-27 02:43 - 2014-03-10 15:37 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-02-27 02:43 - 2014-02-28 20:58 - 00000000 ____D () C:\Program Files (x86)\Bench
    2014-02-27 02:42 - 2014-02-27 02:43 - 00000000 ____D () C:\Program Files (x86)\runonce
    2014-02-25 23:45 - 2014-02-25 23:45 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{8ECF2A06-6771-4F9D-8464-90CC73234E53}
    2014-02-25 08:29 - 2014-02-25 08:29 - 00000000 ____D () C:\Users\Melinda\AppData\Local\SearchProtect
    2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{2AE8DC07-CB34-4E5F-B1C1-2BFA309F5AA8}
    2014-02-23 10:44 - 2014-03-10 15:37 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:45 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:45 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:44 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-22 21:27 - 2014-02-22 21:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-02-22 18:27 - 2014-02-22 18:27 - 05814000 _____ (TeamViewer GmbH) C:\Users\Melinda\Downloads\TeamViewer_Setup_en (3).exe
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BrowserProtect
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\Browser Manager
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BitGuard
    2014-02-22 17:39 - 2014-02-22 17:39 - 00000000 ____D () C:\Users\Melinda\Documents\PC Speed Maximizer
    2014-02-22 17:34 - 2014-03-02 18:59 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-02-22 17:34 - 2014-02-22 17:35 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG SafeGuard toolbar
    2014-02-22 17:34 - 2014-02-22 17:34 - 00003706 _____ () C:\Windows\System32\Tasks\pcreg
    2014-02-22 17:34 - 2014-02-22 17:34 - 00000000 ____D () C:\Program Files\pcreg
    2014-02-22 17:33 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Users\Melinda\Documents\My Cheat Tables
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\Linkey
    2014-02-22 17:33 - 2013-11-13 23:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
    2014-02-20 19:54 - 2014-02-20 19:54 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{533EB05E-52E6-4A40-A6F9-F3CE12C6BC90}
    2014-02-15 21:13 - 2014-02-15 21:13 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
    2014-02-15 21:05 - 2014-02-15 21:11 - 94656600 _____ () C:\Users\Melinda\Downloads\w_turbotax_1040_dlx_2013.120.0100.exe
    2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{EBB3A552-43F6-4BB3-8B9A-C4D89AD008A4}

    ==================== One Month Modified Files and Folders =======

    2014-03-10 19:53 - 2014-03-10 19:52 - 00019130 _____ () C:\Users\Melinda\Desktop\FRST.txt
    2014-03-10 19:52 - 2014-03-10 19:52 - 00000000 ____D () C:\FRST
    2014-03-10 19:52 - 2014-03-10 19:51 - 02157056 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
    2014-03-10 19:27 - 2011-04-12 19:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-10 19:24 - 2012-07-30 00:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-10 17:24 - 2012-12-22 20:34 - 00000000 ____D () C:\Users\Melinda\Desktop\help2go
    2014-03-10 17:23 - 2014-03-10 15:53 - 00011374 _____ () C:\Users\Melinda\Desktop\hijackthis.log
    2014-03-10 15:53 - 2014-03-10 15:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Melinda\Desktop\HijackThis.exe
    2014-03-10 15:44 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-10 15:44 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-10 15:41 - 2011-03-24 01:55 - 01572471 _____ () C:\Windows\WindowsUpdate.log
    2014-03-10 15:41 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-10 15:37 - 2014-03-10 15:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG Secure Search
    2014-03-10 15:37 - 2014-03-09 20:03 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-10 15:37 - 2014-03-08 21:43 - 00000448 _____ () C:\Windows\setupact.log
    2014-03-10 15:37 - 2014-02-27 02:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-03-10 15:37 - 2014-02-23 10:44 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-10 15:37 - 2011-10-04 11:19 - 00000000 ____D () C:\ProgramData\Kodak
    2014-03-10 15:37 - 2011-04-12 19:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-10 15:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-10 05:46 - 2011-04-12 19:13 - 00639474 _____ () C:\Windows\PFRO.log
    2014-03-09 21:00 - 2014-03-09 21:00 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-09 21:00 - 2014-03-09 21:00 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\AVAST Software
    2014-03-09 21:00 - 2014-03-09 20:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-09 20:59 - 2014-03-09 20:59 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-03-09 20:59 - 2014-03-09 20:59 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-03-09 20:59 - 2014-03-09 20:59 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-03-09 20:58 - 2014-03-09 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-03-09 20:33 - 2014-03-09 20:32 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{E8DCA3AF-3FAF-4916-96B0-4A85A13B1C98}
    2014-03-09 20:33 - 2011-07-30 22:23 - 00002248 _____ () C:\Users\Melinda\Desktop\My Movie.wlmp
    2014-03-09 20:12 - 2014-03-05 19:37 - 00000083 _____ () C:\Windows\system32\yeinljl.zmv
    2014-03-08 21:43 - 2014-03-08 21:43 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-08 20:10 - 2014-03-08 13:04 - 00007604 _____ () C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
    2014-03-08 18:13 - 2011-04-20 08:13 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\SoftGrid Client
    2014-03-08 16:27 - 2012-02-26 11:50 - 00000000 ____D () C:\Users\Melinda\Documents\TurboTax
    2014-03-07 16:28 - 2012-02-26 11:40 - 00001240 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2014-03-06 07:54 - 2011-03-24 02:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-03-06 07:52 - 2011-08-16 12:01 - 00000000 ____D () C:\Users\Melinda\AppData\Local\Downloaded Installations
    2014-03-06 07:51 - 2011-08-16 12:00 - 00034290 _____ () C:\Windows\DPINST.LOG
    2014-03-05 21:04 - 2013-12-09 12:58 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\.oit
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000064 _____ () C:\Windows\system32\zejun.ksd
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000000 _____ () C:\Windows\system32\vfxe.rne
    2014-03-05 19:11 - 2014-03-05 19:11 - 00268613 ____S () C:\Windows\system32\uxuru.kgk
    2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{19FE99FE-7C46-4847-ABD9-55BC5F440ADF}
    2014-03-05 08:10 - 2013-04-20 11:40 - 00000000 ____D () C:\Users\Melinda\Desktop\Cleanin invoices
    2014-03-04 03:30 - 2011-09-20 18:26 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-03 07:36 - 2014-03-03 07:36 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{0621C30C-412C-4F55-A68C-93FDD6640DC9}
    2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search
    2014-03-02 18:59 - 2014-02-22 17:34 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-03-02 18:59 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
    2014-02-28 20:58 - 2014-02-27 02:43 - 00000000 ____D () C:\Program Files (x86)\Bench
    2014-02-27 02:43 - 2014-02-27 02:42 - 00000000 ____D () C:\Program Files (x86)\runonce
    2014-02-27 02:43 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-02-27 02:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-02-25 23:45 - 2014-02-25 23:45 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{8ECF2A06-6771-4F9D-8464-90CC73234E53}
    2014-02-25 08:29 - 2014-02-25 08:29 - 00000000 ____D () C:\Users\Melinda\AppData\Local\SearchProtect
    2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{2AE8DC07-CB34-4E5F-B1C1-2BFA309F5AA8}
    2014-02-23 10:45 - 2014-02-23 10:44 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:45 - 2014-02-23 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:44 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-22 21:27 - 2014-02-22 21:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-02-22 21:27 - 2012-11-20 21:27 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-02-22 20:44 - 2012-11-19 10:48 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\Real
    2014-02-22 18:29 - 2013-12-26 21:10 - 00001096 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-02-22 18:27 - 2014-02-22 18:27 - 05814000 _____ (TeamViewer GmbH) C:\Users\Melinda\Downloads\TeamViewer_Setup_en (3).exe
    2014-02-22 18:26 - 2013-12-26 21:20 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\TeamViewer
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BrowserProtect
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\Browser Manager
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BitGuard
    2014-02-22 17:39 - 2014-02-22 17:39 - 00000000 ____D () C:\Users\Melinda\Documents\PC Speed Maximizer
    2014-02-22 17:35 - 2014-02-22 17:34 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG SafeGuard toolbar
    2014-02-22 17:34 - 2014-02-22 17:34 - 00003706 _____ () C:\Windows\System32\Tasks\pcreg
    2014-02-22 17:34 - 2014-02-22 17:34 - 00000000 ____D () C:\Program Files\pcreg
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Users\Melinda\Documents\My Cheat Tables
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\Linkey
    2014-02-21 10:24 - 2012-07-30 00:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-21 10:24 - 2012-07-30 00:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-21 10:24 - 2012-07-30 00:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-02-20 19:54 - 2014-02-20 19:54 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{533EB05E-52E6-4A40-A6F9-F3CE12C6BC90}
    2014-02-19 09:02 - 2013-05-11 08:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-02-15 21:13 - 2014-02-15 21:13 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
    2014-02-15 21:13 - 2012-02-26 11:38 - 00000000 ____D () C:\Program Files (x86)\TurboTax
    2014-02-15 21:11 - 2014-02-15 21:05 - 94656600 _____ () C:\Users\Melinda\Downloads\w_turbotax_1040_dlx_2013.120.0100.exe
    2014-02-15 14:22 - 2011-04-12 19:50 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-02-15 14:22 - 2011-04-12 19:50 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-02-15 04:01 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-15 04:00 - 2011-05-06 03:54 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{EBB3A552-43F6-4BB3-8B9A-C4D89AD008A4}

    Some content of TEMP:
    ====================
    C:\Users\Melinda\AppData\Local\Temp\file_to_run55823.exe
    C:\Users\Melinda\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Melinda\AppData\Local\Temp\_is93B6.exe
    C:\Users\Melinda\AppData\Local\Temp\_isF028.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 20:00] - [2009-07-13 21:41] - 0514048 ____A (Microsoft Corporation) 856CD2FC6A4C1CF5DD6BCA840C006E53

    ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-10 08:22

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-03-2014 01
    Ran by Melinda at 2014-03-10 19:53:15
    Running from C:\Users\Melinda\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
    aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
    Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
    center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
    CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
    ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.2.25 - Intuit)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1018 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
    TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3161 - Intuit Inc.) Hidden
    TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
    TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0218 - Intuit Inc.) Hidden
    TurboTax 2011 wmeiper (x32 Version: 011.000.1620 - Intuit Inc.) Hidden
    TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2013 - Intuit Inc.) Hidden
    TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
    TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
    TurboTax 2012 wmeiper (x32 Version: 012.000.1259 - Intuit Inc.) Hidden
    TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1835 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
    TurboTax 2013 wmeiper (x32 Version: 013.000.1187 - Intuit Inc.) Hidden
    TurboTax 2013 wnciper (x32 Version: 013.000.1199 - Intuit Inc.) Hidden
    TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    ValueApps (HKLM-x32\...\ValueApps) (Version: 1.1.1.1 - Conduit LTD) <==== ATTENTION
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2014-02-27 02:43 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
    54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {04128D4E-0600-42F7-81E4-8A6C23213E8C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0F236937-C52E-4789-A10A-B10C67721C34} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {258DCF6E-DB77-4537-9017-5F53FDE1FB74} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {334272AD-E475-49FB-B0AB-0F8F11961778} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
    Task: {4A0D337C-E101-4AC9-8A1E-A0F201CEEE0F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {5C994CF2-BBE9-43DC-A2CF-5705C1B5AE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
    Task: {79E5A79C-9A43-4F40-ACF1-50C727F39B8E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {921F2B01-4127-475F-AC17-05A27FD9976B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
    Task: {9255BD50-D7C0-4DAB-8D15-3E8D13E5490E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {99773A08-BF1D-43DA-B9AE-684727D9BFC7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {CCA2FC72-544F-4DBB-BA69-D96D83CB738D} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-02-19] ()
    Task: {DA766E21-CAC6-4072-AEA8-138DF4AFB2DB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-09] (AVAST Software)
    Task: {F5FCFA43-9CA5-41A6-ACDA-27F7E04EAECD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2014-02-22 17:33 - 2014-03-02 18:59 - 02539544 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    2014-01-20 22:07 - 2014-01-20 22:07 - 00025600 _____ () C:\Program Files\pcreg\pcreg.exe
    2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-03-02 18:59 - 2014-03-02 18:59 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
    2009-10-15 04:10 - 2009-10-15 04:10 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    2014-03-10 05:11 - 2014-03-10 04:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031000\algo.dll
    2014-03-10 19:38 - 2014-03-10 16:55 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031003\algo.dll
    2014-03-02 18:59 - 2014-03-02 18:59 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
    2014-03-09 20:59 - 2014-03-09 20:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2009-06-29 15:14 - 2009-06-29 15:14 - 00012288 _____ () C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
    2009-10-15 04:10 - 2009-10-15 04:10 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
    2009-09-28 01:52 - 2009-09-28 01:52 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Users\Melinda\Documents\cleaning invoices.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/10/2014 08:23:44 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/08/2014 03:54:21 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 8.0.7600.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1418

