Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Key Logger?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Key Logger?

Unread postby Puligan01 » July 12th, 2014, 3:15 pm

Two of my credit cards were compromised last week. We felt the merchant had been compromised. Merchant states that I likely have a key logger or virus in my system, or browser.

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.60.2
Run by Ownert at 15:07:35 on 2014-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2222 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\SysWOW64\java.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uProxyServer = :0
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\Ownert\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN18N1S00505KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Google Update] "C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [AmazonMP3DownloaderHelper] C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe /startupscan
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Ownert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JLALPI~1.LNK - C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1ECBAE86-6D2F-4511-8587-3A92CBB5C44C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EDEB3F82-3497-4CAE-92E2-AEF27F340D76} : NameServer = 207.69.188.187 207.69.188.186
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Ownert\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\Ownert\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2009-08-20 20:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-10-11 14:56; 5affxtbr@MyWebFace_5a.com; C:\Program Files (x86)\MyWebFace_5a\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-25 208416]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2012-4-21 482384]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2011-7-25 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2009-8-23 423240]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2013-11-26 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-21 203264]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-7 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-8-23 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-16 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-5-7 50344]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-6-28 20544]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-22 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-22 860472]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-6-28 57344]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-6-28 55296]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2009-5-3 8704]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-7-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-22 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-22 63704]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2009-6-28 32832]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-17 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-17 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-23 1255736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2014-07-11 20:00:02 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7629DBA4-7A10-4A55-813E-F708D18D5044}\offreg.dll
2014-07-11 12:28:33 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7629DBA4-7A10-4A55-813E-F708D18D5044}\mpengine.dll
2014-07-10 04:40:34 -------- d-----w- C:\Users\Ownert\AppData\Local\ArcSoft
2014-07-10 04:40:34 -------- d-----w- C:\ProgramData\ArcSoft
2014-07-10 04:35:16 -------- d-----w- C:\Users\Ownert\AppData\Local\Downloaded Installations
2014-07-09 04:36:59 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-09 04:35:53 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-09 04:35:47 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 04:35:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-07-03 23:15:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-07-03 22:33:45 -------- d-----w- C:\Users\Ownert\AppData\Local\Secunia PSI
2014-07-03 22:33:34 -------- d-----w- C:\Program Files (x86)\Secunia
2014-07-03 22:11:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-21 23:11:23 -------- d-----w- C:\ProgramData\Promote Installer
2014-06-18 01:59:26 -------- d-----w- C:\Users\Ownert\AppData\Local\Adobe
.
==================== Find3M ====================
.
2014-07-12 17:13:08 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-09 03:19:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 03:19:36 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-15 15:45:41 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-15 15:45:41 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-12 12:19:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 12:19:20 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 12:19:16 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-07 16:05:27 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-07 16:05:27 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-07 16:05:27 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-07 16:05:27 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-07 16:05:27 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-07 16:05:26 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 15:08:40.16 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/21/2012 8:58:11 PM
System Uptime: 7/10/2014 1:17:10 AM (62 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 312.649 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ArcCtrl
Device ID: ROOT\LEGACY_ARCCTRL\0000
Manufacturer:
Name: ArcCtrl
PNP Device ID: ROOT\LEGACY_ARCCTRL\0000
Service: ArcCtrl
.
==== System Restore Points ===================
.
RP244: 5/13/2014 11:13:39 AM - Windows Update
RP245: 5/15/2014 11:45:45 AM - Windows Update
RP246: 5/21/2014 11:43:01 AM - Windows Update
RP247: 5/22/2014 5:16:16 PM - Removed TurboTax 2009 wmdiper
RP248: 5/22/2014 5:16:57 PM - Removed iSEEK AnswerWorks English Runtime
RP249: 5/22/2014 5:17:38 PM - Removed TurboTax 2009 WinPerTaxSupport
RP250: 5/22/2014 5:18:41 PM - Removed TurboTax 2009 WinPerFedFormset
RP251: 5/22/2014 5:19:29 PM - Removed TurboTax 2009 WinPerReleaseEngine
RP252: 5/22/2014 5:20:47 PM - Removed TurboTax 2009 wrapper
RP253: 5/29/2014 7:24:17 PM - Scheduled Checkpoint
RP254: 5/30/2014 11:50:49 AM - Windows Update
RP255: 6/3/2014 12:28:52 PM - Windows Update
RP256: 6/6/2014 8:23:00 PM - Removed Apple Application Support
RP257: 6/6/2014 8:53:31 PM - Removed iTunes
RP258: 6/6/2014 8:58:12 PM - Removed Apple Mobile Device Support
RP259: 6/6/2014 8:59:12 PM - Removed Apple Software Update
RP260: 6/10/2014 11:43:25 AM - Windows Update
RP261: 6/12/2014 3:00:41 AM - Windows Update
RP262: 6/17/2014 11:52:04 AM - Windows Update
RP263: 6/20/2014 5:39:47 PM - Windows Update
RP264: 6/24/2014 8:30:37 AM - Windows Update
RP265: 6/27/2014 3:45:17 PM - Windows Update
RP266: 7/1/2014 11:47:33 AM - Windows Update
RP267: 7/2/2014 6:38:30 PM - Installed QuickTime 7
RP268: 7/3/2014 3:26:40 PM - Installed HiJackThis
RP269: 7/3/2014 6:01:28 PM - Installed Java 7 Update 60
RP270: 7/3/2014 11:21:14 PM - Installed MSXML 4.0 SP3 Parser
RP271: 7/4/2014 8:59:22 AM - Removed HiJackThis
RP272: 7/5/2014 3:00:19 AM - Windows Update
RP273: 7/9/2014 12:29:34 AM - Windows Update
RP274: 7/9/2014 5:35:50 AM - Windows Update
RP275: 7/10/2014 12:37:26 AM - Installed ArcSoft TotalMedia Theatre 6
RP276: 7/10/2014 12:59:57 AM - Removed ArcSoft TotalMedia Theatre 6
RP277: 7/10/2014 1:09:59 AM - Removed ArcSoft TotalMedia Theatre 6
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
100 Hidden Objects
Acrobat.com
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.10)
Amazon Games & Software Downloader
Amazon Links
Amazon MP3 Downloader 1.0.18
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Auslogics Disk Defrag
avast! Free Antivirus
Bing Rewards Client Installer
Bonjour
Business Card Factory Deluxe 3.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink PowerCinema for TOSHIBA
Direct DiscRecorder
Dolby Control Center
DVD MovieFactory for TOSHIBA
Elevated Installer
Facebook Plug-In
Garmin BaseCamp
Garmin Express
Garmin Express Tray
Garmin USB Drivers
Hewlett-Packard ACLM.NET v1.1.0.0
HP FWUpdateEDO2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Product Detection
HP Update
HPDiagnosticAlert
HPOJP8600FWUpdateAlert
I.R.I.S. OCR
Intel® Matrix Storage Manager
Java 7 Update 60
Java Auto Updater
LightScribe 1.4.124.1
Linksys EasyLink Advisor
LSI V92 MOH Application
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mishap An Accidental Haunting
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.6.0 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
Netzero Internet Access Installer
OpenAL
Personal Color Viewer
PhotoMail Maker
PlayReady PC runtime
Pure Networks Platform
QuickBooks Financial Center
QuickTime 7
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.02.02.01
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Skype™ 6.11
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Last Express
TheSkyX First Light Edition version 10.2.0 Build 6408
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Upgrade Assistant
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx Support Manager for Internet Explorer
WildTangent Games
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
.
==== Event Viewer Messages From Past Week ========
.
7/9/2014 5:56:36 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/9/2014 5:56:36 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/9/2014 5:34:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/9/2014 5:34:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
7/5/2014 11:40:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/12/2014 2:59:43 PM, Error: atikmdag [43029] - Display is not active
7/11/2014 5:26:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/10/2014 1:19:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ArcCtrl
7/10/2014 1:17:33 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
7/10/2014 1:04:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
7/10/2014 1:04:23 AM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm
Advertisement
Register to Remove

Re: Key Logger?

Unread postby nunped » July 13th, 2014, 6:13 am

Hello Puligan01, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby nunped » July 13th, 2014, 6:30 am

Hi puligan01,

Not much showing on this scan. Please run these ones:
Step 1 - Scan with FRST
Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Step 2 - TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby Puligan01 » July 13th, 2014, 11:00 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Ownert (administrator) on OWNERT-PC on 13-07-2014 10:42:32
Running from C:\Users\Ownert\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PCMAgent] => C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe [143360 2009-02-16] (CyberLink Corp.)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-03-28] (TOSHIBA)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [cdloader] => C:\Users\Ownert\AppData\Roaming\mjusbsp\cdloader2.exe [50520 2009-08-01] (magicJack L.P.)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-07-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [Google Update] => C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-21] (Google Inc.)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [MusicManager] => C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Run: [HijackThis startup scan] => C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe /startupscan
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\MountPoints2: E - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\MountPoints2: {560d84de-e0be-11e1-ba41-8514ae452a16} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3643153610-3702823825-3934387528-1000\...\MountPoints2: {d2cb0c34-8c0c-11e1-93ea-806e6f6e6963} - D:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Ownert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TSHB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope {198229A4-3457-4DDA-8103-6CF84E88B0FE} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM - {198229A4-3457-4DDA-8103-6CF84E88B0FE} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKLM-x32 - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
SearchScopes: HKCU - {198229A4-3457-4DDA-8103-6CF84E88B0FE} URL =
SearchScopes: HKCU - {512E8A28-6730-408F-BEFC-BEC2DFB6ADF4} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {67418558-42E9-47A1-9290-8927DC748C24} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=&apn_ptnrs=AU&apn_dtid=YYYYYYYYUS&apn_uid=72fb70da-0ce1-404f-a1ad-b7756af306a6&apn_sauid=D80162B8-F981-4A6B-BA4D-ADF544027784&
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EDEB3F82-3497-4CAE-92E2-AEF27F340D76}: [NameServer]207.69.188.187 207.69.188.186

FireFox:
========
FF ProfilePath: C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://news.google.com/nwshp?hl=en&tab=wn
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 - C:\Program Files (x86)\Picasa2\npPicasa2.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Ownert\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ownert\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ownert\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\Extensions\smile1Button@amazon.com.xpi [2014-05-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-07-25]

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-13]
CHR Extension: (Google Drive) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-13]
CHR Extension: (YouTube) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-13]
CHR Extension: (Google Search) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
CHR Extension: (Gmail) - C:\Users\Ownert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-05-07]

==================== Services (Whitelisted) =================

R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-05-07] (AVAST Software)
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [437080 2014-07-01] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed]
R2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [55808 2009-02-19] (TOSHIBA Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [251392 2009-04-14] (TOSHIBA Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 10:42 - 2014-07-13 10:43 - 00023243 _____ () C:\Users\Ownert\Downloads\FRST.txt
2014-07-13 10:42 - 2014-07-13 10:42 - 00000000 ____D () C:\FRST
2014-07-13 10:41 - 2014-07-13 10:41 - 02086912 _____ (Farbar) C:\Users\Ownert\Downloads\FRST64.exe
2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setupact.log
2014-07-12 15:34 - 2014-07-12 15:34 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-07-12 15:34 - 2014-07-12 15:34 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-12 15:10 - 2014-07-12 15:10 - 00023830 _____ () C:\Users\Ownert\Desktop\DDS Puligan.txt
2014-07-12 15:10 - 2014-07-12 15:10 - 00012269 _____ () C:\Users\Ownert\Desktop\Attach Puligan.txt
2014-07-12 15:08 - 2014-07-12 15:08 - 00023830 _____ () C:\Users\Ownert\Desktop\dds.txt
2014-07-12 15:08 - 2014-07-12 15:08 - 00012269 _____ () C:\Users\Ownert\Desktop\attach.txt
2014-07-12 15:06 - 2014-07-12 15:06 - 00688992 ____R (Swearware) C:\Users\Ownert\Downloads\dds.scr
2014-07-11 17:26 - 2014-07-11 17:26 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-11
2014-07-10 01:02 - 2014-07-10 01:02 - 00003296 _____ () C:\Windows\System32\Tasks\{161D60CD-E11D-4422-9B05-87601310BE1C}
2014-07-10 00:52 - 2014-07-10 00:52 - 00000000 ____D () C:\Users\Ownert\Documents\ArcSoft
2014-07-10 00:51 - 2014-07-10 01:15 - 00000000 ____D () C:\Users\Ownert\AppData\Roaming\ArcSoft
2014-07-10 00:40 - 2014-07-10 01:15 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-07-10 00:40 - 2014-07-10 00:40 - 00000000 ____D () C:\Users\Ownert\AppData\Local\ArcSoft
2014-07-10 00:35 - 2014-07-10 00:35 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Downloaded Installations
2014-07-10 00:33 - 2014-07-10 00:34 - 112316872 _____ (ArcSoft ) C:\Users\Ownert\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-07-09 00:37 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 00:37 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 00:37 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:37 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:37 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:37 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:36 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:36 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:36 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:36 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 00:36 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 00:36 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:36 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 00:36 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 00:36 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 00:36 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 00:36 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 00:36 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 00:36 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 00:36 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 00:36 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 00:36 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 00:36 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:36 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 00:36 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:36 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 00:36 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:36 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 00:36 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:36 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:36 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:36 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:36 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:36 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:36 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:36 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:36 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:36 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:36 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:36 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:36 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:36 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 00:36 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:36 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:36 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:36 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:36 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:36 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:36 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:36 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:36 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:36 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:36 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:36 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:36 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:36 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:36 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:36 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:36 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:36 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:36 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:36 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:36 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 00:36 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:36 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:36 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:35 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:35 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:35 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 13:20 - 2014-07-07 14:54 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-07
2014-07-06 15:46 - 2014-07-06 15:46 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-06
2014-07-03 23:20 - 2014-07-03 23:20 - 02434048 _____ () C:\Users\Ownert\Downloads\msxml(1).msi
2014-07-03 23:19 - 2014-07-03 23:19 - 02434048 _____ () C:\Users\Ownert\Downloads\msxml.msi
2014-07-03 19:14 - 2014-07-03 19:14 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-03 18:33 - 2014-07-03 18:33 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:33 - 2014-07-03 18:33 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Secunia PSI
2014-07-03 18:33 - 2014-07-03 18:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-03 18:32 - 2014-07-03 18:32 - 05329480 _____ (Secunia) C:\Users\Ownert\Downloads\PSISetup.exe
2014-07-03 18:11 - 2014-07-03 18:11 - 00004312 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-03 18:11 - 2014-07-03 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-03 18:11 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-03 18:11 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-03 18:11 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-03 18:11 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-03 17:59 - 2014-07-03 17:59 - 00918952 _____ (Oracle Corporation) C:\Users\Ownert\Downloads\jxpiinstall.exe
2014-07-03 15:40 - 2014-07-03 15:40 - 00014941 _____ () C:\Users\Ownert\Desktop\hijackthis log july 3 2014
2014-07-03 15:25 - 2014-07-03 15:25 - 01402880 _____ () C:\Users\Ownert\Downloads\HijackThis.msi
2014-07-02 18:37 - 2014-07-02 18:37 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 18:37 - 2014-07-02 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-02 18:37 - 2014-07-02 18:37 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 18:34 - 2014-07-02 18:35 - 41945432 _____ (Apple Inc.) C:\Users\Ownert\Downloads\QuickTimeInstaller.exe
2014-07-01 13:07 - 2014-07-01 13:07 - 00044032 ___SH () C:\Users\Ownert\Documents\Thumbs.db
2014-06-26 15:44 - 2014-06-26 15:44 - 04812672 _____ (Piriform Ltd) C:\Users\Ownert\Downloads\ccsetup415.exe
2014-06-22 00:27 - 2014-06-22 00:27 - 00003565 _____ () C:\Users\Ownert\Desktop\Hand Feeding Preston - Shortcut.lnk
2014-06-19 20:15 - 2014-06-19 22:07 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-06-19
2014-06-17 21:59 - 2014-06-17 21:59 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-13 10:43 - 2014-07-13 10:42 - 00023243 _____ () C:\Users\Ownert\Downloads\FRST.txt
2014-07-13 10:42 - 2014-07-13 10:42 - 00000000 ____D () C:\FRST
2014-07-13 10:41 - 2014-07-13 10:41 - 02086912 _____ (Farbar) C:\Users\Ownert\Downloads\FRST64.exe
2014-07-13 10:19 - 2013-12-05 18:23 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-07-13 10:19 - 2012-04-11 11:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 10:18 - 2012-04-21 20:32 - 01653832 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 09:47 - 2013-04-21 19:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000UA.job
2014-07-13 09:41 - 2014-05-22 19:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 02:17 - 2012-04-04 20:14 - 00000000 ____D () C:\ProgramData\Garmin
2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 01:00 - 2014-07-13 01:00 - 00000000 _____ () C:\Windows\setupact.log
2014-07-12 20:37 - 2012-04-22 05:22 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9B2099-D8AF-40E4-B4BF-A0FF816A2624}
2014-07-12 15:35 - 2013-03-29 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-12 15:35 - 2009-05-03 02:36 - 00000000 ____D () C:\Program Files\DIFX
2014-07-12 15:34 - 2014-07-12 15:34 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-07-12 15:34 - 2014-07-12 15:34 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-07-12 15:34 - 2012-04-04 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-07-12 15:34 - 2012-04-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-07-12 15:10 - 2014-07-12 15:10 - 00023830 _____ () C:\Users\Ownert\Desktop\DDS Puligan.txt
2014-07-12 15:10 - 2014-07-12 15:10 - 00012269 _____ () C:\Users\Ownert\Desktop\Attach Puligan.txt
2014-07-12 15:08 - 2014-07-12 15:08 - 00023830 _____ () C:\Users\Ownert\Desktop\dds.txt
2014-07-12 15:08 - 2014-07-12 15:08 - 00012269 _____ () C:\Users\Ownert\Desktop\attach.txt
2014-07-12 15:06 - 2014-07-12 15:06 - 00688992 ____R (Swearware) C:\Users\Ownert\Downloads\dds.scr
2014-07-12 11:47 - 2013-04-21 19:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000Core.job
2014-07-12 05:49 - 2012-04-21 19:54 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 05:49 - 2012-04-21 19:54 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 17:26 - 2014-07-11 17:26 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-11
2014-07-10 01:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 01:15 - 2014-07-10 00:51 - 00000000 ____D () C:\Users\Ownert\AppData\Roaming\ArcSoft
2014-07-10 01:15 - 2014-07-10 00:40 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-07-10 01:15 - 2009-05-03 02:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-10 01:05 - 2012-07-14 01:02 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-10 01:02 - 2014-07-10 01:02 - 00003296 _____ () C:\Windows\System32\Tasks\{161D60CD-E11D-4422-9B05-87601310BE1C}
2014-07-10 00:52 - 2014-07-10 00:52 - 00000000 ____D () C:\Users\Ownert\Documents\ArcSoft
2014-07-10 00:40 - 2014-07-10 00:40 - 00000000 ____D () C:\Users\Ownert\AppData\Local\ArcSoft
2014-07-10 00:35 - 2014-07-10 00:35 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Downloaded Installations
2014-07-10 00:34 - 2014-07-10 00:33 - 112316872 _____ (ArcSoft ) C:\Users\Ownert\Downloads\totalmediatheatre6_retail_tbyb_all.exe
2014-07-09 14:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 05:54 - 2009-07-14 00:45 - 00419232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 05:51 - 2014-05-07 12:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 05:51 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 05:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 05:47 - 2013-07-13 13:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 05:44 - 2012-04-30 12:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 23:19 - 2012-04-11 11:45 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:19 - 2012-04-11 11:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:19 - 2011-06-15 13:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 14:54 - 2014-07-07 13:20 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-07
2014-07-06 15:46 - 2014-07-06 15:46 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-07-06
2014-07-03 23:22 - 2009-05-03 01:28 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-03 23:20 - 2014-07-03 23:20 - 02434048 _____ () C:\Users\Ownert\Downloads\msxml(1).msi
2014-07-03 23:19 - 2014-07-03 23:19 - 02434048 _____ () C:\Users\Ownert\Downloads\msxml.msi
2014-07-03 19:14 - 2014-07-03 19:14 - 00001856 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-03 19:14 - 2014-07-03 19:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-03 18:33 - 2014-07-03 18:33 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-03 18:33 - 2014-07-03 18:33 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Secunia PSI
2014-07-03 18:33 - 2014-07-03 18:33 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-03 18:32 - 2014-07-03 18:32 - 05329480 _____ (Secunia) C:\Users\Ownert\Downloads\PSISetup.exe
2014-07-03 18:18 - 2009-12-13 23:40 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Yahoo
2014-07-03 18:18 - 2009-12-13 23:22 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-03 18:18 - 2009-12-13 23:21 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-07-03 18:13 - 2014-01-20 15:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-03 18:11 - 2014-07-03 18:11 - 00004312 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-03 18:11 - 2014-07-03 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-03 18:11 - 2009-05-03 02:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-03 17:59 - 2014-07-03 17:59 - 00918952 _____ (Oracle Corporation) C:\Users\Ownert\Downloads\jxpiinstall.exe
2014-07-03 15:40 - 2014-07-03 15:40 - 00014941 _____ () C:\Users\Ownert\Desktop\hijackthis log july 3 2014
2014-07-03 15:25 - 2014-07-03 15:25 - 01402880 _____ () C:\Users\Ownert\Downloads\HijackThis.msi
2014-07-02 18:37 - 2014-07-02 18:37 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 18:37 - 2014-07-02 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-02 18:37 - 2014-07-02 18:37 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 18:35 - 2014-07-02 18:34 - 41945432 _____ (Apple Inc.) C:\Users\Ownert\Downloads\QuickTimeInstaller.exe
2014-07-01 13:11 - 2012-06-28 17:19 - 00000000 ____D () C:\Users\Ownert\Documents\Daddys Poetry and Writings
2014-07-01 13:10 - 2014-01-13 23:29 - 00000000 ____D () C:\Users\Ownert\Documents\Sherry's Rap Sheet
2014-07-01 13:07 - 2014-07-01 13:07 - 00044032 ___SH () C:\Users\Ownert\Documents\Thumbs.db
2014-06-30 23:50 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 22:09 - 2014-07-09 00:37 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 00:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 15:44 - 2014-06-26 15:44 - 04812672 _____ (Piriform Ltd) C:\Users\Ownert\Downloads\ccsetup415.exe
2014-06-26 15:44 - 2010-11-15 13:41 - 00001032 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-26 15:44 - 2010-11-15 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 15:44 - 2009-07-29 19:49 - 00000000 ____D () C:\Users\Ownert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-26 15:44 - 2009-07-29 19:49 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-06-22 00:27 - 2014-06-22 00:27 - 00003565 _____ () C:\Users\Ownert\Desktop\Hand Feeding Preston - Shortcut.lnk
2014-06-20 16:14 - 2014-07-09 00:36 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 00:36 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 22:07 - 2014-06-19 20:15 - 00000000 ____D () C:\Users\Ownert\Desktop\2014-06-19
2014-06-19 18:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-18 21:39 - 2014-07-09 00:36 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 00:36 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 00:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 00:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 00:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 00:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 00:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 00:36 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 00:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 00:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 00:36 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 00:36 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 00:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 00:36 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 00:36 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 00:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 00:36 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 00:36 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 00:36 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 00:36 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 00:36 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 00:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 00:36 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 00:36 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 00:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 00:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 00:36 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 00:36 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 00:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 00:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 00:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 00:36 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 00:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 00:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 00:36 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 00:36 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 00:36 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 00:36 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 00:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 00:36 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 00:36 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 00:36 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 00:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 00:36 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 00:36 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 00:36 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 00:36 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 00:37 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:59 - 2014-06-17 21:59 - 00000000 ____D () C:\Users\Ownert\AppData\Local\Adobe
2014-06-17 21:51 - 2014-07-09 00:37 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 00:37 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 11:42 - 2013-04-21 19:50 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000UA
2014-06-17 11:42 - 2013-04-21 19:50 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000Core
2014-06-16 06:32 - 2012-04-26 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 19:35

==================== End Of Log ============================
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby Puligan01 » July 13th, 2014, 11:00 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014
Ran by Ownert at 2014-07-13 10:43:44
Running from C:\Users\Ownert\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
100 Hidden Objects (HKLM-x32\...\100 Hidden Objects_is1) (Version: - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Links (HKLM-x32\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{0FB2E75A-1024-331F-77EF-D45F71505D58}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Card Factory Deluxe 3.0 (HKLM-x32\...\{BF953F1A-F946-4804-875D-94B6A6C05CE1}) (Version: 3.0.0.12 - Nova Development Corp.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerCinema for TOSHIBA (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 6.0.2616a - CyberLink Corp.)
CyberLink PowerCinema for TOSHIBA (x32 Version: 6.0.2616a - CyberLink Corp.) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) Hidden
Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Garmin BaseCamp (HKLM-x32\...\{DF1C5B60-29DE-463C-BF2C-708D95F3F752}) (Version: 3.3.2 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{C51B24BD-9CF9-4170-8DB2-457002F68A65}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{10173615-D9A7-4C50-A036-38CA89221708}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{DB4AAFCB-1F3A-43F7-9E68-B06171C89CAB}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPOJP8600FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
LightScribe 1.4.124.1 (x32 Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mishap An Accidental Haunting (HKLM-x32\...\Mishap An Accidental Haunting_is1) (Version: - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
Netzero Internet Access Installer (HKLM-x32\...\{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}) (Version: 1.0.Q1.09 - TOSHIBA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Personal Color Viewer (HKLM-x32\...\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1) (Version: 3.0.2 - Eco Color Company)
Personal Color Viewer (x32 Version: 3.0.2 - Eco Color Company) Hidden
PhotoMail Maker (HKLM-x32\...\PhotoMail) (Version: 1.0.0.1040 - IncrediMail Ltd.)
PhotoMail Maker (x32 Version: 1.0.0.1040 - IncrediMail) Hidden
PlayReady PC runtime (HKLM\...\{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}) (Version: 1 - Microsoft Corporation)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickBooks Financial Center (HKLM-x32\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U230 Media Driver ver.2.02.02.01 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.02.02.01 - RICOH)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{ADD72094-D289-4714-A62E-70574478A2BC}) (Version: 4.3.1.0 - Husdawg, LLC)
The Last Express (HKLM-x32\...\The Last Express) (Version: 1.0 - DotEmu)
TheSkyX First Light Edition version 10.2.0 Build 6408 (HKLM-x32\...\TheSkyX First Light for Windows_is1) (Version: 10.2.0 Build 6408 - )
TOSHIBA Agreement Notification Utility (HKLM-x32\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
TOSHIBA Agreement Notification Utility (x32 Version: 1.0.11.0 - TOSHIBA Corporation) Hidden
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.08 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-AU - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.0.2.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.0.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.0.4.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.0.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: - )
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00 - TOSHIBA Corporation) Hidden
Toshiba Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM-x32\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Upgrade Assistant (HKLM-x32\...\{41773726-92D0-4265-A0F8-DD980CA1AEC4}) (Version: 1.1.9 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.1.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.28.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.28.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.28.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)

==================== Restore Points =========================

13-05-2014 15:13:39 Windows Update
15-05-2014 15:45:45 Windows Update
21-05-2014 15:43:01 Windows Update
22-05-2014 21:16:16 Removed TurboTax 2009 wmdiper
22-05-2014 21:16:57 Removed iSEEK AnswerWorks English Runtime
22-05-2014 21:17:38 Removed TurboTax 2009 WinPerTaxSupport
22-05-2014 21:18:41 Removed TurboTax 2009 WinPerFedFormset
22-05-2014 21:19:29 Removed TurboTax 2009 WinPerReleaseEngine
22-05-2014 21:20:47 Removed TurboTax 2009 wrapper
29-05-2014 23:24:17 Scheduled Checkpoint
30-05-2014 15:50:49 Windows Update
03-06-2014 16:28:52 Windows Update
07-06-2014 00:23:00 Removed Apple Application Support
07-06-2014 00:53:31 Removed iTunes
07-06-2014 00:58:12 Removed Apple Mobile Device Support
07-06-2014 00:59:12 Removed Apple Software Update
10-06-2014 15:43:25 Windows Update
12-06-2014 07:00:41 Windows Update
17-06-2014 15:52:04 Windows Update
20-06-2014 21:39:47 Windows Update
24-06-2014 12:30:37 Windows Update
27-06-2014 19:45:17 Windows Update
01-07-2014 15:47:33 Windows Update
02-07-2014 22:38:30 Installed QuickTime 7
03-07-2014 19:26:40 Installed HiJackThis
03-07-2014 22:01:28 Installed Java 7 Update 60
04-07-2014 03:21:14 Installed MSXML 4.0 SP3 Parser
04-07-2014 12:59:22 Removed HiJackThis
05-07-2014 07:00:19 Windows Update
09-07-2014 04:29:34 Windows Update
09-07-2014 09:35:50 Windows Update
10-07-2014 04:37:26 Installed ArcSoft TotalMedia Theatre 6
10-07-2014 04:59:57 Removed ArcSoft TotalMedia Theatre 6
10-07-2014 05:09:59 Removed ArcSoft TotalMedia Theatre 6
12-07-2014 19:32:09 Garmin Express
12-07-2014 19:32:58 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-07-2014 19:35:11 Garmin Express

==================== Hosts content: ==========================

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BCC5608-A3B0-483D-946F-960C9D02B28C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-01] ()
Task: {1ADF8738-F57E-4A2D-9F91-DBDE95B8E1E1} - System32\Tasks\RegGenie v3.0 - Step 2 => C:\Program Files (x86)\RegGenie\RegGenieOnRebootExpired.exe
Task: {29F93081-A495-4783-9E83-6A5511657953} - System32\Tasks\{BC00EAC4-DCD2-4F84-A888-0DAD5B5B1F3E} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-11] (Mozilla Corporation)
Task: {337EBEBE-D180-44BA-AD32-1710BBAEE7F5} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] ()
Task: {33EE3B4A-40E2-48D7-8771-B34D38102768} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-05-07] (AVAST Software)
Task: {430983EE-343F-4DBD-BF45-F3E60E6C8043} - System32\Tasks\hpUrlLauncher.exe_{CB5B1683-0586-4995-ACEB-DF776146AEDB} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {4F1852A4-C280-4F70-9230-96F5EA5A5C6B} - System32\Tasks\{C92A9B04-D76E-48A5-BA5D-D11F423390CC} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-11] (Mozilla Corporation)
Task: {51BA9245-EF54-4A56-9C1A-8A08F91BCFF8} - System32\Tasks\{CB37F8D4-D504-493B-A8A9-CE79EBAA8455} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7E5B22A9-0397-4CF9-AF2A-3BB78ADEC910} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {9A71A021-3D1B-4041-9711-5A08AE0F5F38} - System32\Tasks\{479C1223-E9E0-4D27-9468-6E197F77EAA4} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-11] (Mozilla Corporation)
Task: {9F0080B7-1612-4734-BB4C-BDB16DC6F5A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7AC1424-548F-4FF5-B916-EBE0E07D2980} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000Core => C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {B0C6A419-668F-48AA-9BF8-2F8192083346} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation)
Task: {B1A107E2-A99F-4BD4-8CD2-31129355F7FB} - System32\Tasks\{A9450CD0-EFFF-40C3-A4F5-3877BA7D3014} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {C7AE11B3-105C-4C2F-81E8-AED923A2B96E} - System32\Tasks\RegGenie Scheduler => C:\Program Files (x86)\RegGenie\RegGenieScheduler.exe
Task: {C9FBD075-8E88-4866-8F6F-24F15316A93D} - System32\Tasks\RegGenie v3.0 - Step 1 => C:\Program Files (x86)\RegGenie\RegGenieOnReboot.exe
Task: {DA32FEA9-DB6F-4A53-AD6B-9145B9A5B65F} - System32\Tasks\ScanToPCActivationApp.exe_{3C779B91-157D-4042-8B7C-0D4D6C372F72} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E975FB2B-595B-4F7F-9FA1-C9F69848F7FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {F096D8B0-1C5C-44EA-9C6D-97A5CBF8935D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {F0F0B527-B118-4E61-82D4-4F5EF114692F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000UA => C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-21] (Google Inc.)
Task: {FC5B4493-7B62-41E0-A04A-3DC182EAE48B} - System32\Tasks\{EA078B09-1C27-4594-9469-DA1E1D645945} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-18] (Skype Technologies S.A.)
Task: {FEFA1B06-421A-4EF4-84B7-AD4CB3B9565C} - System32\Tasks\{77513D40-0E31-49B9-B399-81E3FF0AD0B9} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2011-05-25] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000Core.job => C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3643153610-3702823825-3934387528-1000UA.job => C:\Users\Ownert\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2009-07-16 15:27 - 2009-07-16 15:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-05-03 02:35 - 2007-04-23 12:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-04-25 00:47 - 2007-04-25 00:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-11-13 15:43 - 2008-11-13 15:43 - 00204800 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2013-04-05 17:55 - 2013-04-05 17:55 - 00397632 _____ () C:\Users\Ownert\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2009-05-04 10:45 - 2009-05-04 10:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-21 21:24 - 2012-04-21 21:24 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-09 22:03 - 2014-07-09 22:03 - 02789888 _____ () C:\Program Files\Alwil Software\Avast5\defs\14070901\algo.dll
2014-07-13 07:01 - 2014-07-13 07:01 - 02792960 _____ () C:\Program Files\Alwil Software\Avast5\defs\14071300\algo.dll
2013-11-26 18:03 - 2009-10-23 13:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 10683392 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 07741952 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 02248192 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 01681408 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00117248 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 17:20 - 2014-05-15 17:20 - 00231936 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 17:21 - 2014-05-15 17:21 - 00253440 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 17:24 - 2014-05-15 17:24 - 00344064 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 17:06 - 2013-12-10 17:06 - 00026624 _____ () C:\Users\Ownert\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2008-12-12 21:11 - 2008-12-12 21:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 21:11 - 2008-12-12 21:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-01-16 21:06 - 2014-01-16 21:06 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2008-11-13 15:43 - 2008-11-13 15:43 - 00081920 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\lib\wrapper.dll
2014-06-11 18:36 - 2014-06-11 18:36 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 18:36 - 2014-06-11 18:36 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 18:36 - 2014-06-11 18:36 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-11 14:39 - 2014-06-11 14:39 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 23:19 - 2014-07-08 23:19 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: ArcCtrl
Description: ArcCtrl
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 10:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1603050

Error: (07/13/2014 10:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1603050

Error: (07/13/2014 10:18:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 10:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1602052

Error: (07/13/2014 10:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1602052

Error: (07/13/2014 10:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 09:51:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20108

Error: (07/13/2014 09:51:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20108

Error: (07/13/2014 09:51:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2014 09:51:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19047


System errors:
=============
Error: (07/13/2014 10:18:16 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/13/2014 07:00:05 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/13/2014 00:00:37 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/13/2014 00:00:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/12/2014 09:54:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/12/2014 03:33:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Core Update Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/12/2014 02:59:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/12/2014 05:10:22 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/11/2014 10:00:23 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/11/2014 07:57:53 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-04-21 18:40:31.205
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:31.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:30.789
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:30.595
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:30.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:30.130
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:29.903
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:29.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:29.449
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-04-21 18:40:29.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 4093.99 MB
Available physical RAM: 1813.32 MB
Total Pagefile: 8186.16 MB
Available Pagefile: 5213.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI100343V0F) (Fixed) (Total:454.05 GB) (Free:310.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CC4608EA)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby Puligan01 » July 13th, 2014, 11:30 am

Dear Nunped,

I downloaded and ran the TDSSKiller.exe and there were no threats found.
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby nunped » July 13th, 2014, 12:58 pm

Hi Puligan01,

Do you recognize or have this program installed:
RegGenie
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby Puligan01 » July 13th, 2014, 1:01 pm

Dear Nunped. No, I do not recognize a program by that name.
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby nunped » July 13th, 2014, 5:59 pm

Ok, so there are a few issues that I could correct using FRST, but mainly orphan entries or entries related to RegGenie (which is a registry optimizer program that we really do not recomend). Nothing that I could classify as a keyloger or near it...

I'd like you to run one more scan:
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click theblue [Run ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings ... select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes... press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button... then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby Puligan01 » July 14th, 2014, 5:00 pm

Dear Nunped,

1. How can I remove the RegGenie?

2. Ran ESET, Seven infected items. See below:

C:\Users\Ownert\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ownert\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ownert\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ownert\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ownert\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Ownert\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\uninst.exe a variant of Win32/PCCleaners potentially unwanted application
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby nunped » July 16th, 2014, 12:12 pm

Hi Puligan01,

Truly sorry for the delay. We'll remove RegGenie with FRST (see below). The files detected by ESET are not really bad, they are installers for Ccleaner. You can delete them if you want.
I don't see any evidence of Keyloger on your logs... Do you have any issue with the computer's performance?

Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    SearchScopes: HKCU - {198229A4-3457-4DDA-8103-6CF84E88B0FE} URL =
    BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF user.js: detected! => C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\user.js
    Task: {1ADF8738-F57E-4A2D-9F91-DBDE95B8E1E1} - System32\Tasks\RegGenie v3.0 - Step 2 => C:\Program Files (x86)\RegGenie\RegGenieOnRebootExpired.exe
    Task: {C7AE11B3-105C-4C2F-81E8-AED923A2B96E} - System32\Tasks\RegGenie Scheduler => C:\Program Files (x86)\RegGenie\RegGenieScheduler.exe
    Task: {C9FBD075-8E88-4866-8F6F-24F15316A93D} - System32\Tasks\RegGenie v3.0 - Step 1 => C:\Program Files (x86)\RegGenie\RegGenieOnReboot.exe
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby Puligan01 » July 16th, 2014, 12:45 pm

Hi Nunped,

The computer is a little slow, but it's five years old too. Don't know if that matters.

Fixlog.txt Below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by Ownert at 2014-07-16 12:43:38 Run:1
Running from C:\Users\Ownert\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {198229A4-3457-4DDA-8103-6CF84E88B0FE} URL =
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF user.js: detected! => C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\user.js
Task: {1ADF8738-F57E-4A2D-9F91-DBDE95B8E1E1} - System32\Tasks\RegGenie v3.0 - Step 2 => C:\Program Files (x86)\RegGenie\RegGenieOnRebootExpired.exe
Task: {C7AE11B3-105C-4C2F-81E8-AED923A2B96E} - System32\Tasks\RegGenie Scheduler => C:\Program Files (x86)\RegGenie\RegGenieScheduler.exe
Task: {C9FBD075-8E88-4866-8F6F-24F15316A93D} - System32\Tasks\RegGenie v3.0 - Step 1 => C:\Program Files (x86)\RegGenie\RegGenieOnReboot.exe

*****************

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{198229A4-3457-4DDA-8103-6CF84E88B0FE}' => Key deleted successfully.
'HKCR\CLSID\{198229A4-3457-4DDA-8103-6CF84E88B0FE}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
C:\Users\Ownert\AppData\Roaming\Mozilla\Firefox\Profiles\i800xm4k.default\user.js => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1ADF8738-F57E-4A2D-9F91-DBDE95B8E1E1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ADF8738-F57E-4A2D-9F91-DBDE95B8E1E1}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegGenie v3.0 - Step 2 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegGenie v3.0 - Step 2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7AE11B3-105C-4C2F-81E8-AED923A2B96E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7AE11B3-105C-4C2F-81E8-AED923A2B96E}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegGenie Scheduler => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegGenie Scheduler' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9FBD075-8E88-4866-8F6F-24F15316A93D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9FBD075-8E88-4866-8F6F-24F15316A93D}' => Key deleted successfully.
C:\Windows\System32\Tasks\RegGenie v3.0 - Step 1 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegGenie v3.0 - Step 1' => Key deleted successfully.

==== End of Fixlog ====
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby nunped » July 18th, 2014, 2:33 pm

Hi Puligan01,

As far as I can see, your logs are free from malware.
However, it's impossible to know for sure. The only way to be sure that your computer is clean reinstall your operating system, and I advise you to do that, if you can.

If you decide not to reformat, please proceed with the following steps to delete the tools we used:

Delfix - Delete Fix Processes Image
  1. Please download delfix by Xplode and save it to your desktop.
  2. Right-click on delfix.exe and select " Run as administrator " to run it.
    An application window opens with check box options... The "Remove disinfection tools" option is checked by default.
  3. =================Check ALL the boxes... then press Run.
  4. Check the following boxes... then press Run:
    • Activate UAC
    • Remove disinfection tools --> keep this checked
    • Create registry backup
    • Purge system restore
    • Reset system settings
When finished, Notepad will open DelFix.txt. The log will be located at the root of the system drive, C:\DelFix.txt.

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Key Logger?

Unread postby Puligan01 » July 20th, 2014, 2:07 pm

Hi Nunped......Going to run DelFix this evening....wanted to be sure I replied to this thread so I can keep it open just in case I have questions when finished....Thanks for EVERYTHING.....I'll check back later.
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm

Re: Key Logger?

Unread postby Puligan01 » July 20th, 2014, 2:12 pm

# DelFix v10.7 - Logfile created 20/07/2014 at 14:01:23
# Updated 27/04/2014 by Xplode
# Username : Ownert - OWNERT-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.0.0.40_13.07.2014_11.25.56_log.txt
Deleted : C:\Users\Ownert\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Ownert\Desktop\FRST64.exe
Deleted : C:\Users\Ownert\Desktop\tdsskiller.exe
Deleted : C:\Users\Ownert\Downloads\Addition.txt
Deleted : C:\Users\Ownert\Downloads\dds.scr
Deleted : C:\Users\Ownert\Downloads\FRST.txt

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #246 [Windows Update | 05/21/2014 15:43:01]
Deleted : RP #247 [Removed TurboTax 2009 wmdiper | 05/22/2014 21:16:16]
Deleted : RP #248 [Removed iSEEK AnswerWorks English Runtime | 05/22/2014 21:16:57]
Deleted : RP #249 [Removed TurboTax 2009 WinPerTaxSupport | 05/22/2014 21:17:38]
Deleted : RP #250 [Removed TurboTax 2009 WinPerFedFormset | 05/22/2014 21:18:41]
Deleted : RP #251 [Removed TurboTax 2009 WinPerReleaseEngine | 05/22/2014 21:19:29]
Deleted : RP #252 [Removed TurboTax 2009 wrapper | 05/22/2014 21:20:47]
Deleted : RP #253 [Scheduled Checkpoint | 05/29/2014 23:24:17]
Deleted : RP #254 [Windows Update | 05/30/2014 15:50:49]
Deleted : RP #255 [Windows Update | 06/03/2014 16:28:52]
Deleted : RP #256 [Removed Apple Application Support | 06/07/2014 00:23:00]
Deleted : RP #257 [Removed iTunes | 06/07/2014 00:53:31]
Deleted : RP #258 [Removed Apple Mobile Device Support | 06/07/2014 00:58:12]
Deleted : RP #259 [Removed Apple Software Update | 06/07/2014 00:59:12]
Deleted : RP #260 [Windows Update | 06/10/2014 15:43:25]
Deleted : RP #261 [Windows Update | 06/12/2014 07:00:41]
Deleted : RP #262 [Windows Update | 06/17/2014 15:52:04]
Deleted : RP #263 [Windows Update | 06/20/2014 21:39:47]
Deleted : RP #264 [Windows Update | 06/24/2014 12:30:37]
Deleted : RP #265 [Windows Update | 06/27/2014 19:45:17]
Deleted : RP #266 [Windows Update | 07/01/2014 15:47:33]
Deleted : RP #267 [Installed QuickTime 7 | 07/02/2014 22:38:30]
Deleted : RP #268 [Installed HiJackThis | 07/03/2014 19:26:40]
Deleted : RP #269 [Installed Java 7 Update 60 | 07/03/2014 22:01:28]
Deleted : RP #270 [Installed MSXML 4.0 SP3 Parser | 07/04/2014 03:21:14]
Deleted : RP #271 [Removed HiJackThis | 07/04/2014 12:59:22]
Deleted : RP #272 [Windows Update | 07/05/2014 07:00:19]
Deleted : RP #273 [Windows Update | 07/09/2014 04:29:34]
Deleted : RP #274 [Windows Update | 07/09/2014 09:35:50]
Deleted : RP #275 [Installed ArcSoft TotalMedia Theatre 6 | 07/10/2014 04:37:26]
Deleted : RP #276 [Removed ArcSoft TotalMedia Theatre 6 | 07/10/2014 04:59:57]
Deleted : RP #277 [Removed ArcSoft TotalMedia Theatre 6 | 07/10/2014 05:09:59]
Deleted : RP #278 [Garmin Express | 07/12/2014 19:32:09]
Deleted : RP #279 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 07/12/2014 19:32:58]
Deleted : RP #280 [Garmin Express | 07/12/2014 19:35:11]
Deleted : RP #281 [Windows Update | 07/15/2014 16:47:33]
Deleted : RP #282 [avast! antivirus system restore point | 07/16/2014 09:49:48]
Deleted : RP #283 [Windows Update | 07/18/2014 23:24:36]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
Puligan01
Active Member
 
Posts: 10
Joined: July 12th, 2014, 3:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware