Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old December 22nd, 2013, 10:55 PM
donacrane donacrane is offline
New Member
 
Join Date: Dec 2013
O/S: Windows 7 64-bit
Location: Chicago
Posts: 4
Cool Level Quality Watcher Issue (on my laptop)

HELP!

These popups and my inability to access a site that I use 5-10 times daily are driving me crazy and I can't remove it from the folder. I downloaded Kaspersky Anti-virus software last night. It removed 1 item but I'm still being harassed by these ads!

Windows 7
M370 @ 2.40Ghz
4.00 GB
64 bit
Reply With Quote
  #2  
Old December 23rd, 2013, 05:36 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Welcome to CTH Forums, donacrane!

Please use the Farbar Recovery Scan Tool.

Download: http://www.bleepingcomputer.com/down...ery-scan-tool/

Select the version that applies to your system: 64-bit
Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

Press the Scan button.


When done, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.
Reply With Quote
  #3  
Old December 23rd, 2013, 06:09 AM
donacrane donacrane is offline
New Member
 
Join Date: Dec 2013
O/S: Windows 7 64-bit
Location: Chicago
Posts: 4
addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2013 01
Ran by Donna at 2013-12-22 23:05:50
Running from C:\Users\Donna\Downloads
Boot Mode: Normal
================================================== ========


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.53.64)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Advertising Center (x32 Version: 0.0.0.2)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Backup Manager Basic (x32 Version: 2.0.0.63)
BatchPhoto (x32 Version: 3.5.2)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
Citrix Online Launcher (x32 Version: 1.0.153)
CutePDF Writer 3.0 (Version: 3.0)
CyberLink PowerDVD 9 (x32 Version: 9.0.2829.50)
Epson Event Manager (x32 Version: 2.40.0004)
Epson FAX Utility (x32 Version: 1.10.00)
Epson PC-FAX Driver (x32)
EPSON Scan (x32)
EPSON WorkForce 840 Series Printer Uninstall
ETDWare PS/2-x64 7.0.6.5_WHQL (Version: 7.0.6.5)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614)
Gateway InfoCentre (x32 Version: 3.02.3000)
Gateway MyBackup (x32 Version: 2.0.0.63)
Gateway Power Management (x32 Version: 5.00.3005)
Gateway Recovery Management (x32 Version: 4.05.3013)
Gateway Registration (x32 Version: 1.03.3003)
Gateway ScreenSaver (x32 Version: 1.1.0121.2010)
Gateway Social Networks (x32 Version: 1.0.1901)
Gateway Updater (x32 Version: 1.02.3001)
Google Chrome (x32 Version: 65.119.95)
Google Drive (x32 Version: 1.12.5329.1887)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2125)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
IrfanView (remove only) (x32 Version: 4.36)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651)
Launch Manager (x32 Version: 4.0.12)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.37.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.37.100)
neroxml (x32 Version: 1.0.0)
Nitro Reader 3 (Version: 3.5.6.5)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
Skitch (x32 Version: 2.3.0.10)
swMSM (x32 Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Video Web Camera (x32 Version: 2.0.5.0)
Welcome Center (x32 Version: 1.02.3002)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points =========================

19-11-2013 10:29:37 Windows Update
22-11-2013 15:24:05 Windows Update
26-11-2013 12:33:49 Windows Update
29-11-2013 17:55:10 Windows Update
03-12-2013 15:20:10 Windows Update
07-12-2013 04:44:39 Removed ScorpionSaver
10-12-2013 08:58:52 Windows Update
11-12-2013 15:38:25 Windows Update
17-12-2013 21:30:11 Windows Update

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2CA5C14F-B905-4F79-88BD-0A24C70805B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.)
Task: {362EBFE1-4D0C-4AAB-BD9E-9949380830BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.)
Task: {69AE6C65-6973-457D-B5BD-795A7FD331B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95EC064B-AC32-4FE4-A001-F98460824ED4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000UA => C:\Users\Donna\AppData\Local\Google\Update\GoogleU pdate.exe [2013-09-25] (Google Inc.)
Task: {A307D281-C300-4FEA-A25D-999F51629957} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000Core => C:\Users\Donna\AppData\Local\Google\Update\GoogleU pdate.exe [2013-09-25] (Google Inc.)
Task: {E2337408-E541-483A-87C1-3B07B779D25F} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2010-06-23] (Acer)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000Core.job => C:\Users\Donna\AppData\Local\Google\Update\GoogleU pdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000UA.job => C:\Users\Donna\AppData\Local\Google\Update\GoogleU pdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-25 11:28 - 2013-11-25 11:28 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2010-05-24 18:16 - 2010-05-24 18:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2010-05-24 18:09 - 2010-05-24 18:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2013-12-05 02:19 - 2013-12-03 20:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libgl esv2.dll
2013-12-05 02:19 - 2013-12-03 20:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libeg l.dll
2013-12-05 02:19 - 2013-12-03 20:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.d ll
2013-12-05 02:19 - 2013-12-03 20:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoo gleNaClPluginChrome.dll
2013-12-05 02:19 - 2013-12-03 20:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpe gsumo.dll
2010-07-23 01:31 - 2009-05-20 00:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-12-22 12:57 - 2013-12-22 12:57 - 00098816 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32a pi.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00110080 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\pywint ypes27.dll
2013-12-22 12:57 - 2013-12-22 12:57 - 00364544 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\python com27.dll
2013-12-22 12:57 - 2013-12-22 12:57 - 00044032 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_socke t.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 01153024 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_ssl.p yd
2013-12-22 12:57 - 2013-12-22 12:57 - 00320512 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32c om.shell.shell.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00711680 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_hashl ib.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 01175040 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._co re_.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00805888 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._gd i_.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00811008 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._wi ndows_.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 01062400 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._co ntrols_.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00735232 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._mi sc_.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00128512 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_eleme nttree.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00127488 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\pyexpa t.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00557056 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\pysqli te2._sqlite.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00087040 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_ctype s.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00119808 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32f ile.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00108544 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32s ecurity.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00018432 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32e vent.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00038912 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32i net.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00122368 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._wi zard.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00686080 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\unicod edata.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00026624 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\_multi processing.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00070656 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\wx._ht ml2.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00010240 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\select .pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00025600 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32p dh.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00504832 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\window s._cacheinvalidation.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00011264 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32c rypt.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00035840 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32p rocess.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00017408 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32p rofile.pyd
2013-12-22 12:57 - 2013-12-22 12:57 - 00022528 _____ () C:\Users\Donna\AppData\Local\Temp\_MEI41402\win32t s.pyd
2013-12-17 18:30 - 2013-12-17 18:30 - 00181760 _____ () C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanao iihapd\2013.1211.433.2_0\plugin\ace.dll
2013-08-08 13:11 - 2013-08-08 13:11 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Isd iInterop\9e5dc5d1c75de12100f8c1d8c65de002\IsdiInte rop.ni.dll
2010-07-23 00:40 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-05 02:19 - 2013-12-03 20:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll
2013-10-21 07:10 - 2013-10-21 07:10 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2013-10-21 07:10 - 2013-10-21 07:10 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2013-10-21 07:10 - 2013-10-21 07:10 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2013-10-21 07:10 - 2013-10-21 07:10 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\AdpeakProxy => ""="service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2013 10:22:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12839

Error: (12/22/2013 10:22:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12839

Error: (12/22/2013 10:22:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 10:22:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11841

Error: (12/22/2013 10:22:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11841

Error: (12/22/2013 10:22:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 10:22:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10842

Error: (12/22/2013 10:22:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10842

Error: (12/22/2013 10:22:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/22/2013 10:22:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9812


System errors:
=============
Error: (12/22/2013 00:57:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/22/2013 01:24:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/22/2013 01:24:44 AM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/22/2013 01:24:44 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/22/2013 01:24:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/22/2013 01:23:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:22:09 AM on ‎12/‎22/‎2013 was unexpected.

Error: (12/21/2013 05:53:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/21/2013 05:52:07 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:49:39 PM on ‎12/‎21/‎2013 was unexpected.

Error: (12/20/2013 02:25:21 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

Error: (12/19/2013 10:07:39 PM) (Source: Service Control Manager) (User: )
Description: The AdpeakProxy service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-12-22 03:31:39.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-12-22 03:31:39.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-12-22 03:31:39.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sy s because the set of per-page image hashes could not be found on the system.

Date: 2013-12-22 03:31:39.686
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-22 03:31:39.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-12-22 03:31:39.680
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 87%
Total physical RAM: 3766.71 MB
Available physical RAM: 461.34 MB
Total Pagefile: 7531.55 MB
Available Pagefile: 2662.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:238.82 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7723317B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Reply With Quote
  #4  
Old December 23rd, 2013, 06:11 AM
donacrane donacrane is offline
New Member
 
Join Date: Dec 2013
O/S: Windows 7 64-bit
Location: Chicago
Posts: 4
Frst

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2013 01
Ran by Donna (administrator) on DONNA-PC on 22-12-2013 23:03:41
Running from C:\Users\Donna\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService 3x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA. EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGMA. EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Donna\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_D4A88338322AD9AF1DB2CFEBAE3 7D355] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\Run: [Skitch] - C:\Program Files (x86)\Evernote\Skitch\\Skitch.exe [4304704 2013-08-09] (Evernote)
HKCU\...\Run: [Google Update] - C:\Users\Donna\AppData\Local\Google\Update\GoogleU pdate.exe [116648 2013-09-25] (Google Inc.)
HKCU\...\Run: [EPSONB8952A (WorkForce 840)] - C:\Windows\Temp\E_S3323.tmp [214 2013-11-04] ()
HKCU\...\Run: [EPSON WorkForce 840 Series] - C:\Windows\Temp\E_S22DE.tmp [132 2013-11-04] ()
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [MobileAppSync] - "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
MountPoints2: {96202ce1-22e6-11e3-975b-b870f4e4afec} - E:\WIN\setup.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [258304 2010-05-24] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-01-14] ()
Startup: C:\Users\Donna\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...4z115a4752j77s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317458&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=2&UP=SP6839063F-72B6-43CD-BADA-735C125D0419&q={searchTerms}&SSPV=
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker _plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboa rd_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho. dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\s wg64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plu gin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_p lugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\s wg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.96.1
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{70ED3920-BF4D-4406-A01C-A22425DCC7E5}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{8B03DACE-F046-4F1B-BE90-4152754529B8}: [NameServer]75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{C5F9B4FC-F2EC-44A1-8548-65626AF876F4}: [NameServer]75.126.206.18,184.173.169.186

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com", "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=EDE8D5D8 86F896280C9B57505A526D0A&tbp=homepage&v=1_2", "hxxp://yahoo.genieo.com/?v=w3i8", "hxxp://www.delta-search.com/?affID=119351&babsrc=HP_ss&mntrId=acd8f1eb00000000 00001c659daa7051", "hxxp://www.kw.com/"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ }{google:originalQueryForSuggestion}{google:assist edQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{googl e:sourceId}{google:instantExtendedEnabledParameter }{google:omniboxStartMarginParameter}ie={inputEnco ding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledP arameter}{google:ntpIsThemedParameter}ie={inputEnc oding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoo gleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.d ll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133 .dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Sandglaz) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adcnghffffopmjobbaabboiflp cchljd\2.6.4_0
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcffli cgnaak\0.9.5_0
CHR Extension: (Angry Birds) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmg eghloj\1.5.0.7_0
CHR Extension: (Boomerang Calendar) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\annmcneienljahlbfoaomcfghm omhfho\0.7.11.26_0
CHR Extension: (Google Docs) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_0
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlbl fcmfnm\1.20_0
CHR Extension: (Social Privacy) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldd dojchn\1.0_0
CHR Extension: (Google Search) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecp egganj\14.0.0.4651_0
CHR Extension: (HelloSign for Gmail) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbiginga odhnil\1.1.36_0
CHR Extension: (Timout - Time Management) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekpabfaimofbinkbjlgdkkeco dejmbf\0.3_0
CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbm fcmclf\2.1.2_0
CHR Extension: (The Godfather: Five Families) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmame pgbnbl\1.2_0
CHR Extension: (Full Screen Weather) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemep fehibg\1.3_0
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneame kgbaej\1.2.4_0
CHR Extension: (Send to Evernote) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppe kcoafm\2.6.3.3_0
CHR Extension: (Pinterest) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmk opogic\1.1_0
CHR Extension: (Namco Mahjong Butterfly) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpljegkclkedmcmfpdfgomeoo jlajaa\1.104_0
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehj mkjail\14.0.0.4651_0
CHR Extension: (Pathuku) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmced iekadb\1.24.0.0_0
CHR Extension: (Add To Google Calendar) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iapelnbkjjkmpgehkjjhclldbh eacgdh\1.0_0
CHR Extension: (Crackle) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgla dlinic\7.1.7_0
CHR Extension: (Knok | Home exchange) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehdddmijbgofffjjmhkodckmn ombhmf\3.1_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohk ohdgbb\9.0_0
CHR Extension: () - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnj pcfmfb\2.6.49_0
CHR Extension: (Clearly) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgih fjdjhj\9.3374.689.453_0
CHR Extension: (Virtual Keyboard) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadma iegcmh\14.0.0.4794_0
CHR Extension: (Any.do Extension) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikop ddkjem\1.0.3.8_0
CHR Extension: (Calculator) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflk kbapao\1.0.9_0
CHR Extension: (HootSuite) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooih jcdbij\5.244_0
CHR Extension: (Poppit) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi\2.2_0
CHR Extension: (Boomerang for Gmail) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekbl gmpdll\1.2.2_0
CHR Extension: (Hangouts) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanao iihapd\2013.1211.433.2_0
CHR Extension: (Mahjong Solitaire) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkh cpiloc\1.0.0.2_0
CHR Extension: (Lumosity) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllecha gamlfp\1.1_0
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfeke ahmflj\1.5.6_0
CHR Extension: (Google Wallet) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.0_0
CHR Extension: (Todo.ly) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbcilooj cmpkap\2_0
CHR Extension: (My Chrome Theme) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocb jdonic\2.0_0
CHR Extension: (Manilla - Auto Login ) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnmjkalkfignhmkhohdaipkbc chbmca\2.0.28_0
CHR Extension: (Shoeboxed Web Clipper) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgen lgjgbi\1.0.7_0
CHR Extension: (Speak to Search) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldinpdedgdcbdehomnpfndej poibeb\1.0.4_0
CHR Extension: (Psykopaint) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdep gmpfil\0.0.0.10_0
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapj pbgeoc\1.16_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefb ikjilc\6.0.7_0
CHR Extension: (Gmail) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0
CHR Extension: (AVG PrivacyFix) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbd bkdcni\5.0.3_0
CHR Extension: (BodBot) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpngh bdgjhk\4.3.4_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-11-16] (Kaspersky Lab ZAO)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [513528 2013-12-10] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService 3x64.exe [230416 2013-07-26] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-12-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-11-16] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-16] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-22] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-22 23:03 - 2013-12-22 23:04 - 00029056 _____ C:\Users\Donna\Downloads\FRST.txt
2013-12-22 23:03 - 2013-12-22 23:03 - 00000000 ____D C:\FRST
2013-12-22 23:01 - 2013-12-22 23:02 - 01928280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2013-12-22 01:12 - 2013-12-22 01:12 - 00001093 _____ C:\Users\Default\Desktop\Evernote.lnk
2013-12-22 01:12 - 2013-12-22 01:12 - 00001093 _____ C:\Users\Default User\Desktop\Evernote.lnk
2013-12-22 00:50 - 2013-12-22 00:49 - 00001096 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-12-22 00:49 - 2013-12-22 22:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-22 00:49 - 2013-12-22 01:55 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-22 00:49 - 2013-12-22 00:49 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-22 00:49 - 2013-12-22 00:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-22 00:49 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-12-22 00:49 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2013-12-21 23:41 - 2013-12-22 00:47 - 219322176 _____ (Kaspersky Lab) C:\Users\Donna\Downloads\kav14.0.0.4651abcEN_5479. exe
2013-12-21 10:52 - 2013-12-21 10:52 - 00004115 _____ C:\Users\Donna\Downloads\Babyface_5425301_20131221 041844.xls
2013-12-20 18:37 - 2013-12-20 18:37 - 00003836 _____ C:\Users\Donna\Downloads\BOYZ II MEN_5423669_20131220155033.xls
2013-12-20 18:17 - 2013-12-20 18:17 - 00004127 _____ C:\Users\Donna\Downloads\Babyface_5423696_20131220 155622.xls
2013-12-19 23:53 - 2013-12-19 23:54 - 91049225 _____ C:\Users\Donna\Downloads\2013-11-01 11.00 EXIT e-Listings (1).wmv
2013-12-19 22:07 - 2013-12-19 22:07 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-19 22:07 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-19 22:07 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-12-15 22:02 - 2013-12-15 22:03 - 00000000 ____D C:\Users\Donna\Desktop\9813 Aberdeen
2013-12-15 18:03 - 2013-12-15 18:03 - 00000000 ____D C:\Users\Donna\Desktop\Recruiting (to EXIT)
2013-12-15 17:56 - 2013-12-15 17:56 - 00000000 ____D C:\Users\Donna\Desktop\EXIT Strategy (for Buyers)
2013-12-15 17:54 - 2013-12-15 18:06 - 00000000 ____D C:\Users\Donna\Desktop\Interesting Photos
2013-12-15 17:53 - 2013-12-15 17:53 - 00000000 ____D C:\Users\Donna\Desktop\Boating
2013-12-11 17:39 - 2013-12-11 17:39 - 07670784 _____ C:\Users\Donna\Downloads\Listing_Presentation_Elis tings.ppt
2013-12-11 17:39 - 2013-12-11 17:39 - 00017920 _____ C:\Users\Donna\Downloads\Schedule.xls
2013-12-09 22:35 - 2013-12-09 22:36 - 00991552 _____ C:\Users\Donna\Downloads\FLV_installer.exe
2013-12-09 18:51 - 2013-12-09 18:51 - 00648178 _____ C:\Users\Donna\Downloads\Unconfirmed 56037.crdownload
2013-12-09 18:51 - 2013-12-09 18:51 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 57760.crdownload
2013-12-09 18:51 - 2013-12-09 18:51 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 219549.crdownload
2013-12-09 18:50 - 2013-12-09 18:51 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 205848.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 746482.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 716388.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 443101.crdownload
2013-12-09 18:49 - 2013-12-09 18:49 - 00648174 _____ C:\Users\Donna\Downloads\Unconfirmed 427982.crdownload
2013-12-09 12:46 - 2013-12-09 12:46 - 00002514 _____ C:\Users\Donna\Desktop\GoToMeeting Quick Connect.lnk
2013-12-06 22:52 - 2013-12-07 00:10 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-06 19:41 - 2013-12-06 19:41 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-06 19:40 - 2013-12-06 19:40 - 00000000 ____D C:\Program Files (x86)\sp
2013-11-28 17:49 - 2013-11-28 17:49 - 00001697 _____ C:\Users\Donna\Desktop\Google Drive.lnk
2013-11-28 17:48 - 2013-12-22 12:58 - 00000000 ___RD C:\Users\Donna\Downloads\My Google Drive
2013-11-28 17:46 - 2013-11-28 17:46 - 00000000 ____D C:\Users\Donna\My Google Drive
2013-11-28 17:41 - 2013-11-28 17:41 - 00002051 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-11-28 17:41 - 2013-11-28 17:41 - 00002047 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-11-28 17:41 - 2013-11-28 17:41 - 00002035 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-11-28 17:39 - 2013-11-28 17:39 - 00819136 _____ (Google Inc.) C:\Users\Donna\Downloads\googledrivesync (2).exe
2013-11-28 17:39 - 2013-11-28 17:39 - 00819136 _____ (Google Inc.) C:\Users\Donna\Downloads\googledrivesync (1).exe
2013-11-28 14:00 - 2013-11-28 14:01 - 00004125 _____ C:\Users\Donna\Downloads\Thanksgiving Soul Jam_5351261_20131128052736.xls
2013-11-27 18:49 - 2013-11-28 14:01 - 00359863 _____ C:\Users\Donna\Downloads\Balcony pool (1).htm
2013-11-27 18:49 - 2013-11-27 18:49 - 00359863 _____ C:\Users\Donna\Downloads\Balcony pool.htm
2013-11-23 11:46 - 2013-11-23 11:46 - 00003843 _____ C:\Users\Donna\Downloads\Babyface_5334774_20131123 050205.xls

==================== One Month Modified Files and Folders =======

2013-12-22 23:04 - 2013-12-22 23:03 - 00029056 _____ C:\Users\Donna\Downloads\FRST.txt
2013-12-22 23:03 - 2013-12-22 23:03 - 00000000 ____D C:\FRST
2013-12-22 23:02 - 2013-12-22 23:01 - 01928280 _____ (Farbar) C:\Users\Donna\Downloads\FRST64.exe
2013-12-22 23:01 - 2013-09-25 20:46 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000UA.job
2013-12-22 23:01 - 2009-07-13 23:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-22 22:59 - 2013-08-03 23:16 - 01218258 _____ C:\Windows\WindowsUpdate.log
2013-12-22 22:59 - 2013-08-03 22:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-22 22:03 - 2013-12-22 00:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-22 21:01 - 2013-09-25 20:46 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000Core.job
2013-12-22 14:44 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 14:44 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 13:22 - 2013-08-03 22:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 12:58 - 2013-11-28 17:48 - 00000000 ___RD C:\Users\Donna\Downloads\My Google Drive
2013-12-22 12:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-22 12:56 - 2009-07-13 22:51 - 00040740 _____ C:\Windows\setupact.log
2013-12-22 01:55 - 2013-12-22 00:49 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-12-22 01:55 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-12-22 01:23 - 2010-07-23 01:00 - 00188790 _____ C:\Windows\PFRO.log
2013-12-22 01:12 - 2013-12-22 01:12 - 00001093 _____ C:\Users\Default\Desktop\Evernote.lnk
2013-12-22 01:12 - 2013-12-22 01:12 - 00001093 _____ C:\Users\Default User\Desktop\Evernote.lnk
2013-12-22 00:49 - 2013-12-22 00:50 - 00001096 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-12-22 00:49 - 2013-12-22 00:49 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-22 00:49 - 2013-12-22 00:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-22 00:47 - 2013-12-21 23:41 - 219322176 _____ (Kaspersky Lab) C:\Users\Donna\Downloads\kav14.0.0.4651abcEN_5479. exe
2013-12-21 10:52 - 2013-12-21 10:52 - 00004115 _____ C:\Users\Donna\Downloads\Babyface_5425301_20131221 041844.xls
2013-12-20 18:37 - 2013-12-20 18:37 - 00003836 _____ C:\Users\Donna\Downloads\BOYZ II MEN_5423669_20131220155033.xls
2013-12-20 18:17 - 2013-12-20 18:17 - 00004127 _____ C:\Users\Donna\Downloads\Babyface_5423696_20131220 155622.xls
2013-12-20 00:01 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-19 23:54 - 2013-12-19 23:53 - 91049225 _____ C:\Users\Donna\Downloads\2013-11-01 11.00 EXIT e-Listings (1).wmv
2013-12-19 22:07 - 2013-12-19 22:07 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-15 22:03 - 2013-12-15 22:02 - 00000000 ____D C:\Users\Donna\Desktop\9813 Aberdeen
2013-12-15 18:06 - 2013-12-15 17:54 - 00000000 ____D C:\Users\Donna\Desktop\Interesting Photos
2013-12-15 18:03 - 2013-12-15 18:03 - 00000000 ____D C:\Users\Donna\Desktop\Recruiting (to EXIT)
2013-12-15 17:57 - 2013-10-12 18:38 - 00000000 ____D C:\Users\Donna\Desktop\1935 Wabash
2013-12-15 17:56 - 2013-12-15 17:56 - 00000000 ____D C:\Users\Donna\Desktop\EXIT Strategy (for Buyers)
2013-12-15 17:54 - 2013-11-04 10:46 - 00000000 ____D C:\Users\Donna\Desktop\9216 Forest Disclosures
2013-12-15 17:53 - 2013-12-15 17:53 - 00000000 ____D C:\Users\Donna\Desktop\Boating
2013-12-11 17:39 - 2013-12-11 17:39 - 07670784 _____ C:\Users\Donna\Downloads\Listing_Presentation_Elis tings.ppt
2013-12-11 17:39 - 2013-12-11 17:39 - 00017920 _____ C:\Users\Donna\Downloads\Schedule.xls
2013-12-11 12:40 - 2013-08-04 15:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-09 22:36 - 2013-12-09 22:35 - 00991552 _____ C:\Users\Donna\Downloads\FLV_installer.exe
2013-12-09 18:51 - 2013-12-09 18:51 - 00648178 _____ C:\Users\Donna\Downloads\Unconfirmed 56037.crdownload
2013-12-09 18:51 - 2013-12-09 18:51 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 57760.crdownload
2013-12-09 18:51 - 2013-12-09 18:51 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 219549.crdownload
2013-12-09 18:51 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 205848.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 746482.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 716388.crdownload
2013-12-09 18:50 - 2013-12-09 18:50 - 00648173 _____ C:\Users\Donna\Downloads\Unconfirmed 443101.crdownload
2013-12-09 18:49 - 2013-12-09 18:49 - 00648174 _____ C:\Users\Donna\Downloads\Unconfirmed 427982.crdownload
2013-12-09 12:46 - 2013-12-09 12:46 - 00002514 _____ C:\Users\Donna\Desktop\GoToMeeting Quick Connect.lnk
2013-12-09 12:46 - 2013-08-20 09:58 - 00000000 ____D C:\Users\Donna\AppData\Local\Citrix
2013-12-07 00:10 - 2013-12-06 22:52 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-12-06 19:41 - 2013-12-06 19:41 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-06 19:41 - 2013-11-07 15:43 - 00000000 ____D C:\Users\Donna\AppData\Roaming\Mozilla
2013-12-06 19:40 - 2013-12-06 19:40 - 00000000 ____D C:\Program Files (x86)\sp
2013-12-05 13:17 - 2013-08-03 22:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2013-12-05 13:17 - 2013-08-03 22:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2013-12-05 02:19 - 2013-08-03 22:12 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-01 20:56 - 2013-09-25 20:46 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000UA
2013-12-01 20:56 - 2013-09-25 20:46 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2567389542-2190629584-292433659-1000Core
2013-12-01 11:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-28 17:49 - 2013-11-28 17:49 - 00001697 _____ C:\Users\Donna\Desktop\Google Drive.lnk
2013-11-28 17:47 - 2013-08-03 22:04 - 00000000 ____D C:\Users\Donna
2013-11-28 17:46 - 2013-11-28 17:46 - 00000000 ____D C:\Users\Donna\My Google Drive
2013-11-28 17:41 - 2013-11-28 17:41 - 00002051 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-11-28 17:41 - 2013-11-28 17:41 - 00002047 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-11-28 17:41 - 2013-11-28 17:41 - 00002035 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-11-28 17:41 - 2013-08-03 22:09 - 00000000 ____D C:\Users\Donna\AppData\Local\Google
2013-11-28 17:41 - 2010-07-23 00:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-28 17:39 - 2013-11-28 17:39 - 00819136 _____ (Google Inc.) C:\Users\Donna\Downloads\googledrivesync (2).exe
2013-11-28 17:39 - 2013-11-28 17:39 - 00819136 _____ (Google Inc.) C:\Users\Donna\Downloads\googledrivesync (1).exe
2013-11-28 14:01 - 2013-11-28 14:00 - 00004125 _____ C:\Users\Donna\Downloads\Thanksgiving Soul Jam_5351261_20131128052736.xls
2013-11-28 14:01 - 2013-11-27 18:49 - 00359863 _____ C:\Users\Donna\Downloads\Balcony pool (1).htm
2013-11-27 18:49 - 2013-11-27 18:49 - 00359863 _____ C:\Users\Donna\Downloads\Balcony pool.htm
2013-11-27 13:06 - 2013-08-04 15:38 - 00000000 ____D C:\Users\Donna\AppData\Local\Microsoft Help
2013-11-27 09:50 - 2013-09-30 13:50 - 00115738 _____ C:\Users\Donna\Desktop\Dona's contacts (edited).csv
2013-11-23 11:46 - 2013-11-23 11:46 - 00003843 _____ C:\Users\Donna\Downloads\Babyface_5334774_20131123 050205.xls

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\nitro_reader3_64 .exe
C:\Users\Donna\AppData\Local\Temp\nsaDAB9.exe
C:\Users\Donna\AppData\Local\Temp\nsaF27E.exe
C:\Users\Donna\AppData\Local\Temp\nskF4DF.exe
C:\Users\Donna\AppData\Local\Temp\nso93F0.exe
C:\Users\Donna\AppData\Local\Temp\nspD857.exe
C:\Users\Donna\AppData\Local\Temp\ose00000.exe
C:\Users\Donna\AppData\Local\Temp\skitchsetup-2.3.0.10.exe
C:\Users\Donna\AppData\Local\Temp\SpOrder.dll
C:\Users\Donna\AppData\Local\Temp\System.Data.SQLi te.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 22:28

==================== End Of Log ============================
Reply With Quote
  #5  
Old December 24th, 2013, 02:06 AM
donacrane donacrane is offline
New Member
 
Join Date: Dec 2013
O/S: Windows 7 64-bit
Location: Chicago
Posts: 4
Quote:
Originally Posted by Aaflac View Post
Welcome to CTH Forums, donacrane!

Please use the Farbar Recovery Scan Tool.

Download: http://www.bleepingcomputer.com/down...ery-scan-tool/

Select the version that applies to your system: 64-bit
Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

Press the Scan button.


When done, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt

>> Also post the Addition.txt in your reply.
Are there any more directions for? I sent the logs (not in the right order though) that you requested. Just a bit anxious to get rid of the interference.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Recommendations For A Good Quality Laptop Under $350 weatherman Hardware 3 January 8th, 2019 03:22 AM
Level Quality Watcher invection? Dazdb Malware Removal 37 March 11th, 2014 10:39 PM
Infected with Level Quality Watcher k9mom007 Malware Removal 56 January 18th, 2014 07:09 AM
Sent here from Norton Level Quality Watcher Removal StaffyLover Malware Removal 5 December 22nd, 2013 07:53 AM
TV watcher mummy chapper Open Discussion 10 February 20th, 2007 06:47 PM


All times are GMT +1. The time now is 09:03 PM.