    Start Time: 01cf3b07057ecb7b

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 64d9b7c4-a6fb-11e3-ab4a-f04da25d6069

    Error: (03/08/2014 09:41:36 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800706b5, The interface is unknown.
    .

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
    ]

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800706b5, The interface is unknown.
    .

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
    ]

    Error: (03/07/2014 04:47:31 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_RpcEptMapper, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000055c8
    Faulting process id: 0x2fc
    Faulting application start time: 0xsvchost.exe_RpcEptMapper0
    Faulting application path: svchost.exe_RpcEptMapper1
    Faulting module path: svchost.exe_RpcEptMapper2
    Report Id: svchost.exe_RpcEptMapper3

    Error: (03/06/2014 07:51:52 AM) (Source: Microsoft-Windows-RestartManager) (User: MININT-PU3KMGO)
    Description: Application or service 'Internet Pass-Through Service' could not be restarted.

    Error: (03/05/2014 07:25:02 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 8.0.7600.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 8468

    Start Time: 01cf38c7e82744c0

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id:


    System errors:
    =============
    Error: (03/10/2014 03:37:10 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/10/2014 07:53:11 AM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/10/2014 05:53:40 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Update service hung on starting.

    Error: (03/10/2014 05:47:15 AM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/09/2014 08:02:25 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/09/2014 07:57:55 PM) (Source: Service Control Manager) (User: )
    Description: The DNS Client service failed to start due to the following error:
    %%1053

    Error: (03/09/2014 07:57:55 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the DNS Client service to connect.

    Error: (03/09/2014 07:57:50 PM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error:
    %%1056

    Error: (03/09/2014 07:56:55 PM) (Source: Service Control Manager) (User: )
    Description: The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:
    %%1068

    Error: (03/09/2014 07:56:55 PM) (Source: Service Control Manager) (User: )
    Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:
    %%1062


    Microsoft Office Sessions:
    =========================
    Error: (03/10/2014 08:23:44 AM) (Source: SideBySide)(User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

    Error: (03/08/2014 03:54:21 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe8.0.7600.17267141801cf3b07057ecb7b0C:\Program Files (x86)\Internet Explorer\iexplore.exe64d9b7c4-a6fb-11e3-ab4a-f04da25d6069

    Error: (03/08/2014 09:41:36 AM) (Source: SideBySide)(User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:47:31 PM) (Source: Application Error)(User: )
    Description: svchost.exe_RpcEptMapper6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000000055c82fc01cf39a8a5ab18baC:\Windows\system32\svchost.exeunknownb37be70a-a639-11e3-a85d-f04da25d6069

    Error: (03/06/2014 07:51:52 AM) (Source: Microsoft-Windows-RestartManager)(User: MININT-PU3KMGO)
    Description: 0PassThruSvr.exeInternet Pass-Through Service03026217823560

    Error: (03/05/2014 07:25:02 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe8.0.7600.17267846801cf38c7e82744c00C:\Program Files (x86)\Internet Explorer\iexplore.exe


    ==================== Memory info ===========================

    Percentage of memory in use: 40%
    Total physical RAM: 5940.52 MB
    Available physical RAM: 3563.7 MB
    Total Pagefile: 11879.18 MB
    Available Pagefile: 9264.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:396.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.69 GB) NTFS
    Drive e: (TurboTax Promo) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 08931B96)
    Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  6. The Following User Says Thank You to lions6281 For This Useful Post:


  7. #4
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Default

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-03-2014 01
    Ran by Melinda (administrator) on MININT-PU3KMGO on 10-03-2014 19:52:52
    Running from C:\Users\Melinda\Desktop
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
    Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\system32\WLANExt.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
    () C:\Program Files\pcreg\pcreg.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1882920 2009-11-12] (Synaptics Incorporated)
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
    HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
    HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
    HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
    HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-03] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2539544 2014-03-02] ()
    HKLM-x32\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-09] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [C3] - C:\Program Files (x86)\Vivox\C3\c3.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-19] (SUPERAntiSpyware)
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {2522b59a-343b-11e1-96b4-f04da25d6069} - F:\TL_Bootstrap.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {6444c980-55eb-11e0-a0b3-806e6f6e6963} - E:\TurboTax_Promotional_CD.exe
    HKU\S-1-5-21-1619446469-1359094392-3265901077-1003\...\MountPoints2: {c2ad2bca-4c0f-11e2-8327-f04da25d6069} - F:\iLinker.exe
    AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found
    AppInit_DLLs: c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll => c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll File Not Found
    AppInit_DLLs: c:\progra~3\wincert\win64c~1.dll => c:\progra~3\wincert\win64c~1.dll File Not Found
    AppInit_DLLs: c:\progra~2\linkey\ieexte~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=f1f30145-415f-488f-9f61-39b76a7a2022&searchtype=ds&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {1D2AD774-4942-425E-AD03-EC65E04ACA4E} URL = http://websearch.ask.com/redirect?client=ie&tb=LPY&o=100000042&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=V8&apn_dtid=YYYYYYYYUS&apn_uid=428cf9f8-da62-424b-8622-0b46f74fbf3a&apn_sauid=667024A4-2512-41E7-AEB2-024440925C29&
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    Chrome:
    =======
    CHR HomePage:
    CHR DefaultSearchKeyword: ask.com
    CHR DefaultSearchProvider: default-search.net
    CHR DefaultSearchURL: http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    CHR DefaultNewTabURL:
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Display Engine v2) - C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (YouTube) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-29]
    CHR Extension: (Google Search) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-29]
    CHR Extension: (avast! Online Security) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-09]
    CHR Extension: (RealDownloader) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-03]
    CHR Extension: (VideoDownloadConverter) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmljihjgjdghdhggolmhbjekicljfci [2014-01-28]
    CHR Extension: (Google Wallet) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\Melinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-29]
    CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-09]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143088 2013-05-07] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-09] (AVAST Software)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
    R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [25600 2014-01-20] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-02] (AVG Secure Search)

    ==================== Drivers (Whitelisted) ====================

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-09] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-09] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-09] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-09] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-09] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
    R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [66600 2009-12-22] (Atheros Communications, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-10 19:52 - 2014-03-10 19:53 - 00019130 _____ () C:\Users\Melinda\Desktop\FRST.txt
    2014-03-10 19:52 - 2014-03-10 19:52 - 00000000 ____D () C:\FRST
    2014-03-10 19:51 - 2014-03-10 19:52 - 02157056 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
    2014-03-10 15:53 - 2014-03-10 17:23 - 00011374 _____ () C:\Users\Melinda\Desktop\hijackthis.log
    2014-03-10 15:53 - 2014-03-10 15:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Melinda\Desktop\HijackThis.exe
    2014-03-10 15:37 - 2014-03-10 15:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG Secure Search
    2014-03-09 21:00 - 2014-03-09 21:00 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-09 21:00 - 2014-03-09 21:00 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\AVAST Software
    2014-03-09 20:59 - 2014-03-09 21:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-09 20:59 - 2014-03-09 20:59 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-03-09 20:59 - 2014-03-09 20:59 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-03-09 20:59 - 2014-03-09 20:59 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-03-09 20:58 - 2014-03-09 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-03-09 20:32 - 2014-03-09 20:33 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{E8DCA3AF-3FAF-4916-96B0-4A85A13B1C98}
    2014-03-09 20:03 - 2014-03-10 15:37 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-08 21:43 - 2014-03-10 15:37 - 00000448 _____ () C:\Windows\setupact.log
    2014-03-08 21:43 - 2014-03-08 21:43 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-08 13:04 - 2014-03-08 20:10 - 00007604 _____ () C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
    2014-03-05 19:37 - 2014-03-09 20:12 - 00000083 _____ () C:\Windows\system32\yeinljl.zmv
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000064 _____ () C:\Windows\system32\zejun.ksd
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000000 _____ () C:\Windows\system32\vfxe.rne
    2014-03-05 19:11 - 2014-03-05 19:11 - 00268613 ____S () C:\Windows\system32\uxuru.kgk
    2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{19FE99FE-7C46-4847-ABD9-55BC5F440ADF}
    2014-03-03 07:36 - 2014-03-03 07:36 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{0621C30C-412C-4F55-A68C-93FDD6640DC9}
    2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search
    2014-02-27 02:43 - 2014-03-10 15:37 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-02-27 02:43 - 2014-02-28 20:58 - 00000000 ____D () C:\Program Files (x86)\Bench
    2014-02-27 02:42 - 2014-02-27 02:43 - 00000000 ____D () C:\Program Files (x86)\runonce
    2014-02-25 23:45 - 2014-02-25 23:45 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{8ECF2A06-6771-4F9D-8464-90CC73234E53}
    2014-02-25 08:29 - 2014-02-25 08:29 - 00000000 ____D () C:\Users\Melinda\AppData\Local\SearchProtect
    2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{2AE8DC07-CB34-4E5F-B1C1-2BFA309F5AA8}
    2014-02-23 10:44 - 2014-03-10 15:37 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:45 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:45 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:44 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-22 21:27 - 2014-02-22 21:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-02-22 18:27 - 2014-02-22 18:27 - 05814000 _____ (TeamViewer GmbH) C:\Users\Melinda\Downloads\TeamViewer_Setup_en (3).exe
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BrowserProtect
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\Browser Manager
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BitGuard
    2014-02-22 17:39 - 2014-02-22 17:39 - 00000000 ____D () C:\Users\Melinda\Documents\PC Speed Maximizer
    2014-02-22 17:34 - 2014-03-02 18:59 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-02-22 17:34 - 2014-02-22 17:35 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG SafeGuard toolbar
    2014-02-22 17:34 - 2014-02-22 17:34 - 00003706 _____ () C:\Windows\System32\Tasks\pcreg
    2014-02-22 17:34 - 2014-02-22 17:34 - 00000000 ____D () C:\Program Files\pcreg
    2014-02-22 17:33 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Users\Melinda\Documents\My Cheat Tables
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\Linkey
    2014-02-22 17:33 - 2013-11-13 23:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
    2014-02-20 19:54 - 2014-02-20 19:54 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{533EB05E-52E6-4A40-A6F9-F3CE12C6BC90}
    2014-02-15 21:13 - 2014-02-15 21:13 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
    2014-02-15 21:05 - 2014-02-15 21:11 - 94656600 _____ () C:\Users\Melinda\Downloads\w_turbotax_1040_dlx_2013.120.0100.exe
    2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{EBB3A552-43F6-4BB3-8B9A-C4D89AD008A4}

    ==================== One Month Modified Files and Folders =======

    2014-03-10 19:53 - 2014-03-10 19:52 - 00019130 _____ () C:\Users\Melinda\Desktop\FRST.txt
    2014-03-10 19:52 - 2014-03-10 19:52 - 00000000 ____D () C:\FRST
    2014-03-10 19:52 - 2014-03-10 19:51 - 02157056 _____ (Farbar) C:\Users\Melinda\Desktop\FRST64.exe
    2014-03-10 19:27 - 2011-04-12 19:50 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-03-10 19:24 - 2012-07-30 00:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-03-10 17:24 - 2012-12-22 20:34 - 00000000 ____D () C:\Users\Melinda\Desktop\help2go
    2014-03-10 17:23 - 2014-03-10 15:53 - 00011374 _____ () C:\Users\Melinda\Desktop\hijackthis.log
    2014-03-10 15:53 - 2014-03-10 15:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Melinda\Desktop\HijackThis.exe
    2014-03-10 15:44 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-10 15:44 - 2009-07-14 00:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-10 15:41 - 2011-03-24 01:55 - 01572471 _____ () C:\Windows\WindowsUpdate.log
    2014-03-10 15:41 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-10 15:37 - 2014-03-10 15:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG Secure Search
    2014-03-10 15:37 - 2014-03-09 20:03 - 00003248 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-10 15:37 - 2014-03-08 21:43 - 00000448 _____ () C:\Windows\setupact.log
    2014-03-10 15:37 - 2014-02-27 02:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2014-03-10 15:37 - 2014-02-23 10:44 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-03-10 15:37 - 2011-10-04 11:19 - 00000000 ____D () C:\ProgramData\Kodak
    2014-03-10 15:37 - 2011-04-12 19:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-03-10 15:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-10 05:46 - 2011-04-12 19:13 - 00639474 _____ () C:\Windows\PFRO.log
    2014-03-09 21:00 - 2014-03-09 21:00 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-03-09 21:00 - 2014-03-09 21:00 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\AVAST Software
    2014-03-09 21:00 - 2014-03-09 20:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-03-09 20:59 - 2014-03-09 20:59 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-03-09 20:59 - 2014-03-09 20:59 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-03-09 20:59 - 2014-03-09 20:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-03-09 20:59 - 2014-03-09 20:59 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-03-09 20:58 - 2014-03-09 20:58 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-03-09 20:33 - 2014-03-09 20:32 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{E8DCA3AF-3FAF-4916-96B0-4A85A13B1C98}
    2014-03-09 20:33 - 2011-07-30 22:23 - 00002248 _____ () C:\Users\Melinda\Desktop\My Movie.wlmp
    2014-03-09 20:12 - 2014-03-05 19:37 - 00000083 _____ () C:\Windows\system32\yeinljl.zmv
    2014-03-08 21:43 - 2014-03-08 21:43 - 00000000 _____ () C:\Windows\setuperr.log
    2014-03-08 20:10 - 2014-03-08 13:04 - 00007604 _____ () C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
    2014-03-08 18:13 - 2011-04-20 08:13 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\SoftGrid Client
    2014-03-08 16:27 - 2012-02-26 11:50 - 00000000 ____D () C:\Users\Melinda\Documents\TurboTax
    2014-03-07 16:28 - 2012-02-26 11:40 - 00001240 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2014-03-06 07:54 - 2011-03-24 02:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-03-06 07:52 - 2011-08-16 12:01 - 00000000 ____D () C:\Users\Melinda\AppData\Local\Downloaded Installations
    2014-03-06 07:51 - 2011-08-16 12:00 - 00034290 _____ () C:\Windows\DPINST.LOG
    2014-03-05 21:04 - 2013-12-09 12:58 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\.oit
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000064 _____ () C:\Windows\system32\zejun.ksd
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000000 _____ () C:\Windows\system32\vfxe.rne
    2014-03-05 19:11 - 2014-03-05 19:11 - 00268613 ____S () C:\Windows\system32\uxuru.kgk
    2014-03-05 08:11 - 2014-03-05 08:11 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{19FE99FE-7C46-4847-ABD9-55BC5F440ADF}
    2014-03-05 08:10 - 2013-04-20 11:40 - 00000000 ____D () C:\Users\Melinda\Desktop\Cleanin invoices
    2014-03-04 03:30 - 2011-09-20 18:26 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-03-03 07:36 - 2014-03-03 07:36 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{0621C30C-412C-4F55-A68C-93FDD6640DC9}
    2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\AVG Secure Search
    2014-03-02 18:59 - 2014-02-22 17:34 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
    2014-03-02 18:59 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
    2014-02-28 20:58 - 2014-02-27 02:43 - 00000000 ____D () C:\Program Files (x86)\Bench
    2014-02-27 02:43 - 2014-02-27 02:42 - 00000000 ____D () C:\Program Files (x86)\runonce
    2014-02-27 02:43 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-02-27 02:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-02-25 23:45 - 2014-02-25 23:45 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{8ECF2A06-6771-4F9D-8464-90CC73234E53}
    2014-02-25 08:29 - 2014-02-25 08:29 - 00000000 ____D () C:\Users\Melinda\AppData\Local\SearchProtect
    2014-02-25 07:55 - 2014-02-25 07:55 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{2AE8DC07-CB34-4E5F-B1C1-2BFA309F5AA8}
    2014-02-23 10:45 - 2014-02-23 10:44 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:45 - 2014-02-23 10:44 - 00003226 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-23 10:44 - 2014-02-23 10:44 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003
    2014-02-22 21:27 - 2014-02-22 21:27 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-02-22 21:27 - 2012-11-20 21:27 - 00001937 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2014-02-22 20:44 - 2012-11-19 10:48 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\Real
    2014-02-22 18:29 - 2013-12-26 21:10 - 00001096 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-02-22 18:27 - 2014-02-22 18:27 - 05814000 _____ (TeamViewer GmbH) C:\Users\Melinda\Downloads\TeamViewer_Setup_en (3).exe
    2014-02-22 18:26 - 2013-12-26 21:20 - 00000000 ____D () C:\Users\Melinda\AppData\Roaming\TeamViewer
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BrowserProtect
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\Browser Manager
    2014-02-22 18:03 - 2014-02-22 18:03 - 00000000 ____D () C:\ProgramData\BitGuard
    2014-02-22 17:39 - 2014-02-22 17:39 - 00000000 ____D () C:\Users\Melinda\Documents\PC Speed Maximizer
    2014-02-22 17:35 - 2014-02-22 17:34 - 00000000 ____D () C:\Users\Melinda\AppData\Local\AVG SafeGuard toolbar
    2014-02-22 17:34 - 2014-02-22 17:34 - 00003706 _____ () C:\Windows\System32\Tasks\pcreg
    2014-02-22 17:34 - 2014-02-22 17:34 - 00000000 ____D () C:\Program Files\pcreg
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Users\Melinda\Documents\My Cheat Tables
    2014-02-22 17:33 - 2014-02-22 17:33 - 00000000 ____D () C:\Program Files (x86)\Linkey
    2014-02-21 10:24 - 2012-07-30 00:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-21 10:24 - 2012-07-30 00:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-21 10:24 - 2012-07-30 00:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-02-20 19:54 - 2014-02-20 19:54 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{533EB05E-52E6-4A40-A6F9-F3CE12C6BC90}
    2014-02-19 09:02 - 2013-05-11 08:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-02-15 21:13 - 2014-02-15 21:13 - 00002513 _____ () C:\Users\Public\Desktop\TurboTax 2013.lnk
    2014-02-15 21:13 - 2012-02-26 11:38 - 00000000 ____D () C:\Program Files (x86)\TurboTax
    2014-02-15 21:11 - 2014-02-15 21:05 - 94656600 _____ () C:\Users\Melinda\Downloads\w_turbotax_1040_dlx_2013.120.0100.exe
    2014-02-15 14:22 - 2011-04-12 19:50 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-02-15 14:22 - 2011-04-12 19:50 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-02-15 04:01 - 2013-08-15 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-02-15 04:00 - 2011-05-06 03:54 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-02-13 17:37 - 2014-02-13 17:37 - 00000000 ____D () C:\Users\Melinda\AppData\Local\{EBB3A552-43F6-4BB3-8B9A-C4D89AD008A4}

    Some content of TEMP:
    ====================
    C:\Users\Melinda\AppData\Local\Temp\file_to_run55823.exe
    C:\Users\Melinda\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Melinda\AppData\Local\Temp\_is93B6.exe
    C:\Users\Melinda\AppData\Local\Temp\_isF028.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 20:00] - [2009-07-13 21:41] - 0514048 ____A (Microsoft Corporation) 856CD2FC6A4C1CF5DD6BCA840C006E53

    ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-10 08:22

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-03-2014 01
    Ran by Melinda at 2014-03-10 19:53:15
    Running from C:\Users\Melinda\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
    aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
    Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
    center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
    CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)
    ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden
    Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.2.25 - Intuit)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1018 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.15.0 - Synaptics Incorporated)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
    TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
    TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3161 - Intuit Inc.) Hidden
    TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496 - Intuit Inc.) Hidden
    TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0218 - Intuit Inc.) Hidden
    TurboTax 2011 wmeiper (x32 Version: 011.000.1620 - Intuit Inc.) Hidden
    TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2013 - Intuit Inc.) Hidden
    TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
    TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
    TurboTax 2012 wmeiper (x32 Version: 012.000.1259 - Intuit Inc.) Hidden
    TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1835 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
    TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
    TurboTax 2013 wmeiper (x32 Version: 013.000.1187 - Intuit Inc.) Hidden
    TurboTax 2013 wnciper (x32 Version: 013.000.1199 - Intuit Inc.) Hidden
    TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    ValueApps (HKLM-x32\...\ValueApps) (Version: 1.1.1.1 - Conduit LTD) <==== ATTENTION
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2014-02-27 02:43 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
    54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {04128D4E-0600-42F7-81E4-8A6C23213E8C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0F236937-C52E-4789-A10A-B10C67721C34} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {258DCF6E-DB77-4537-9017-5F53FDE1FB74} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {334272AD-E475-49FB-B0AB-0F8F11961778} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
    Task: {4A0D337C-E101-4AC9-8A1E-A0F201CEEE0F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {5C994CF2-BBE9-43DC-A2CF-5705C1B5AE63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
    Task: {79E5A79C-9A43-4F40-ACF1-50C727F39B8E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {921F2B01-4127-475F-AC17-05A27FD9976B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12] (Google Inc.)
    Task: {9255BD50-D7C0-4DAB-8D15-3E8D13E5490E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {99773A08-BF1D-43DA-B9AE-684727D9BFC7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {CCA2FC72-544F-4DBB-BA69-D96D83CB738D} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-02-19] ()
    Task: {DA766E21-CAC6-4072-AEA8-138DF4AFB2DB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-09] (AVAST Software)
    Task: {F5FCFA43-9CA5-41A6-ACDA-27F7E04EAECD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1619446469-1359094392-3265901077-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-10-15 04:10 - 2009-10-15 04:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2014-02-22 17:33 - 2014-03-02 18:59 - 02539544 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    2014-01-20 22:07 - 2014-01-20 22:07 - 00025600 _____ () C:\Program Files\pcreg\pcreg.exe
    2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-03-02 18:59 - 2014-03-02 18:59 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
    2009-10-15 04:10 - 2009-10-15 04:10 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    2014-03-10 05:11 - 2014-03-10 04:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031000\algo.dll
    2014-03-10 19:38 - 2014-03-10 16:55 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031003\algo.dll
    2014-03-02 18:59 - 2014-03-02 18:59 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
    2014-03-09 20:59 - 2014-03-09 20:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2009-06-29 15:14 - 2009-06-29 15:14 - 00012288 _____ () C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
    2009-10-15 04:10 - 2009-10-15 04:10 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
    2009-09-28 01:52 - 2009-09-28 01:52 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Users\Melinda\Documents\cleaning invoices.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/10/2014 08:23:44 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/08/2014 03:54:21 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 8.0.7600.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1418

    Start Time: 01cf3b07057ecb7b

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 64d9b7c4-a6fb-11e3-ab4a-f04da25d6069

    Error: (03/08/2014 09:41:36 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800706b5, The interface is unknown.
    .

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
    ]

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x800706b5, The interface is unknown.
    .

    Error: (03/07/2014 04:53:11 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800706b5, The interface is unknown.
    ]

    Error: (03/07/2014 04:47:31 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe_RpcEptMapper, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000000055c8
    Faulting process id: 0x2fc
    Faulting application start time: 0xsvchost.exe_RpcEptMapper0
    Faulting application path: svchost.exe_RpcEptMapper1
    Faulting module path: svchost.exe_RpcEptMapper2
    Report Id: svchost.exe_RpcEptMapper3

    Error: (03/06/2014 07:51:52 AM) (Source: Microsoft-Windows-RestartManager) (User: MININT-PU3KMGO)
    Description: Application or service 'Internet Pass-Through Service' could not be restarted.

    Error: (03/05/2014 07:25:02 PM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 8.0.7600.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 8468

    Start Time: 01cf38c7e82744c0

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id:


    System errors:
    =============
    Error: (03/10/2014 03:37:10 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/10/2014 07:53:11 AM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/10/2014 05:53:40 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Update service hung on starting.

    Error: (03/10/2014 05:47:15 AM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/09/2014 08:02:25 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (03/09/2014 07:57:55 PM) (Source: Service Control Manager) (User: )
    Description: The DNS Client service failed to start due to the following error:
    %%1053

    Error: (03/09/2014 07:57:55 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the DNS Client service to connect.

    Error: (03/09/2014 07:57:50 PM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RPC Endpoint Mapper service, but this action failed with the following error:
    %%1056

    Error: (03/09/2014 07:56:55 PM) (Source: Service Control Manager) (User: )
    Description: The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error:
    %%1068

    Error: (03/09/2014 07:56:55 PM) (Source: Service Control Manager) (User: )
    Description: The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error:
    %%1062


    Microsoft Office Sessions:
    =========================
    Error: (03/10/2014 08:23:44 AM) (Source: SideBySide)(User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

    Error: (03/08/2014 03:54:21 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe8.0.7600.17267141801cf3b07057ecb7b0C:\Program Files (x86)\Internet Explorer\iexplore.exe64d9b7c4-a6fb-11e3-ab4a-f04da25d6069

    Error: (03/08/2014 09:41:36 AM) (Source: SideBySide)(User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: CoCreateInstance0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:53:11 PM) (Source: VSS)(User: )
    Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800706b5, The interface is unknown.

    Error: (03/07/2014 04:47:31 PM) (Source: Application Error)(User: )
    Description: svchost.exe_RpcEptMapper6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000000055c82fc01cf39a8a5ab18baC:\Windows\system32\svchost.exeunknownb37be70a-a639-11e3-a85d-f04da25d6069

    Error: (03/06/2014 07:51:52 AM) (Source: Microsoft-Windows-RestartManager)(User: MININT-PU3KMGO)
    Description: 0PassThruSvr.exeInternet Pass-Through Service03026217823560

    Error: (03/05/2014 07:25:02 PM) (Source: Application Hang)(User: )
    Description: iexplore.exe8.0.7600.17267846801cf38c7e82744c00C:\Program Files (x86)\Internet Explorer\iexplore.exe


    ==================== Memory info ===========================

    Percentage of memory in use: 40%
    Total physical RAM: 5940.52 MB
    Available physical RAM: 3563.7 MB
    Total Pagefile: 11879.18 MB
    Available Pagefile: 9264.19 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:396.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.69 GB) NTFS
    Drive e: (TurboTax Promo) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 08931B96)
    Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  8. The Following User Says Thank You to lions6281 For This Useful Post:


  9. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    We need to find a replacement file on your system

    Please do the following:

    • Run FRST64.
    • Type the following in the edit box after "Search:"

      rpcss.dll


    Click Search button and post the log it makes to your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. The Following User Says Thank You to fireman4it For This Useful Post:


  11. #6
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Default

    Here it is


    Farbar Recovery Scan Tool (x64) Version: 10-03-2014 01
    Ran by Melinda at 2014-03-12 06:51:15
    Running from C:\Users\Melinda\Desktop
    Boot Mode: Normal

    ================== Search: "rpcss.dll" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 20:00] - [2009-07-13 21:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

    C:\Windows\System32\rpcss.dll
    [2009-07-13 20:00] - [2009-07-13 21:41] - 0514048 ____A (Microsoft Corporation) 856CD2FC6A4C1CF5DD6BCA840C006E53

    ====== End Of Search ======

  12. The Following User Says Thank You to lions6281 For This Useful Post:


  13. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  14. The Following User Says Thank You to fireman4it For This Useful Post:


  15. #8
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Default

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2014 01
    Ran by Melinda at 2014-03-13 02:52:33 Run:1
    Running from C:\Users\Melinda\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll

    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found
    AppInit_DLLs: c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll => c:\progra~2\searchprotect\searchprotect\bin\spvc64loader.dll File Not Found
    AppInit_DLLs: c:\progra~3\wincert\win64c~1.dll => c:\progra~3\wincert\win64c~1.dll File Not Found
    AppInit_DLLs: c:\progra~2\linkey\ieexte~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
    HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2539544 2014-03-02] ()
    earchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=f1f30145-415f-488f-9f61-39b76a7a2022&searchtype=ds&q={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {1D2AD774-4942-425E-AD03-EC65E04ACA4E} URL = http://websearch.ask.com/redirect?client=ie&tb=LPY&o=100000042&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=V8&apn_dtid=YYYYYYYYUS&apn_uid=428cf9f8-da62-424b-8622-0b46f74fbf3a&apn_sauid=667024A4-2512-41E7-AEB2-024440925C29&
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
    Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
    CHR DefaultSearchKeyword: ask.com
    CHR DefaultSearchProvider: default-search.net
    CHR DefaultSearchURL: http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms}
    CHR Plugin: (Display Engine v2) - C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll ( )
    CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
    R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [25600 2014-01-20] ()
    HKLM-x32\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    HKLM\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90192 2014-02-19] ()
    C:\Program Files\pcreg
    2014-03-05 19:37 - 2014-03-09 20:12 - 00000083 _____ () C:\Windows\system32\yeinljl.zmv
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000064 _____ () C:\Windows\system32\zejun.ksd
    2014-03-05 19:27 - 2014-03-05 19:27 - 00000000 _____ () C:\Windows\system32\vfxe.rne
    2014-03-05 19:11 - 2014-03-05 19:11 - 00268613 ____S () C:\Windows\system32\uxuru.kgk
    C:\Users\Melinda\AppData\Local\Temp\file_to_run55823.exe
    C:\Users\Melinda\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Melinda\AppData\Local\Temp\_is93B6.exe
    C:\Users\Melinda\AppData\Local\Temp\_isF028.exe
    Task: {CCA2FC72-544F-4DBB-BA69-D96D83CB738D} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-02-19] ()





    *****************

    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "c:\\progra~2\\settin~1\\systemk\\x64\\syskldr.dll" => Value Data removed successfully.
    "c:\\progra~2\\searchprotect\\searchprotect\\bin\\spvc64loader.dll" => Value Data removed successfully.
    "c:\\progra~3\\wincert\\win64c~1.dll" => Value Data removed successfully.
    "c:\\progra~2\\linkey\\ieexte~1\\iedll64.dll" => Value Data removed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
    HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D2AD774-4942-425E-AD03-EC65E04ACA4E} => Key deleted successfully.
    HKCR\CLSID\{1D2AD774-4942-425E-AD03-EC65E04ACA4E} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
    HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
    HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
    HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
    HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
    HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    CHR DefaultSearchKeyword: ask.com ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchProvider: default-search.net ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchURL: http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11471&tm=266&src=ds&p={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
    C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll => Moved successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Key deleted successfully.
    C:\ProgramData\ValueApps\CH\ValueApps.crx => Moved successfully.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
    HKCU\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Key deleted successfully.
    "C:\ProgramData\ValueApps\CH\ValueApps.crx" => File/Directory not found.
    pcregservice => Service stopped successfully.
    pcregservice => Service deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
    C:\Program Files\pcreg => Moved successfully.
    C:\Windows\system32\yeinljl.zmv => Moved successfully.
    C:\Windows\system32\zejun.ksd => Moved successfully.
    Could not move "C:\Windows\system32\vfxe.rne" => Scheduled to move on reboot.
    Could not move "C:\Windows\system32\uxuru.kgk" => Scheduled to move on reboot.
    C:\Users\Melinda\AppData\Local\Temp\file_to_run55823.exe => Moved successfully.
    C:\Users\Melinda\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
    C:\Users\Melinda\AppData\Local\Temp\_is93B6.exe => Moved successfully.
    C:\Users\Melinda\AppData\Local\Temp\_isF028.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCA2FC72-544F-4DBB-BA69-D96D83CB738D} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCA2FC72-544F-4DBB-BA69-D96D83CB738D} => Key deleted successfully.
    C:\Windows\System32\Tasks\pcreg => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-13 02:54:24)<=

    C:\Windows\system32\vfxe.rne => Is moved successfully.
    C:\Windows\system32\uxuru.kgk => Is moved successfully.

    ==== End of Fixlog ====

  16. The Following User Says Thank You to lions6281 For This Useful Post:


  17. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
      "Run as administrator"
    • Click the Scan button.
    • Once the scan has finished click the Clean button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[S1].txt.



    2.
    Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

    Please download Junkware Removal Tool to your desktop.

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next Reply.


    Things to include in your next reply::
    AdwCleaner log
    JRT.txt
    How is the machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  18. The Following User Says Thank You to fireman4it For This Useful Post:


  19. #10
    Member
    Join Date
    Feb 2010
    Location
    Searsmont Maine
    Posts
    15
    Points
    6

    Default

    its working much better and no music running in the background.
    thanks for all your help.

    Ryan

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Melinda on Fri 03/14/2014 at 13:53:19.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 03/14/2014 at 14:01:38.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v3.022 - Report created 14/03/2014 at 07:02:07
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium (64 bits)
    # Username : Melinda - MININT-PU3KMGO
    # Running from : C:\Users\Melinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EA9SFCRR\adwcleaner[2].exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Melinda\AppData\Local\AVG SafeGuard toolbar

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7600.17267


    *************************

    AdwCleaner[R0].txt - [8625 octets] - [14/03/2014 06:38:20]
    AdwCleaner[R1].txt - [891 octets] - [14/03/2014 07:00:00]
    AdwCleaner[S0].txt - [8443 octets] - [14/03/2014 06:39:10]
    AdwCleaner[S1].txt - [817 octets] - [14/03/2014 07:02:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [876 octets] ########

  20. The Following User Says Thank You to lions6281 For This Useful Post:


Page 1 of 2 12 LastLast