[RESOLVED] Freshy Services / Tightrope

Hi,

Followed instructions and posted files requested.

Thanks in advance for your time and your help!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2014
Scan Time: 8:48:32 PM
Logfile: mbam scan 11-12-14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.13.01
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337145
Time Elapsed: 24 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 4
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmservice.exe, 2144, Delete-on-Reboot, [a89d46f52a5261d56be7ccfa58a88f71]
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, 4116, Delete-on-Reboot, [fb4af04b9ae24de91c363a8c22de758b]
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, 4496, Delete-on-Reboot, [72d3a09b6f0d54e2f45e20a635cb2fd1]
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, 6068, Delete-on-Reboot, [49fc47f4ed8f81b5b1a1e7dfed137e82]

Modules: 1
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\firefox\pmnx.dll, Delete-on-Reboot, [1f26122994e8b08659f9d5f133cddc24],

Registry Keys: 10
PUP.Optional.SweetIM.A, HKU\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, No Action By User, [fd48cb70413b66d043b9d4e7b74baa56],
PUP.Optional.SearchYah.A, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc, No Action By User, [133257e479036acca202203ed23134cc],
PUP.Optional.SearchYah.A, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc.1, No Action By User, [67ded6654d2f023460441a448f7446ba],
PUP.Optional.FunMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj, No Action By User, [093c86b5bfbd95a10efaf17336ced62a],
PUP.Optional.SearchYah.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.searchyaESrvc, No Action By User, [232263d857250e2871335608fe05946c],
PUP.Optional.SearchYah.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.searchyaESrvc.1, No Action By User, [a79e43f8c4b8f640b2f2b4aa7a89e818],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [90b53803304ce254ce8f9305917338c8],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [87be3b00df9de84efd27067e05ffe31d],
Adware.PremierOpinion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PremierOpinion, Quarantined, [a89d46f52a5261d56be7ccfa58a88f71],
Adware.PremierOpinion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}, Quarantined, [fb4af04b9ae24de91c363a8c22de758b],

Registry Values: 2
PUP.Optional.OpinionSquare.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}, C:\Program Files (x86)\PremierOpinion\firefox, No Action By User, [f154ef4ceb910f27c36ece8440c31ce4]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0D1L2S2X1M1M0O1J1O2R1N, No Action By User, [87be3b00df9de84efd27067e05ffe31d]

Registry Data: 0
(No malicious items detected)

Folders: 39
PUP.Optional.Updater.A, C:\Users\Kathy\AppData\Roaming\DSite\UpdateProc, No Action By User, [87bedb6095e770c67720a37cb84b4ab6],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion, Delete-on-Reboot, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\components, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox, Delete-on-Reboot, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\defaults, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\defaults\preferences, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\addon, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\dom, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\lang, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\net, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\platform, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\preferences, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\window, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\toolkit, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\data, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion, Quarantined, [80c5de5df28ac670a25d7981758d36ca],

Files: 127
PUP.Optional.InstallCore, C:\Users\Kathy\Downloads\PDFReaderSetup.exe, No Action By User, [9aab47f49ae2aa8c7413c4613fc2ce32],
PUP.Optional.GoForFiles.A, C:\Users\Kathy\Downloads\Van_Halen-Ice_Cream_Man_mp3_downloader_us_98975(1).exe, No Action By User, [87be90abf28ae551200473c179888080],
PUP.Optional.GoForFiles.A, C:\Users\Kathy\Downloads\Van_Halen-Ice_Cream_Man_mp3_downloader_us_98975.exe, No Action By User, [49fc3cff265683b33de77eb6be4353ad],
PUP.Optional.Updater.A, C:\Users\Kathy\AppData\Roaming\DSite\UpdateProc\prod.dat, No Action By User, [87bedb6095e770c67720a37cb84b4ab6],
PUP.Optional.CrossRider.A, C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "13ce5789f07ff858c89bd171bdf6bd1c");), No Action By User,[a5a096a5324a79bd88bd5b21a65f6898]
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmservice.exe, Delete-on-Reboot, [a89d46f52a5261d56be7ccfa58a88f71],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn.exe, Delete-on-Reboot, [fb4af04b9ae24de91c363a8c22de758b],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn32.exe, Delete-on-Reboot, [72d3a09b6f0d54e2f45e20a635cb2fd1],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmropn64.exe, Delete-on-Reboot, [49fc47f4ed8f81b5b1a1e7dfed137e82],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\firefox\pmnx.dll, Delete-on-Reboot, [1f26122994e8b08659f9d5f133cddc24],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmls.dll, Quarantined, [a89d1724e993ea4c99b9e7dfbc44ab55],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmls64.dll, Quarantined, [6bdaae8d8bf1181edc76c8fe06faae52],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmph.dll, Quarantined, [63e20338215bb3838cc60bbb966ae31d],
Adware.PremierOpinion, C:\Program Files (x86)\PremierOpinion\pmxf.dll, Quarantined, [71d44bf086f667cfd87aa91da0607e82],
Adware.PremierOpinion, C:\Windows\System32\pmls64.dll, Delete-on-Reboot, [77ce5dde4c3066d022302c9af10f748c],
Adware.PremierOpinion, C:\Windows\SysWOW64\pmls.dll, Delete-on-Reboot, [b39272c9b3c9082e5200a71f986821df],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\chrome.manifest, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\install.rdf, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\nscf.dat, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\pmcm.crx, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\pmcm.txt, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\pmoci.bin, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\readme.txt, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\components\pmxg.dll, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\bootstrap.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\harness-options.json, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\install.rdf, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\locales.json, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\defaults\preferences\prefs.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\chrome.manifest, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\base64.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\self.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\timers.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\url.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\addon\runner.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\console\traceback.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\loader.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\content\worker.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\heritage.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\namespace.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\core\promise.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\dom\events.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event\core.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\event\target.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\data.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\file.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\core.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\html.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\lang\functional.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\net\url.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\preferences\service.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\environment.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\events.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\globals.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\runtime.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\unload.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\common.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\events.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\array.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\list.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\object.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\registry.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\util\uuid.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\browser.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\namespace.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\window\utils.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\dom.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\loader.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\observer.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\addon-sdk\lib\toolkit\loader.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\data\content.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\dompilot.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\dputil.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Trojan.Agent, C:\Program Files (x86)\PremierOpinion\firefox\resources\dpjs\lib\main.js, Quarantined, [a2a30b3065171e183d87c82f758d936d],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk, Quarantined, [80c5de5df28ac670a25d7981758d36ca],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Member of GRID - Goodware Repository Information Database.lnk, Quarantined, [80c5de5df28ac670a25d7981758d36ca],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk, Quarantined, [80c5de5df28ac670a25d7981758d36ca],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Support.lnk, Quarantined, [80c5de5df28ac670a25d7981758d36ca],
Adware.PremierOpinion, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk, Quarantined, [80c5de5df28ac670a25d7981758d36ca],

Physical Sectors: 0
(No malicious items detected)


(end)

and then

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2012 6:44:31 PM
System Uptime: 11/12/2014 9:16:47 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 213.222 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.314 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 10/18/2014 9:25:03 PM - Installed Java 7 Update 71
RP221: 10/28/2014 9:34:35 PM - Scheduled Checkpoint
RP222: 11/2/2014 7:00:04 PM - Windows Backup
RP223: 11/11/2014 9:38:30 PM - Restore Operation
RP224: 11/11/2014 10:15:22 PM - Windows Update
RP225: 11/11/2014 10:58:21 PM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Digital Editions 2.0
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS K5 Series ScreenSaver
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
AsusVibe2.0
ATK Package
Bonjour
Contrôle ActiveX Windows Live Mesh pour connexions Ã* distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
ETDWare PS/2-X64 10.5.9.0
Fast Boot
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
GalerÃ*a fotográfica de Windows Live
HL-2270DW
iCloud
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 71
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
OpenOffice 4.1.0
OverDrive Media Console
PDF Reader
PDF Reader Packages
PDF Reader Packages 36
Qualcomm Atheros WiFi Driver Installation
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SceneSwitch
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Spybot - Search & Destroy
swMSM
Update for PDF Reader
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 6:26:49 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.104 with the system having network hardware address 78-1F-DB-9E-07-F6. Network operations on this system may be disrupted as a result.
11/11/2014 9:47:23 PM, Error: Service Control Manager [7034] - The McAfee Application Installer Cleanup (0068001354159123) service terminated unexpectedly. It has done this 1 time(s).
11/11/2014 9:21:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/11/2014 9:21:24 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2014 11:17:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kathy-PC\Kathy SID (S-1-5-21-61633527-4084290942-2707624099-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

and last but not least:

.
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2012 6:44:31 PM
System Uptime: 11/12/2014 9:16:47 PM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 213.222 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.314 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 10/18/2014 9:25:03 PM - Installed Java 7 Update 71
RP221: 10/28/2014 9:34:35 PM - Scheduled Checkpoint
RP222: 11/2/2014 7:00:04 PM - Windows Backup
RP223: 11/11/2014 9:38:30 PM - Restore Operation
RP224: 11/11/2014 10:15:22 PM - Windows Update
RP225: 11/11/2014 10:58:21 PM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Digital Editions 2.0
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS K5 Series ScreenSaver
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
AsusVibe2.0
ATK Package
Bonjour
Contrôle ActiveX Windows Live Mesh pour connexions Ã* distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
ETDWare PS/2-X64 10.5.9.0
Fast Boot
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
GalerÃ*a fotográfica de Windows Live
HL-2270DW
iCloud
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 71
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
OpenOffice 4.1.0
OverDrive Media Console
PDF Reader
PDF Reader Packages
PDF Reader Packages 36
Qualcomm Atheros WiFi Driver Installation
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SceneSwitch
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Spybot - Search & Destroy
swMSM
Update for PDF Reader
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 6:26:49 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.104 with the system having network hardware address 78-1F-DB-9E-07-F6. Network operations on this system may be disrupted as a result.
11/11/2014 9:47:23 PM, Error: Service Control Manager [7034] - The McAfee Application Installer Cleanup (0068001354159123) service terminated unexpectedly. It has done this 1 time(s).
11/11/2014 9:21:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/11/2014 9:21:24 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2014 11:17:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kathy-PC\Kathy SID (S-1-5-21-61633527-4084290942-2707624099-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

http://dev.discussions.virtualdr.forums.relay.cool/ You posted Attach.txt log from DDS twice. I still need DDS.txt log.

http://dev.discussions.virtualdr.forums.relay.cool/ Some MBAM findings are marked as "No Action By User".
Re-run MBAM, fix ALL issues and post new log.

Will do. I had quite the time trying to get them posted with it acting up so much. I will run MBAM again and ask about how to fix the issues if I have any questions.
Thanks! :)

Here is the dds.txt log that I ran yesterday, do I need to do these again after running mbam?
Also, do I delete everything that mbam found in quarantine? How about in the application logs?
Thanks again :)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.71.2
Run by Kathy at 21:27:16 on 2014-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6030.3645 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [NWEReboot] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} : DHCPNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8}\140707C65602E4564777F627B602461656032346 : DHCPNameServer = 172.16.1.1
TCP: Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} : DHCPNameServer = 10.40.47.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo:
FF - prefs.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=&q=
FF - user.js: extensions.searchya.id - 446D5781C6C547FD
FF - user.js: extensions.searchya.instlDay - 15752
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.019:2:10
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - dnldyho
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - dnldyho
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 568363320
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F
.
.
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: plugin.state.nptnt - 2
FF - user.js: plugin.state.nptnt - 2
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: browser.search.defaultenginename - Yahoo:
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - hxxp://services.freshy.com/general/newhometab.php?hometab=tab&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-24 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-24 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-24 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-12 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-12 968504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-11-11 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-11-11 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-11-11 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-24 363800]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-7 16512]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-6 245760]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-11 200488]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-11 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 787736]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-12 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-12 63704]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-5-24 292968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-24 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 0068001354159123mcinstcleanup;McAfee Application Installer Cleanup (0068001354159123);C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog --> C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-17 1255736]
S4 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-24 17152]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-13 02:16:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\offreg.dll
2014-11-13 01:47:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-13 01:46:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-13 01:46:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-13 01:46:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 16:12:57 -------- d-----w- C:\Users\Kathy\AppData\Roaming\ParetoLogic
2014-11-12 16:12:43 -------- d-----w- C:\ProgramData\ParetoLogic
2014-11-12 04:26:19 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\mpengine.dll
2014-11-12 03:59:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-12 03:59:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-12 03:56:59 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-12 03:55:36 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 03:55:36 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 03:53:39 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 03:53:39 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 03:53:20 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 03:48:04 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 03:48:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-12 03:14:22 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-11-12 03:14:22 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-11-12 03:14:22 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-11-12 03:14:22 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-11-12 03:14:22 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-11-12 03:14:22 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-11-12 03:13:43 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-11-12 03:13:34 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-11-12 03:13:32 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-11-12 03:13:23 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-11-12 03:13:22 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-11-12 03:11:38 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-11-12 03:11:36 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-11 14:21:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-11 14:20:39 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-11-11 14:20:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-25 14:10:17 -------- d-----w- C:\Program Files\iPod
2014-10-25 14:10:16 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 14:10:16 -------- d-----w- C:\Program Files\iTunes
2014-10-25 14:10:16 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 01:26:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-11-13 02:18:20 380 ----a-w- C:\Users\Kathy\AppData\Roaming\sp_data.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 21:28:09.15 ===============

Quote:

---

http://dev.discussions.virtualdr.forums.relay.cool/ Some MBAM findings are marked as "No Action By User".
Re-run MBAM, fix ALL issues and post new log.

---

...

Okay, hopefully I have done this correctly this time ;)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/14/2014
Scan Time: 11:07:44 AM
Logfile: Text Log 11-14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.14.06
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337049
Time Elapsed: 20 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

and:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.71.2
Run by Kathy at 15:48:47 on 2014-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6030.3374 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Elantech\ETDGesture.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [NWEReboot] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8}\140707C65602E4564777F627B602461656032346 : DHCPNameServer = 172.16.1.1
TCP: Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8}\34C61637379636 : DHCPNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} : DHCPNameServer = 10.40.47.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo:
FF - prefs.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=&q=
FF - user.js: extensions.searchya.id - 446D5781C6C547FD
FF - user.js: extensions.searchya.instlDay - 15752
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.019:2:10
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - dnldyho
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - dnldyho
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 568363320
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F
.
.
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: plugin.state.nptnt - 2
FF - user.js: plugin.state.nptnt - 2
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: browser.search.defaultenginename - Yahoo:
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - hxxp://services.freshy.com/general/newhometab.php?hometab=tab&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-5-24 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-4-13 277120]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-24 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-24 161560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-12 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-12 968504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-11-11 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-11-11 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-11-11 171928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-24 363800]
R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-7 16512]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-6 245760]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-11 200488]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-11 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 787736]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-12 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-12 63704]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\drivers\RtsBaStor.sys [2012-5-24 292968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-24 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 0068001354159123mcinstcleanup;McAfee Application Installer Cleanup (0068001354159123);C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog --> C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-17 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-17 1255736]
S4 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-5-24 17152]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-13 02:54:24 129752 ----a-w- C:\Windows\System32\drivers\0C1B72E7.sys
2014-11-13 02:16:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\offreg.dll
2014-11-13 01:47:26 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-13 01:46:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-13 01:46:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-13 01:46:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 16:12:57 -------- d-----w- C:\Users\Kathy\AppData\Roaming\ParetoLogic
2014-11-12 16:12:43 -------- d-----w- C:\ProgramData\ParetoLogic
2014-11-12 04:26:19 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\mpengine.dll
2014-11-12 03:59:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-12 03:59:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-12 03:56:59 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-12 03:55:36 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 03:55:36 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 03:53:39 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-12 03:53:39 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 03:53:20 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 03:48:04 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-12 03:48:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-12 03:14:22 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-11-12 03:14:22 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-11-12 03:14:22 235520 ----a-w- C:\Windows\System32\winsta.dll
2014-11-12 03:14:22 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-11-12 03:14:22 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-11-12 03:14:22 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-11-12 03:13:43 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-11-12 03:13:34 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-11-12 03:13:32 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-11-12 03:13:23 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-11-12 03:13:22 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-11-12 03:11:38 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-11-12 03:11:36 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-11 14:21:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-11 14:20:39 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-11-11 14:20:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-25 14:10:17 -------- d-----w- C:\Program Files\iPod
2014-10-25 14:10:16 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 14:10:16 -------- d-----w- C:\Program Files\iTunes
2014-10-25 14:10:16 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 01:26:37 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-11-14 13:54:15 380 ----a-w- C:\Users\Kathy\AppData\Roaming\sp_data.sys
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 06:43:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2014-08-21 06:40:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-08-21 06:26:21 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-08-21 06:23:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 15:49:40.34 ===============

and now:

.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2012 6:44:31 PM
System Uptime: 11/14/2014 6:36:14 AM (9 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K55A
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 211.329 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.314 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 10/18/2014 9:25:03 PM - Installed Java 7 Update 71
RP221: 10/28/2014 9:34:35 PM - Scheduled Checkpoint
RP222: 11/2/2014 7:00:04 PM - Windows Backup
RP223: 11/11/2014 9:38:30 PM - Restore Operation
RP224: 11/11/2014 10:15:22 PM - Windows Update
RP225: 11/11/2014 10:58:21 PM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Digital Editions 2.0
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FaceLogon
ASUS K5 Series ScreenSaver
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS Virtual Touch
ASUS WebStorage
AsusVibe2.0
ATK Package
Bonjour
Contrôle ActiveX Windows Live Mesh pour connexions Ã* distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
ETDWare PS/2-X64 10.5.9.0
Fast Boot
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
GalerÃ*a fotográfica de Windows Live
HL-2270DW
iCloud
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 71
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2013
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
OpenOffice 4.1.0
OverDrive Media Console
PDF Reader
PDF Reader Packages
PDF Reader Packages 36
Qualcomm Atheros WiFi Driver Installation
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SceneSwitch
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Spybot - Search & Destroy
swMSM
Update for PDF Reader
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 6:26:49 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.104 with the system having network hardware address 78-1F-DB-9E-07-F6. Network operations on this system may be disrupted as a result.
11/11/2014 9:47:23 PM, Error: Service Control Manager [7034] - The McAfee Application Installer Cleanup (0068001354159123) service terminated unexpectedly. It has done this 1 time(s).
11/11/2014 9:21:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/11/2014 9:21:24 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2014 11:17:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Kathy-PC\Kathy SID (S-1-5-21-61633527-4084290942-2707624099-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
Thanks! :)

http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

http://dev.discussions.virtualdr.forums.relay.cool/ Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download https://discussions.virtualdr.com/im.../2015/03/5.png Malwarebytes Anti-Rootkit to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  
  
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"
  
  

Hi Again

Not sure if the report under each tab of the scan is different or not. Let me know please. Thanks again! :)

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kathy [Administrator]
Mode : Delete -- Date : 11/16/2014 07:20:16

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0068001354159123mcinstcleanup (C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0068001354159123mcinstcleanup (C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0068001354159123mcinstcleanup (C:\Users\Kathy\AppData\Local\Temp\006800~1.EXE -cleanup -nolog) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} | DhcpNameServer : 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : 10.40.47.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} | DhcpNameServer : 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : 10.40.47.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : 10.40.47.1 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\4694 -- wscript.exe (C:\Users\Kathy\AppData\Local\Temp\launchie.vbs //B) -> ERROR [0]
[Suspicious.Path] \\Searchya -- C:\Users\Kathy\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] rsrsrm2w.default : user_pref("browser.startup.homepage", "http://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i="); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 3ab187af51244b8bdfe7579e7a6a17a3
[BSP] 742e9e8b59aa945a00b791c81a09f483 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11162014_071319.log - RKreport_DEL_11162014_071937.log - RKreport_DEL_11162014_072001.log

Please disregard above scan.

See this one.

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kathy [Administrator]
Mode : Delete -- Date : 11/16/2014 07:57:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0068001354159123mcinstcleanup -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0068001354159123mcinstcleanup -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0068001354159123mcinstcleanup -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> ERROR [0]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> ERROR [2]
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-61633527-4084290942-2707624099-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} | DhcpNameServer : [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37718098-9F8D-4873-8604-2F510CF089D8} | DhcpNameServer : [UNITED STATES (US)][UNITED STATES (US)][UNITED STATES (US)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C933AF2F-A6BB-4C6D-BE57-0767DE394CD0} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\4694 -- wscript.exe (C:\Users\Kathy\AppData\Local\Temp\launchie.vbs //B) -> ERROR [0]
[Suspicious.Path] \\Searchya -- C:\Users\Kathy\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 8 ¤¤¤
[FIREFX:Addon] rsrsrm2w.default : Custom New Tab [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : Google Docs Viewer (PDF, DOCX, PPTX, XLSX, etc...) [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : [[email protected]] -> Deleted
[FIREFX:Addon] rsrsrm2w.default : [[email protected]] -> Deleted
[PUM.HomePage][FIREFX:Config] rsrsrm2w.default : user_pref("browser.startup.homepage", "http://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i="); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 3ab187af51244b8bdfe7579e7a6a17a3
[BSP] 742e9e8b59aa945a00b791c81a09f483 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11162014_071319.log - RKreport_DEL_11162014_071937.log - RKreport_DEL_11162014_072001.log - RKreport_DEL_11162014_072016.log
RKreport_DEL_11162014_075646.log - RKreport_DEL_11162014_075703.log - RKreport_DEL_11162014_075717.log - RKreport_DEL_11162014_075726.log
RKreport_DEL_11162014_075741.log

:confused:
So I downloaded, Malwarebytes Anti-Rootkit but I'm having difficulties. I can only get to the after the update, I click next for scan and 3 targets are selected to scan. However, when I click scan I get an Error that pops up saying This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. I'm stuck. Also, I am running this as admin.
Thanks again

Open Task Manager and kill MBAM service from there.

Yep! That worked :D

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org

Database version: v2014.11.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Kathy :: KATHY-PC [administrator]

11/16/2014 5:04:07 PM
mbar-log-2014-11-16 (17-04-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337768
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

and now system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6322823168, free: 2260373504

Downloaded database version: v2014.11.16.02
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6322823168, free: 2273824768

Downloaded database version: v2014.11.16.02
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6322823168, free: 2344235008

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6322823168, free: 2291073024

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6322823168, free: 2537877504

=======================================
Initializing...
------------ Kernel report ------------
11/16/2014 17:03:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\wgtuf.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AsusVBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\AsusVTouch.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800829c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005dbd050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800829c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ebc8e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800829c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005858520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005dbd050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 2902CC6D

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 58552661
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 91b5a850-8718-4d8c-aa48-4da569e5beae
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 0
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 91b5a850-8718-4d8c-aa48-4da569e5beae
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID cc17e3d7-fb34-45f0-ad3-8ecea7e2ebfd
FirstLBA 2048 Last LBA 411647
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID eaafcda5-635f-4ed2-9843-97d69365ca0
FirstLBA 411648 Last LBA 673791
Attributes 0
Partition Name Microsoft reserved partition

Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 69a8fcb-c6b0-4132-b647-3facee23be88
FirstLBA 673792 Last LBA 586733567
Attributes 0
Partition Name Basic data partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5be3095a-4edf-4f4d-955b-ec67ab2442f
FirstLBA 586733568 Last LBA 1413949439
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 953e9d96-8916-4f33-8137-8bc9999a2220
FirstLBA 1413949440 Last LBA 1465147618
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Thanks again :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Are we there yet? :D
Thank you :)

ComboFix 14-11-15.01 - Kathy 11/16/2014 18:19:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6030.4177 [GMT -5:00]
Running from: C:\Users\Kathy\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2014-10-16 to 2014-11-16 )))))))))))))))))))))))))))))))


2014-11-16 23:28:17 . 2014-11-16 23:28:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-16 22:03:52 . 2014-11-16 22:24:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-16 13:01:40 . 2014-11-16 13:01:40 -------- d-----w- C:\Users\Kathy\AppData\Local\CrashDumps
2014-11-16 11:59:44 . 2014-11-16 13:08:13 34808 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2014-11-16 11:59:37 . 2014-11-16 11:59:42 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-14 20:52:51 . 2014-11-14 20:52:51 129752 ----a-w- C:\Windows\system32\drivers\40EF7A73.sys
2014-11-13 02:54:24 . 2014-11-13 03:16:46 129752 ----a-w- C:\Windows\system32\drivers\0C1B72E7.sys
2014-11-13 01:47:26 . 2014-11-16 22:28:36 129752 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-11-13 01:46:51 . 2014-11-16 22:03:43 96472 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-11-13 01:46:51 . 2014-11-13 01:46:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-13 01:46:51 . 2014-10-01 16:11:26 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-11-12 16:12:57 . 2014-11-12 16:12:57 -------- d-----w- C:\Users\Kathy\AppData\Roaming\ParetoLogic
2014-11-12 16:12:43 . 2014-11-12 23:28:57 -------- d-----w- C:\ProgramData\ParetoLogic
2014-11-12 04:26:19 . 2014-10-20 07:37:10 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\mpengine.dll
2014-11-12 03:59:40 . 2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
2014-11-12 03:59:40 . 2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-12 03:56:59 . 2014-09-19 09:42:52 210944 ----a-w- C:\Windows\system32\wdigest.dll
2014-11-12 03:55:36 . 2014-10-25 01:57:59 77824 ----a-w- C:\Windows\system32\packager.dll
2014-11-12 03:55:36 . 2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 03:53:39 . 2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\system32\msi.dll
2014-11-12 03:53:39 . 2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 03:53:20 . 2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\system32\win32k.sys
2014-11-12 03:48:04 . 2014-10-18 02:05:23 861696 ----a-w- C:\Windows\system32\oleaut32.dll
2014-11-12 03:48:04 . 2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:58 235520 ----a-w- C:\Windows\system32\winsta.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:39 150528 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:24 455168 ----a-w- C:\Windows\system32\winlogon.exe
2014-11-12 03:14:22 . 2014-07-17 01:40:03 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-11-12 03:14:22 . 2014-07-17 01:21:54 212480 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2014-11-12 03:14:22 . 2014-07-17 01:21:27 39936 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys
2014-11-12 03:13:43 . 2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\system32\rdpcorets.dll
2014-11-12 03:13:34 . 2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-11-12 03:13:32 . 2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-11-12 03:13:23 . 2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-11-12 03:13:22 . 2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-11-12 03:11:38 . 2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\system32\mstscax.dll
2014-11-12 03:11:36 . 2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-11 14:21:45 . 2014-11-16 23:16:59 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-11 14:20:39 . 2009-01-25 18:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
2014-11-11 14:20:31 . 2014-11-12 02:56:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-25 14:14:28 . 2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:23 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-25 14:14:07 . 2014-10-25 14:14:22 -------- d-----w- C:\Program Files (x86)\QuickTime
2014-10-25 14:10:17 . 2014-10-25 14:10:17 -------- d-----w- C:\Program Files\iPod
2014-10-25 14:10:16 . 2014-10-25 14:10:55 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 14:10:16 . 2014-10-25 14:10:55 -------- d-----w- C:\Program Files\iTunes
2014-10-25 14:10:16 . 2014-10-25 14:10:54 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 01:27:06 . 2014-10-19 01:27:06 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-10-19 01:26:37 . 2014-10-19 01:26:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-19 01:26:24 . 2014-10-19 01:26:24 -------- d-----w- C:\Program Files (x86)\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-11-16 22:28:16 . 2013-12-29 13:41:08 380 ----a-w- C:\Users\Kathy\AppData\Roaming\sp_data.sys
2014-11-04 19:30:58 . 2012-11-29 03:42:15 275080 ------w- C:\Windows\system32\MpSigStub.exe
2014-10-03 15:02:32 . 2012-11-17 19:13:21 103265616 ----a-w- C:\Windows\system32\MRT.exe
2014-10-02 18:23:20 . 2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 . 2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:12 . 2013-02-17 13:23:19 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-09-07 16:04:22 . 2011-03-29 02:36:46 23256 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07:00 . 2014-09-07 16:16:52 404480 ----a-w- C:\Windows\system32\gdi32.dll
2014-08-23 01:45:55 . 2014-09-07 16:16:52 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:18 1475584]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 04:39:08 43816]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 22:20:40 43816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 07:46:03 3331312]
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 09:43:58 737104]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 16:12:52 291608]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 23:33:32 2321072]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 20:54:28 322208]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 18:59:04 174752]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 15:29:42 105016]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 16:52:27 356128]
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 18:42:44 2621440]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 19:08:28 946352]
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 19:49:04 102568]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 09:42:34 157480]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2014-10-02 18:23:12 421888]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 15:59:00 3830224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys;C:\Windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys;C:\Windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys;C:\Windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe;C:\Windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys;C:\Windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys;C:\Windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe;C:\Program Files (x86)\Browny02\BrYNSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys;C:\Windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]


Contents of the 'Scheduled Tasks' folder

2014-11-16 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41:18 . 2011-11-25 20:41:18]

2014-11-14 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41:18 . 2011-11-25 20:41:18]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-02-22 07:18:22 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-02-22 07:18:00 398616]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo:
FF - prefs.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=&q=
FF - user.js: extensions.searchya.id - 446D5781C6C547FD
FF - user.js: extensions.searchya.instlDay - 15752
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.019:2:10
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - dnldyho
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - dnldyho
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 568363320
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: plugin.state.nptnt - 2
FF - user.js: plugin.state.nptnt - 2
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: browser.search.defaultenginename - Yahoo:
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - hxxp://services.freshy.com/general/newhometab.php?hometab=tab&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.newtab.url -

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{76D417B9-99A5-49DE-B6D6-B9B90F850AE9} - (no file)
HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe
AddRemove-DSite - C:\Users\Kathy\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-PDF Reader - C:\PROGRA~2\PDFREA~1\Uninstall\Uninstall.exe

The log is incomplete.
Please post entire log.

I checked it, and it looks like everything. I've pasted it again, let me know if I need to run it again maybe? I won't do anything until you let me know.

ComboFix 14-11-15.01 - Kathy 11/16/2014 18:19:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6030.4177 [GMT -5:00]
Running from: C:\Users\Kathy\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2014-10-16 to 2014-11-16 )))))))))))))))))))))))))))))))


2014-11-16 23:28:17 . 2014-11-16 23:28:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-16 22:03:52 . 2014-11-16 22:24:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-16 13:01:40 . 2014-11-16 13:01:40 -------- d-----w- C:\Users\Kathy\AppData\Local\CrashDumps
2014-11-16 11:59:44 . 2014-11-16 13:08:13 34808 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2014-11-16 11:59:37 . 2014-11-16 11:59:42 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-14 20:52:51 . 2014-11-14 20:52:51 129752 ----a-w- C:\Windows\system32\drivers\40EF7A73.sys
2014-11-13 02:54:24 . 2014-11-13 03:16:46 129752 ----a-w- C:\Windows\system32\drivers\0C1B72E7.sys
2014-11-13 01:47:26 . 2014-11-16 22:28:36 129752 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-11-13 01:46:51 . 2014-11-16 22:03:43 96472 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-11-13 01:46:51 . 2014-11-13 01:46:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-13 01:46:51 . 2014-10-01 16:11:26 63704 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-11-12 16:12:57 . 2014-11-12 16:12:57 -------- d-----w- C:\Users\Kathy\AppData\Roaming\ParetoLogic
2014-11-12 16:12:43 . 2014-11-12 23:28:57 -------- d-----w- C:\ProgramData\ParetoLogic
2014-11-12 04:26:19 . 2014-10-20 07:37:10 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9122DE44-C019-4295-BD26-4E94D5C4EAA4}\mpengine.dll
2014-11-12 03:59:40 . 2014-06-27 02:08:12 2777088 ----a-w- C:\Windows\system32\msmpeg2vdec.dll
2014-11-12 03:59:40 . 2014-06-27 01:45:52 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-12 03:56:59 . 2014-09-19 09:42:52 210944 ----a-w- C:\Windows\system32\wdigest.dll
2014-11-12 03:55:36 . 2014-10-25 01:57:59 77824 ----a-w- C:\Windows\system32\packager.dll
2014-11-12 03:55:36 . 2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 03:53:39 . 2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\system32\msi.dll
2014-11-12 03:53:39 . 2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-12 03:53:20 . 2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\system32\win32k.sys
2014-11-12 03:48:04 . 2014-10-18 02:05:23 861696 ----a-w- C:\Windows\system32\oleaut32.dll
2014-11-12 03:48:04 . 2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:58 235520 ----a-w- C:\Windows\system32\winsta.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:39 150528 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2014-11-12 03:14:22 . 2014-07-17 02:07:24 455168 ----a-w- C:\Windows\system32\winlogon.exe
2014-11-12 03:14:22 . 2014-07-17 01:40:03 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2014-11-12 03:14:22 . 2014-07-17 01:21:54 212480 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2014-11-12 03:14:22 . 2014-07-17 01:21:27 39936 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys
2014-11-12 03:13:43 . 2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\system32\rdpcorets.dll
2014-11-12 03:13:34 . 2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\system32\TSWorkspace.dll
2014-11-12 03:13:32 . 2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-11-12 03:13:23 . 2014-06-24 03:29:36 2565120 ----a-w- C:\Windows\system32\d3d10warp.dll
2014-11-12 03:13:22 . 2014-06-24 02:59:49 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-11-12 03:11:38 . 2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\system32\mstscax.dll
2014-11-12 03:11:36 . 2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-11 14:21:45 . 2014-11-16 23:16:59 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-11-11 14:20:39 . 2009-01-25 18:14:02 17272 ----a-w- C:\Windows\system32\sdnclean64.exe
2014-11-11 14:20:31 . 2014-11-12 02:56:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-25 14:14:28 . 2014-10-25 14:14:28 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:25 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-25 14:14:28 . 2014-10-25 14:14:23 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-25 14:14:07 . 2014-10-25 14:14:22 -------- d-----w- C:\Program Files (x86)\QuickTime
2014-10-25 14:10:17 . 2014-10-25 14:10:17 -------- d-----w- C:\Program Files\iPod
2014-10-25 14:10:16 . 2014-10-25 14:10:55 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 14:10:16 . 2014-10-25 14:10:55 -------- d-----w- C:\Program Files\iTunes
2014-10-25 14:10:16 . 2014-10-25 14:10:54 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-19 01:27:06 . 2014-10-19 01:27:06 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-10-19 01:26:37 . 2014-10-19 01:26:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-19 01:26:24 . 2014-10-19 01:26:24 -------- d-----w- C:\Program Files (x86)\Java
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-11-16 22:28:16 . 2013-12-29 13:41:08 380 ----a-w- C:\Users\Kathy\AppData\Roaming\sp_data.sys
2014-11-04 19:30:58 . 2012-11-29 03:42:15 275080 ------w- C:\Windows\system32\MpSigStub.exe
2014-10-03 15:02:32 . 2012-11-17 19:13:21 103265616 ----a-w- C:\Windows\system32\MRT.exe
2014-10-02 18:23:20 . 2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2014-10-02 18:23:20 . 2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2014-10-01 16:11:12 . 2013-02-17 13:23:19 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-09-07 16:04:22 . 2011-03-29 02:36:46 23256 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07:00 . 2014-09-07 16:16:52 404480 ----a-w- C:\Windows\system32\gdi32.dll
2014-08-23 01:45:55 . 2014-09-07 16:16:52 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:18 1475584]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 04:39:08 43816]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 22:20:40 43816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 07:46:03 3331312]
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 09:43:58 737104]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 16:12:52 291608]
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 23:33:32 2321072]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 20:54:28 322208]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 18:59:04 174752]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 15:29:42 105016]
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 16:52:27 356128]
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 18:42:44 2621440]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 19:08:28 946352]
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 19:49:04 102568]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 09:42:34 157480]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2014-10-02 18:23:12 421888]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 15:59:00 3830224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys;C:\Windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys;C:\Windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys;C:\Windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;C:\Windows\system32\DRIVERS\kltdi.sys;C:\Windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;C:\Windows\system32\DRIVERS\kneps.sys;C:\Windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe;C:\Windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe;C:\Program Files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AsusVBus;AsusVBus;C:\Windows\system32\DRIVERS\AsusVBus.sys;C:\Windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;C:\Windows\system32\DRIVERS\AsusVTouch.sys;C:\Windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe;C:\Program Files (x86)\Browny02\BrYNSvc.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys;C:\Windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\system32\DRIVERS\klkbdflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys;C:\Windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys;C:\Windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]


Contents of the 'Scheduled Tasks' folder

2014-11-16 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41:18 . 2011-11-25 20:41:18]

2014-11-14 C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41:18 . 2011-11-25 20:41:18]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09:22 227840 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-02-22 07:18:22 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-02-22 07:18:00 398616]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo:
FF - prefs.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=568363320&ir=&q=
FF - user.js: extensions.searchya.id - 446D5781C6C547FD
FF - user.js: extensions.searchya.instlDay - 15752
FF - user.js: extensions.searchya.vrsn - 1.8.8.0
FF - user.js: extensions.searchya.vrsni - 1.8.8.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.019:2:10
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - dnldyho
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - dnldyho
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 568363320
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: plugin.state.nptnt - 2
FF - user.js: plugin.state.nptnt - 2
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF - user.js: browser.search.defaultenginename - Yahoo:
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.homepage - hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - hxxp://services.freshy.com/general/newhometab.php?hometab=tab&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF - user.js: browser.newtab.url -

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{76D417B9-99A5-49DE-B6D6-B9B90F850AE9} - (no file)
HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe
AddRemove-DSite - C:\Users\Kathy\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-PDF Reader - C:\PROGRA~2\PDFREA~1\Uninstall\Uninstall.exe

It's till cut off but let's leave it for now.



http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Here's one

# AdwCleaner v4.101 - Report created 17/11/2014 at 10:25:19
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kathy - KATHY-PC
# Running from : C:\Users\Kathy\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Kathy\AppData\Local\DownBook
Folder Deleted : C:\Users\Kathy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kathy\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Kathy\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Kathy\AppData\Roaming\SearchYa
File Deleted : C:\END
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\invalidprefs.js
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : DSite
Task Deleted : GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\searchya
Key Deleted : HKCU\Software\searchya.com
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 en-US)

[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SearchYa!");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.aflt", "dnldyho");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dfltLng", "");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dfltSrch", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dnsErr", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.excTlbr", false);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.hmpg", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.id", "446D5781C6C547FD");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.instlDay", "15752");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.instlRef", "");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&c[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.prdct", "searchya");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.tlbrId", "base");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.vrsn", "1.8.8.0");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.vrsni", "1.8.8.0");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.hmpg", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.newTab", false);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.8.8.019:2:10");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [6180 octets] - [17/11/2014 10:21:49]
AdwCleaner[S0].txt - [6193 octets] - [17/11/2014 10:25:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6253 octets] ##########

Here's one

# AdwCleaner v4.101 - Report created 17/11/2014 at 10:25:19
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kathy - KATHY-PC
# Running from : C:\Users\Kathy\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Kathy\AppData\Local\DownBook
Folder Deleted : C:\Users\Kathy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kathy\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Kathy\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Kathy\AppData\Roaming\SearchYa
File Deleted : C:\END
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\invalidprefs.js
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : DSite
Task Deleted : GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\searchya
Key Deleted : HKCU\Software\searchya.com
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 en-US)

[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SearchYa!");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.aflt", "dnldyho");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dfltLng", "");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dfltSrch", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.dnsErr", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.excTlbr", false);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.hmpg", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.id", "446D5781C6C547FD");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.instlDay", "15752");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.instlRef", "");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&c[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.prdct", "searchya");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.tlbrId", "base");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyBzztC0CyC0CyDyEyB0F0DtN0D0Tzu0CyEtCtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F[...]
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.vrsn", "1.8.8.0");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya.vrsni", "1.8.8.0");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.hmpg", true);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.newTab", false);
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.8.8.019:2:10");
[rsrsrm2w.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [6180 octets] - [17/11/2014 10:21:49]
AdwCleaner[S0].txt - [6193 octets] - [17/11/2014 10:25:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6253 octets] ##########


And the next one:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Kathy on Mon 11/17/2014 at 10:39:35.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{56D7A686-7BA9-4E30-AD81-10F5B2170AC6}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{8E02662C-D7EA-491A-9A36-08949DF450D7}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{901F1F8C-7D10-4B69-809F-611862671566}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{95D30CFE-3849-4FE6-B426-2294E0E7A50B}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{A79B84FD-331E-420D-B590-8B9C8CA3688D}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{ED695908-FC8F-424F-9659-17E1E028CBFB}
Successfully deleted: [Empty Folder] C:\Users\Kathy\appdata\local\{F07C2532-8CE4-493C-839B-764E8AC855BE}



~~~ FireFox

Emptied folder: C:\Users\Kathy\AppData\Roaming\mozilla\firefox\profiles\rsrsrm2w.default\minidumps [74 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/17/2014 at 10:45:31.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by Kathy (administrator) on KATHY-PC on 17-11-2014 11:52:46
Running from C:\Users\Kathy\Downloads
Loaded Profile: Kathy (Available profiles: Kathy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

and more of the above

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-61633527-4084290942-2707624099-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-61633527-4084290942-2707624099-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-61633527-4084290942-2707624099-1000] => localhost:21320
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {E70AA94A-B268-409C-AEB0-FC5993D9E3D9} URL = http://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p={searchTerms}
SearchScopes: HKCU - {643E6252-9504-286F-7ECC-3E72A8F04DC2} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {E70AA94A-B268-409C-AEB0-FC5993D9E3D9} URL = http://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-61633527-4084290942-2707624099-1000 -> No Name - {76D417B9-99A5-49DE-B6D6-B9B90F850AE9} - No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default
FF NewTab:
FF DefaultSearchEngine: Yahoo:
FF SelectedSearchEngine: Yahoo:
FF Homepage: hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rsrsrm2w.default\searchplugins\yahoo-1.xml
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012-11-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012-11-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012-11-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012-11-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2012-11-28]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/d...najaicnklhfplh [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-07] (Windows (R) Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 11:52 - 2014-11-17 11:53 - 00022503 _____ () C:\Users\Kathy\Downloads\FRST.txt
2014-11-17 11:52 - 2014-11-17 11:52 - 02117120 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
2014-11-17 11:52 - 2014-11-17 11:52 - 00000000 ____D () C:\FRST
2014-11-17 11:47 - 2014-11-17 11:47 - 01108992 _____ (Farbar) C:\Users\Kathy\Downloads\FRST.exe
2014-11-17 10:45 - 2014-11-17 10:45 - 00002019 _____ () C:\Users\Kathy\Desktop\JRT.txt
2014-11-17 10:39 - 2014-11-17 10:39 - 00000000 ____D () C:\Windows\ERUNT
2014-11-17 10:37 - 2014-11-17 10:37 - 01707532 _____ (Thisisu) C:\Users\Kathy\Downloads\JRT.exe
2014-11-17 10:33 - 2014-11-17 10:33 - 00006333 _____ () C:\Users\Kathy\Desktop\AdwCleaner[S0].txt
2014-11-17 10:20 - 2014-11-17 10:25 - 00000000 ____D () C:\AdwCleaner
2014-11-17 10:19 - 2014-11-17 10:19 - 02140160 _____ () C:\Users\Kathy\Downloads\adwcleaner_4.101.exe
2014-11-16 18:17 - 2014-11-16 18:30 - 00000000 ____D () C:\ComboFix
2014-11-16 18:17 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-16 18:17 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-16 18:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-16 18:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-16 18:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-16 18:17 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-16 18:17 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-16 18:17 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-16 17:50 - 2014-11-16 18:30 - 00000000 ____D () C:\Qoobox
2014-11-16 17:50 - 2014-11-16 18:29 - 00000000 ____D () C:\Windows\erdnt
2014-11-16 17:49 - 2014-11-16 17:49 - 05598504 ____R (Swearware) C:\Users\Kathy\Downloads\ComboFix.exe
2014-11-16 17:03 - 2014-11-16 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-16 08:39 - 2014-11-16 08:39 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Kathy\Downloads\mbar-1.08.1.1001(1).exe
2014-11-16 08:35 - 2014-11-16 17:24 - 00000000 ____D () C:\Users\Kathy\Desktop\mbar
2014-11-16 08:34 - 2014-11-16 08:35 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Kathy\Downloads\mbar-1.08.1.1001.exe
2014-11-16 08:20 - 2014-11-16 08:20 - 00002891 _____ () C:\Users\Kathy\Desktop\RKreport_DEL_11162014_081928.log
2014-11-16 08:01 - 2014-11-16 08:01 - 00000000 ____D () C:\Users\Kathy\AppData\Local\CrashDumps
2014-11-16 07:58 - 2014-11-16 08:01 - 00007380 _____ () C:\Users\Kathy\Desktop\2nd time RKreport_DEL_11162014_075757.log
2014-11-16 07:22 - 2014-11-16 07:22 - 00006891 _____ () C:\Users\Kathy\Desktop\RKreport_DEL_11162014_072016.log
2014-11-16 06:59 - 2014-11-16 08:08 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-16 06:59 - 2014-11-16 06:59 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-16 06:58 - 2014-11-16 06:58 - 14678104 _____ () C:\Users\Kathy\Desktop\RogueKiller.exe
2014-11-14 15:52 - 2014-11-14 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\40EF7A73.sys
2014-11-14 15:50 - 2014-11-14 15:50 - 00032144 _____ () C:\Users\Kathy\Desktop\11-14DDS.txt
2014-11-14 15:50 - 2014-11-14 15:50 - 00006355 _____ () C:\Users\Kathy\Desktop\11-14Attach.txt
2014-11-14 15:47 - 2014-11-14 15:58 - 00000000 ____D () C:\Users\Kathy\Desktop\New folder
2014-11-14 15:47 - 2014-11-14 15:47 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds(1).com
2014-11-12 21:54 - 2014-11-12 22:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0C1B72E7.sys
2014-11-12 21:26 - 2014-11-12 21:26 - 00688992 ____R (Swearware) C:\Users\Kathy\Downloads\dds.com
2014-11-12 21:22 - 2014-11-12 21:22 - 00028462 _____ () C:\Users\Kathy\Desktop\mbam scan 11-12-14.txt
2014-11-12 20:47 - 2014-11-16 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 20:46 - 2014-11-16 17:03 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 20:46 - 2014-11-12 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 20:46 - 2014-11-12 20:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 20:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 20:44 - 2014-11-12 20:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Kathy\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-12 11:08 - 2014-11-12 11:08 - 06822176 _____ (ParetoLogic, Inc.) C:\Users\Kathy\Downloads\RegCureProSetup_e5ef0ee_.exe
2014-11-12 11:07 - 2014-11-12 11:07 - 00001205 _____ () C:\Users\Kathy\Downloads\FixNCR.reg
2014-11-11 22:59 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-11 22:59 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-11 22:57 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 22:57 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 22:57 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 22:57 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 22:57 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 22:57 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 22:57 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 22:57 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 22:57 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 22:57 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 22:57 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 22:57 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 22:57 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 22:57 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 22:57 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 22:57 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 22:57 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 22:57 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 22:57 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 22:57 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 22:57 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 22:57 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 22:57 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 22:57 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 22:57 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 22:57 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 22:57 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 22:57 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 22:57 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 22:57 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 22:57 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 22:57 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 22:57 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 22:57 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 22:57 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 22:57 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 22:57 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 22:57 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 22:57 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 22:57 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 22:57 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 22:57 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 22:57 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 22:57 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 22:57 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 22:57 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 22:57 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 22:57 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 22:57 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 22:57 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 22:57 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 22:57 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 22:57 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 22:57 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 22:57 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 22:57 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 22:57 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 22:57 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 22:57 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 22:57 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 22:57 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 22:57 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 22:57 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 22:57 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 22:57 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 22:57 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 22:57 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 22:57 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 22:57 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 22:57 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 22:57 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 22:57 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 22:57 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 22:57 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 22:57 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 22:57 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:56 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 22:56 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 22:56 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 22:56 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 22:56 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 22:56 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 22:56 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 22:56 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 22:56 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 22:56 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 22:56 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 22:56 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 22:56 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 22:56 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 22:56 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 22:56 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 22:56 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 22:55 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 22:55 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 22:53 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 22:53 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 22:53 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 22:48 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 22:48 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 22:14 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-11 22:14 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-11 22:14 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-11 22:14 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-11 22:14 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-11 22:14 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-11 22:13 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 22:13 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-11 22:13 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-11 22:13 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-11 22:13 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-11 22:12 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-11 22:12 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-11 22:12 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-11 22:12 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-11 22:12 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-11 22:12 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-11 22:12 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-11 22:12 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-11 22:12 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-11 22:12 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-11 22:12 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-11 22:12 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-11 22:12 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-11 22:12 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-11 22:12 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-11 22:12 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-11 22:12 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-11 22:12 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-11 22:12 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-11 22:12 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-11 22:12 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-11 22:12 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-11 22:12 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-11 22:12 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-11 22:11 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-11 22:11 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-11 20:43 - 2014-11-11 20:43 - 00419470 _____ () C:\Users\Kathy\Documents\Christmas Vintage Records.odt
2014-11-11 09:21 - 2014-11-16 18:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-11 09:21 - 2014-11-11 21:56 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-11 09:20 - 2014-11-11 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-11 09:20 - 2014-11-11 21:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-11 09:20 - 2014-11-11 09:20 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-11 09:20 - 2014-11-11 09:20 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-11 09:20 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-11 09:17 - 2014-11-11 09:18 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Kathy\Downloads\spybot-2.1.exe
2014-11-11 09:07 - 2014-11-11 09:07 - 01213200 _____ () C:\Users\Kathy\Downloads\spybotsearchanddestroy-setup.exe
2014-11-10 13:30 - 2014-11-11 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-29 19:37 - 2014-11-10 20:31 - 00012109 _____ () C:\Users\Kathy\Documents\Workout info..odt
2014-10-25 09:14 - 2014-10-25 09:14 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-25 09:14 - 2014-10-25 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-25 09:14 - 2014-10-25 09:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 09:11 - 2014-10-25 09:11 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-25 09:11 - 2014-10-25 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 09:10 - 2014-10-25 09:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 09:10 - 2014-10-25 09:10 - 00000000 ____D () C:\Program Files\iTunes
2014-10-25 09:10 - 2014-10-25 09:10 - 00000000 ____D () C:\Program Files\iPod
2014-10-25 09:10 - 2014-10-25 09:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 20:26 - 2014-10-18 20:26 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-18 20:26 - 2014-10-18 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-18 20:26 - 2014-10-18 20:26 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-18 20:26 - 2014-10-18 20:26 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-18 20:26 - 2014-10-18 20:26 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 10:34 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:34 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 10:31 - 2012-05-24 19:59 - 01971117 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 10:29 - 2012-11-28 22:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-17 10:28 - 2013-12-29 08:41 - 00000380 _____ () C:\Users\Kathy\AppData\Roaming\sp_data.sys
2014-11-17 10:28 - 2012-05-24 20:06 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-17 10:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 10:27 - 2009-07-14 00:08 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-17 10:26 - 2012-02-18 02:15 - 00270596 _____ () C:\Windows\PFRO.log
2014-11-17 10:26 - 2009-07-13 23:51 - 00069370 _____ () C:\Windows\setupact.log
2014-11-16 18:28 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 17:26 - 2012-12-02 11:40 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\SoftGrid Client
2014-11-14 16:56 - 2012-05-24 20:06 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-11-13 16:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 14:50 - 2009-07-29 00:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-11-12 21:24 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 20:46 - 2013-02-17 08:23 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 20:46 - 2013-02-17 08:23 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Malwarebytes
2014-11-12 20:46 - 2013-02-17 08:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 23:39 - 2009-07-13 23:45 - 00294496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 23:08 - 2012-02-18 02:36 - 00776038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-11 22:41 - 2013-07-24 09:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:58 - 2012-11-12 18:44 - 00000000 ____D () C:\Users\Kathy
2014-11-11 21:56 - 2014-06-18 21:47 - 00000000 ____D () C:\Users\Kathy\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
2014-11-11 21:56 - 2014-01-01 22:59 - 00000000 ____D () C:\Users\Kathy\Desktop\OpenOffice 4.0.1 (en-US) Installation Files
2014-11-11 21:56 - 2013-09-18 17:01 - 00000000 ____D () C:\Users\Kathy\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2014-11-11 21:56 - 2013-02-11 10:03 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\PDF Reader Packages
2014-11-11 21:56 - 2013-01-06 20:18 - 00000000 ____D () C:\Brother
2014-11-11 21:56 - 2012-11-23 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 21:56 - 2012-05-24 20:12 - 00000000 ____D () C:\ProgramData\P4G
2014-11-11 21:56 - 2009-07-29 00:20 - 00000000 ____D () C:\Windows\ASUS
2014-11-11 21:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-11 21:27 - 2012-05-24 20:13 - 00002142 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-11-11 21:27 - 2012-05-24 20:13 - 00001733 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-04 14:30 - 2012-11-28 22:42 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 10:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-25 09:10 - 2014-10-05 22:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-25 09:10 - 2014-02-08 13:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 20:27 - 2014-01-18 07:26 - 00000000 ____D () C:\ProgramData\Oracle

Some content of TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 19:44

==================== End Of Log ============================

and then

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 03
Ran by Kathy at 2014-11-17 11:53:58
Running from C:\Users\Kathy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS K5 Series ScreenSaver (HKLM-x32\...\ASUS K5 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions Ã* distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GalerÃ*a fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.3 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35132 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PDF Reader (HKU\S-1-5-21-61633527-4084290942-2707624099-1000\...\PDF Reader) (Version: - )
PDF Reader Packages (HKU\S-1-5-21-61633527-4084290942-2707624099-1000\...\PDF Reader Packages) (Version: - ) <==== ATTENTION
PDF Reader Packages 36 (HKU\S-1-5-21-61633527-4084290942-2707624099-1000\...\PDF Reader Packages 36) (Version: - ) <==== ATTENTION
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.11 - ASUS)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

and



(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

12-11-2014 02:38:30 Restore Operation
12-11-2014 03:15:22 Windows Update
12-11-2014 03:58:21 Windows Update
16-11-2014 13:33:05 Installed New Hardware
17-11-2014 00:00:02 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0679E70A-2BB4-4110-AB9B-3D61510ED479} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {137BE2F6-C790-47BA-83DA-778E686C2237} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {13CABFA2-FDE5-4BD9-8D81-1CC454ACA366} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {2F33CAAA-7ECA-4E83-BD9B-02A9C8800117} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {4084687B-08F0-4749-889A-356611A5A277} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {55FAC053-2E36-40D5-BF15-FB0A3E1D7594} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {5E88FC09-22C5-47C2-8C1D-6D4B277A8195} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5FAE7654-8730-4273-8CFA-192A70B135F5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {60B78181-9985-467F-BA15-55B1AF2553FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {622C5AAA-4090-41B4-A9A6-48DCD5D841EA} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
Task: {6486C439-CE56-4594-A2C6-CA75AAAB00ED} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {79851003-60DD-47B8-B913-A969F93422F8} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {DB86895A-76D3-4792-B3BB-D02BA4F6F861} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {F58DD17F-0CD9-42F5-B632-F0FA66B7EBC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FA6102FA-6A36-4888-BD2C-B982E2E1143D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {FFB38661-2331-4906-BC90-9D4B9E8743BD} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-05-24 20:06 - 2011-12-16 13:02 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-11 22:28 - 2012-02-22 02:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2012-12-07 13:54 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-11-11 09:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-11 09:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-11 09:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-11 09:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-11 09:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-01-31 11:25 - 2012-01-31 11:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-01-06 20:18 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-02-21 14:49 - 2012-02-21 14:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 11:57 - 2010-08-20 11:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 11:57 - 2010-08-20 11:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-05-24 20:06 - 2011-12-16 12:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-10 13:30 - 2014-11-10 13:30 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-03 10:03 - 2014-03-03 10:03 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

Administrator (S-1-5-21-61633527-4084290942-2707624099-500 - Administrator - Disabled)
Guest (S-1-5-21-61633527-4084290942-2707624099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-61633527-4084290942-2707624099-1002 - Limited - Enabled)
Kathy (S-1-5-21-61633527-4084290942-2707624099-1000 - Administrator - Enabled) => C:\Users\Kathy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-11-17 11:21:17.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-17 11:21:17.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-17 11:21:17.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-17 11:21:17.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-17 11:21:17.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-17 11:21:17.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-16 19:45:51.736
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-16 19:45:51.736
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-16 19:45:51.736
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-16 19:45:51.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 6029.91 MB
Available physical RAM: 3958.82 MB
Total Pagefile: 12058.01 MB
Available Pagefile: 9439.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.46 GB) (Free:213.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.45 GB) (Free:394.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2902CC6D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Just thought I'd mention my start page is still

search.yahoo.com/?ei=ut-8&fr=tightropetb&type=11075_111114

This is not by my choice...

http://dev.discussions.virtualdr.forums.relay.cool/ Uninstall:
- PDF Reader Packages
- PDF Reader Packages 36
More info: http://www.shouldiremoveit.com/PDF-R...6-program.aspx

http://dev.discussions.virtualdr.forums.relay.cool/ Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by Kathy at 2014-11-17 16:28:50 Run:1
Running from C:\Users\Kathy\Desktop
Loaded Profile: Kathy (Available profiles: Kathy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [NWEReboot] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ProxyServer: [S-1-5-21-61633527-4084290942-2707624099-1000] => localhost:21320
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {E70AA94A-B268-409C-AEB0-FC5993D9E3D9} URL = http://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p={searchTerms}
SearchScopes: HKCU - {E70AA94A-B268-409C-AEB0-FC5993D9E3D9} URL = http://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p={searchTerms}
Toolbar: HKU\S-1-5-21-61633527-4084290942-2707624099-1000 -> No Name - {76D417B9-99A5-49DE-B6D6-B9B90F850AE9} - No File
FF Homepage: hxxp://services.freshy.com/general/newhometab.php?hometab=home&partner=11075&guid={4E0071CA-C3CC-4634-BB3D-0B5BD9E47D70}&i=
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=11075_111114&p=
C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll
Task: {DB86895A-76D3-4792-B3BB-D02BA4F6F861} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E70AA94A-B268-409C-AEB0-FC5993D9E3D9}" => Key deleted successfully.
"HKCR\CLSID\{E70AA94A-B268-409C-AEB0-FC5993D9E3D9}" => Key not found.
HKU\S-1-5-21-61633527-4084290942-2707624099-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76D417B9-99A5-49DE-B6D6-B9B90F850AE9} => value deleted successfully.
"HKCR\CLSID\{76D417B9-99A5-49DE-B6D6-B9B90F850AE9}" => Key not found.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB86895A-76D3-4792-B3BB-D02BA4F6F861}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB86895A-76D3-4792-B3BB-D02BA4F6F861}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.

==== End of Fixlog ====

How is computer doing?

Last scans...

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop.
  
  
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Check "Enable detection of potentially unwanted applications".
• Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark "Use custom proxy settings"
• Click the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

It's doing much better, but I still have that freshy services tightrope crap though:
http://discussions.virtualdr.com/sho...11#post1477311
Will work on the other scans shortly. :)

I thought in my above post you would be able to see the freshy services tightrope part. I thought wrong...LOL
Here is the Security Check scan:

Results of screen317's Security Check version 0.99.90
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 71
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

And the FFS:

Farbar Service Scanner Version: 21-07-2014
Ran by Kathy (administrator) on 17-11-2014 at 19:58:41
Running from "C:\Users\Kathy\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Quote:

---

I still have that freshy services tightrope crap though

---

Where exactly?

I will leave spaces:
discussions.virtualdr . com/showthread .php?267185-Freshy-Services-Tightrope&p = 1477329
However, even though I haven't set my home page (always open in google) it doesn't go to yahoo. com plus a string after it with that freshy services crap. I would post a screenshot, but not with a computer that's infected.
Getting ready to run ESET

Which browser?

I saw those entries and they were included in FRST fix.

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Kathy\Downloads\cbsidlm-tr1_10a-Foxit_Reader-SEO-10313206.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Kathy\Downloads\FoxitReader545.0124_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Kathy\Downloads\oi_FoxitReader5140104_enu_Setupexe.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Kathy\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Kathy\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Kathy\Downloads\spybotsearchanddestroy-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

Do you mean Firefox?