Solved virus on ie??? hijackthis log

ttorres66 · 2013/08/09

[Resolved] virus on ie??? hijackthis log

[HJT log removed by Broni].....

broni · 2013/08/09

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Please don't create multiple topics concerning same computer.
Because you're a new member some of your initial posts will be moderated.
You won't see them until they're approved by one of staff members.

We don't use HJT anymore.

Please describe your computer problems.

ttorres66 · 2013/08/09

thank you for your reply
i cant download any programs on this computer. they show that they download but dissapear and wont run. i have to download on a different computer and transfer the program with a external hard drive

broni · 2013/08/09

What Windows version is it?

ttorres66 · 2013/08/09

windows vista 32 bit

broni · 2013/08/09

NOTE 1. Use another working computer to download following tool.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

[color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

[color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

[color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

ttorres66 · 2013/08/10

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013
Ran by Owner (administrator) on 10-08-2013 04:53:36
Running from E:\
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [358312 2012-02-01] ()
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-694814-2283483923-3228598378-1000\$e8d8825f6783f2b3ea6831ac4a6981d0\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {59df9452-c848-11e0-82a7-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {cfadeb82-0194-11e3-8bf3-001f16e33221} - G:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NuvaTime.lnk
ShortcutTarget: NuvaTime.lnk -> C:\Program Files\NuvaTime\NuvaTime.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j2vkd1gl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-08] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-08] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-08] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-18] (LeapFrog)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 22:05 - 2013-08-09 22:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 20:12 - 2013-08-09 20:13 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-08 22:04 - 2013-08-10 04:19 - 00006427 _____ C:\Windows\IE9_main.log
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:43 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:34 - 2013-08-08 21:35 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:29 - 2013-08-08 21:30 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:29 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:50 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-08 19:50 - 2013-05-08 00:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-08 19:50 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-08 19:50 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-08-08 19:49 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-08 19:49 - 2013-05-29 07:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-08 19:49 - 2013-05-29 07:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-08 19:49 - 2013-05-29 05:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-08 19:49 - 2013-05-29 04:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-08 19:49 - 2013-05-29 04:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-08 19:49 - 2013-05-29 04:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-08 19:49 - 2013-05-29 04:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-08 19:49 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-08 19:49 - 2013-05-02 18:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-08 19:49 - 2013-05-02 18:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-08 19:49 - 2013-04-24 00:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-08 19:49 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-08 19:49 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-08 19:49 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-08 19:49 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-08 19:49 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== One Month Modified Files and Folders =======

2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\FRST
2013-08-10 04:48 - 2006-11-02 06:33 - 00694964 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 04:40 - 2009-04-11 08:37 - 02071397 _____ C:\Windows\WindowsUpdate.log
2013-08-10 04:35 - 2011-11-16 00:15 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-10 04:35 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 04:35 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-10 04:35 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-10 04:29 - 2006-11-02 09:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 04:19 - 2013-08-08 22:04 - 00006427 _____ C:\Windows\IE9_main.log
2013-08-10 04:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-09 22:07 - 2013-08-09 22:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 21:58 - 2011-11-16 00:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 21:51 - 2012-04-07 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 20:30 - 2011-08-16 15:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BatteryBar
2013-08-09 20:13 - 2013-08-09 20:12 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-09 20:11 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-08-08 22:08 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-08-08 22:03 - 2011-10-15 21:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-08-08 22:03 - 2011-08-28 14:49 - 00000000 ____D C:\Windows\Minidump
2013-08-08 22:03 - 2011-08-16 17:42 - 00000000 ____D C:\Windows\Panther
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:51 - 2012-04-07 20:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-08 21:51 - 2011-08-16 15:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:49 - 2011-08-18 21:02 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:42 - 2012-04-28 14:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-08 21:38 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner
2013-08-08 21:35 - 2013-08-08 21:34 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:30 - 2013-08-08 21:29 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-08 21:29 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-08 21:17 - 2011-11-16 00:14 - 00000000 ____D C:\Program Files\Google
2013-08-08 21:17 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:18 - 2011-11-16 00:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-08-08 20:18 - 2011-11-16 00:14 - 00000000 ____D C:\ProgramData\Google
2013-08-08 20:12 - 2006-11-02 08:47 - 00282288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-08 20:08 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-08-08 20:04 - 2011-08-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:56 - 2011-08-17 20:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-08 19:52 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-10 04:41

==================== End Of Log ============================

ttorres66 · 2013/08/10

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-08-2013
Ran by Owner at 2013-08-10 04:54:16
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BatteryBar (remove only)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 4.04)
Conexant HD Audio (Version: 4.58.0.0)
Epson Connect
Epson Connect Printer Setup (Version: 1.1.1)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (Version: 3.01.0000)
EPSON Scan
EPSON XP-400 Series Printer Uninstall
EpsonNet Print (Version: 2.5.00)
ffdshow v1.1.3562 [2010-09-07] (Version: 1.1.3562.0)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.153)
HDAUDIO Soft Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
iTunes (Version: 11.0.4.4)
Java(TM) 6 Update 26 (Version: 6.0.260)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
Learning Lodge Navigator
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
NetWaiting (Version: 2.5.52)
NuvaTime (Version: 1.0)
NVIDIA Drivers
OpenOffice.org 3.3 (Version: 3.3.9567)
PhotoScape
Picasa 3 (Version: 3.9)
PowerDVD
QuickTime (Version: 7.74.80.86)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Skype Click to Call (Version: 5.6.8442)
Skypeâ„¢ 6.0 (Version: 6.0.126)
Software Updater (Version: 4.1.1)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
VLC media player 1.1.10 (Version: 1.1.10)
VTech Download Agent Library (Version: 1.00.0000)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
WinRAR archiver
Wise Disk Cleaner 6.15
Yahoo! Detect

==================== Restore Points =========================

16-05-2013 07:00:23 Windows Update
17-05-2013 17:50:17 Windows Update
18-05-2013 07:01:12 Windows Update
19-05-2013 07:01:23 Windows Update
20-05-2013 07:00:55 Windows Update
21-05-2013 07:01:01 Windows Update
22-05-2013 07:01:06 Windows Update
23-05-2013 07:01:02 Windows Update
24-05-2013 07:01:00 Windows Update
25-05-2013 07:01:05 Windows Update
26-05-2013 07:00:58 Windows Update
27-05-2013 07:00:57 Windows Update
28-05-2013 07:01:10 Windows Update
29-05-2013 07:01:04 Windows Update
30-05-2013 07:01:07 Windows Update
31-05-2013 07:01:08 Windows Update
01-06-2013 07:01:08 Windows Update
02-06-2013 07:01:02 Windows Update
03-06-2013 07:00:17 Windows Update
04-06-2013 07:01:05 Windows Update
04-06-2013 22:07:56 Installed Software Updater
05-06-2013 07:01:00 Windows Update
08-08-2013 23:37:48 Windows Update
08-08-2013 23:50:54 Windows Update
09-08-2013 01:36:45 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
09-08-2013 01:37:56 Device Driver Package Install: Apple Network adapters
09-08-2013 02:04:29 Windows Update
10-08-2013 00:06:20 Removed EZ Fonts
10-08-2013 02:04:24 Windows Update
10-08-2013 02:08:14 Windows Update
10-08-2013 08:17:48 Windows Update

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0FACBED0-652C-44B6-9553-6DA5196B10C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {70C7BB47-FAB1-4EDF-84C9-B902B0DA4621} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08] (Adobe Systems Incorporated)
Task: {75FF27C8-21E5-4976-8FE0-956CE4D6A1F6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {A899767D-839F-4AC2-8045-14F9119F1FF7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] ()
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {E46F9EBE-BB88-4E34-847B-62B470378829} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E84B42C8-1137-4D1E-983D-F5B7CEABF46E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {F8B09EE0-704A-47CE-B34D-40AFA2503803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2013 04:18:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/09/2013 10:08:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/09/2013 10:04:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/09/2013 08:06:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/08/2013 10:04:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/08/2013 09:38:14 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/08/2013 09:37:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/08/2013 08:14:09 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/08/2013 08:01:08 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/01/2013 08:17:42 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

System errors:
=============
Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: AFD
aswRdr
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%%31

Error: (08/10/2013 04:53:09 AM) (Source: Service Control Manager) (User: )
Description: WorkstationNetwork Store Interface Service%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-08-09 20:19:00.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.720
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:59.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:58.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-08-09 20:18:58.744
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3002.45 MB
Available physical RAM: 2581.95 MB
Total Pagefile: 6209.16 MB
Available Pagefile: 5958.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:149.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:723.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 711B6215)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 98F88D2A)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2013/08/10

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run [color= "#0000FF"]FRST/FRST64[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can operate computer normally.

If so....

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

ttorres66 · 2013/08/11

i ran the fix but i could not download the program after fix here is the log from the first fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-08-2013
Ran by Owner at 2013-08-11 06:04:27 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
"C:\$Recycle.Bin\S-1-5-21-694814-2283483923-3228598378-1000\$e8d8825f6783f2b3ea6831ac4a6981d0\n." => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59df9452-c848-11e0-82a7-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{59df9452-c848-11e0-82a7-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfadeb82-0194-11e3-8bf3-001f16e33221} => Key deleted successfully.
HKCR\CLSID\{cfadeb82-0194-11e3-8bf3-001f16e33221} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.

==== End of Fixlog ====

ttorres66 · 2013/08/11

i ran it from the usb drive here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013
Ran by Owner (administrator) on 11-08-2013 06:19:28
Running from F:\
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIBE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\NuvaTime\NuvaTime.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [358312 2012-02-01] ()
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-694814-2283483923-3228598378-1000\$e8d8825f6783f2b3ea6831ac4a6981d0\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {59df9452-c848-11e0-82a7-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {cfadeb82-0194-11e3-8bf3-001f16e33221} - G:\LaunchU3.exe -a
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NuvaTime.lnk
ShortcutTarget: NuvaTime.lnk -> C:\Program Files\NuvaTime\NuvaTime.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j2vkd1gl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-08] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-08] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-08] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-18] (LeapFrog)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-11 05:58 - 2013-08-11 05:58 - 00001224 _____ C:\Windows\PFRO.log
2013-08-11 05:54 - 2013-08-11 05:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\U3
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\FRST
2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 22:05 - 2013-08-09 22:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 20:12 - 2013-08-09 20:13 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-08 22:04 - 2013-08-11 05:50 - 00008691 _____ C:\Windows\IE9_main.log
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:43 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:34 - 2013-08-08 21:35 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:29 - 2013-08-08 21:30 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:29 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:50 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-08 19:50 - 2013-05-08 00:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-08 19:50 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-08 19:50 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-08-08 19:49 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-08 19:49 - 2013-05-29 07:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-08 19:49 - 2013-05-29 07:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-08 19:49 - 2013-05-29 05:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-08 19:49 - 2013-05-29 04:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-08 19:49 - 2013-05-29 04:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-08 19:49 - 2013-05-29 04:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-08 19:49 - 2013-05-29 04:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-08 19:49 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-08 19:49 - 2013-05-02 18:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-08 19:49 - 2013-05-02 18:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-08 19:49 - 2013-04-24 00:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-08 19:49 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-08 19:49 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-08 19:49 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-08 19:49 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-08 19:49 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== One Month Modified Files and Folders =======

2013-08-11 06:14 - 2006-11-02 06:33 - 00694964 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 06:11 - 2009-04-11 08:37 - 01072552 _____ C:\Windows\WindowsUpdate.log
2013-08-11 06:07 - 2011-11-16 00:15 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-11 06:07 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 06:07 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 06:07 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 05:58 - 2013-08-11 05:58 - 00001224 _____ C:\Windows\PFRO.log
2013-08-11 05:54 - 2013-08-11 05:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\U3
2013-08-11 05:51 - 2012-04-07 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 05:50 - 2013-08-08 22:04 - 00008691 _____ C:\Windows\IE9_main.log
2013-08-11 05:45 - 2011-08-16 15:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BatteryBar
2013-08-10 04:53 - 2013-08-10 04:53 - 00000000 ____D C:\FRST
2013-08-10 04:29 - 2006-11-02 09:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 04:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-09 22:19 - 2013-08-11 06:13 - 01230570 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2013-08-09 22:07 - 2013-08-09 22:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 21:58 - 2011-11-16 00:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 20:13 - 2013-08-09 20:12 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-09 20:11 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-08-08 22:08 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-08-08 22:03 - 2011-10-15 21:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-08-08 22:03 - 2011-08-28 14:49 - 00000000 ____D C:\Windows\Minidump
2013-08-08 22:03 - 2011-08-16 17:42 - 00000000 ____D C:\Windows\Panther
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:51 - 2012-04-07 20:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-08 21:51 - 2011-08-16 15:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:49 - 2011-08-18 21:02 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:42 - 2012-04-28 14:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-08 21:38 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner
2013-08-08 21:35 - 2013-08-08 21:34 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:30 - 2013-08-08 21:29 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-08 21:29 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-08 21:17 - 2011-11-16 00:14 - 00000000 ____D C:\Program Files\Google
2013-08-08 21:17 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:18 - 2011-11-16 00:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-08-08 20:18 - 2011-11-16 00:14 - 00000000 ____D C:\ProgramData\Google
2013-08-08 20:12 - 2006-11-02 08:47 - 00282288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-08 20:08 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-08-08 20:04 - 2011-08-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:56 - 2011-08-17 20:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-08 19:52 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-11 06:13

==================== End Of Log ============================

broni · 2013/08/11

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FRST one more time and post new log.

ttorres66 · 2013/08/11

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-08-2013
Ran by Owner at 2013-08-11 12:14:41 Run:2
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
"C:\$Recycle.Bin\S-1-5-21-694814-2283483923-3228598378-1000\$e8d8825f6783f2b3ea6831ac4a6981d0\n." => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59df9452-c848-11e0-82a7-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{59df9452-c848-11e0-82a7-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfadeb82-0194-11e3-8bf3-001f16e33221} => Key deleted successfully.
HKCR\CLSID\{cfadeb82-0194-11e3-8bf3-001f16e33221} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

ttorres66 · 2013/08/11

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013
Ran by Owner (administrator) on 11-08-2013 12:15:11
Running from F:\
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [358312 2012-02-01] ()
HKLM\...\Run: [Monitor] - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [90624 2013-04-11] ()
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIBE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NuvaTime.lnk
ShortcutTarget: NuvaTime.lnk -> C:\Program Files\NuvaTime\NuvaTime.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j2vkd1gl.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-08] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-08] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-08] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-18] (LeapFrog)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-11 05:54 - 2013-08-11 05:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\U3
2013-08-10 04:53 - 2013-08-11 12:14 - 00000000 ____D C:\FRST
2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-09 22:05 - 2013-08-09 22:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 20:12 - 2013-08-09 20:13 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-08 22:04 - 2013-08-11 07:06 - 00010834 _____ C:\Windows\IE9_main.log
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:43 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:34 - 2013-08-08 21:35 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:29 - 2013-08-08 21:30 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:29 - 2013-05-09 04:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:50 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-08 19:50 - 2013-05-08 00:37 - 00905576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-08 19:50 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-08 19:50 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-08-08 19:49 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-08 19:49 - 2013-05-29 07:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-08 19:49 - 2013-05-29 07:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-08-08 19:49 - 2013-05-29 07:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-08 19:49 - 2013-05-29 07:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-08 19:49 - 2013-05-29 07:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-08 19:49 - 2013-05-29 07:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-08 19:49 - 2013-05-29 05:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-08 19:49 - 2013-05-29 04:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-08 19:49 - 2013-05-29 04:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-08 19:49 - 2013-05-29 04:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-08 19:49 - 2013-05-29 04:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-08 19:49 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-08 19:49 - 2013-05-02 18:03 - 03603832 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-08 19:49 - 2013-05-02 18:03 - 03551096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-08 19:49 - 2013-04-24 00:00 - 00985600 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-08 19:49 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-08 19:49 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-08 19:49 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-08 19:49 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-08 19:49 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-08 19:49 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-08 19:49 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-08 19:49 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== One Month Modified Files and Folders =======

2013-08-11 12:14 - 2013-08-10 04:53 - 00000000 ____D C:\FRST
2013-08-11 12:10 - 2011-11-16 00:15 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-11 12:10 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-11 12:10 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-11 12:10 - 2006-11-02 08:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-11 07:06 - 2013-08-08 22:04 - 00010834 _____ C:\Windows\IE9_main.log
2013-08-11 07:06 - 2009-04-11 08:37 - 01079465 _____ C:\Windows\WindowsUpdate.log
2013-08-11 07:06 - 2006-11-02 09:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-11 06:58 - 2011-11-16 00:15 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-11 06:51 - 2012-04-07 20:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 06:20 - 2006-11-02 06:33 - 00694964 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 05:58 - 2013-08-11 05:58 - 00001224 _____ C:\Windows\PFRO.log
2013-08-11 05:54 - 2013-08-11 05:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\U3
2013-08-11 05:45 - 2011-08-16 15:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BatteryBar
2013-08-10 04:28 - 2013-08-10 04:28 - 00000714 _____ C:\Windows\setupact.log
2013-08-10 04:28 - 2013-08-10 04:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-10 04:19 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-09 22:07 - 2013-08-09 22:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-09 20:13 - 2013-08-09 20:12 - 00009447 _____ C:\Users\Owner\Desktop\hijackthis.log
2013-08-09 20:11 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2013-08-08 22:08 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-08-08 22:03 - 2011-10-15 21:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-08-08 22:03 - 2011-08-28 14:49 - 00000000 ____D C:\Windows\Minidump
2013-08-08 22:03 - 2011-08-16 17:42 - 00000000 ____D C:\Windows\Panther
2013-08-08 22:00 - 2013-08-08 22:00 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-08 22:00 - 2013-08-08 22:00 - 00000000 ____D C:\Program Files\CCleaner
2013-08-08 21:51 - 2012-04-07 20:34 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-08 21:51 - 2011-08-16 15:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-08 21:50 - 2013-08-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\nuvaring.nuvatime
2013-08-08 21:49 - 2011-08-18 21:02 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-08-08 21:43 - 2013-08-08 21:43 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-08 21:42 - 2013-08-08 21:42 - 00000000 ____D C:\Program Files\iPod
2013-08-08 21:42 - 2012-04-28 14:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-08 21:38 - 2011-08-16 14:04 - 00000000 ____D C:\Users\Owner
2013-08-08 21:35 - 2013-08-08 21:34 - 00000000 ____D C:\Program Files\QuickTime
2013-08-08 21:34 - 2013-08-08 21:34 - 00001726 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-08 21:30 - 2013-08-08 21:30 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-08 21:30 - 2013-08-08 21:29 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-08 21:30 - 2011-08-16 15:15 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-08 21:29 - 2006-11-02 06:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-08 21:17 - 2011-11-16 00:14 - 00000000 ____D C:\Program Files\Google
2013-08-08 21:17 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing
2013-08-08 20:21 - 2013-08-08 20:21 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-08 20:21 - 2013-08-08 20:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-08 20:18 - 2011-11-16 00:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-08-08 20:18 - 2011-11-16 00:14 - 00000000 ____D C:\ProgramData\Google
2013-08-08 20:12 - 2006-11-02 08:47 - 00282288 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-08 20:08 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-08-08 20:04 - 2011-08-16 15:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-08 20:02 - 2013-08-08 20:02 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-08-08 19:56 - 2011-08-17 20:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-08 19:52 - 2006-11-02 08:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-08 19:50 - 2013-08-08 19:50 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-08 19:42 - 2013-08-08 19:42 - 00000000 ____D C:\Program Files\GUM9A8A.tmp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-11 06:13

==================== End Of Log ============================

broni · 2013/08/11

Re-run FRST one more time and post new log.

ttorres66 · 2013/08/11

i am able to download frst to the desktop now without using a thumb drive also windows defender came up

broni · 2013/08/11

Cool

broni · 2013/08/11

Please, complete all steps listed HERE

ttorres66 · 2013/08/11

dupe...

broni · 2013/08/11

I got this one already.
Please read my previous reply.

Log in or Sign up

Solved virus on ie??? hijackthis log

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved virus on ie??? hijackthis log

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

ttorres66 Inactive Thread Starter

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

ttorres66 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches