Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacking browser virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 uno0322

uno0322

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 18 August 2013 - 06:28 PM

I was looking around for step by step instructions on how to remove the virus and found this thread on the forum -  http://www.bleepingcomputer.com/forums/t/484964/infected-with-httpwebsearchgood-resultsinfo/.

 

I was wondering if I could go through the same process.

 

Thanks,

 

UNO Student

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 18 August 2013 - 07:53 PM

Hello, please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 uno0322

uno0322
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 August 2013 - 12:41 PM

Sorry it took a couple of days to respond I was expecting it to take at least 2 days for response.

Thank you for such quick action!

 

Here is FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 04
Ran by Anthony (administrator) on 20-08-2013 12:36:43
Running from C:\Users\Anthony\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2010-01-19] (Intel® Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [OurSoftUpdaterChecker] - C:\Program Files (x86)\NetNucleous\GorillaPrice\GPCheck.exe [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-29] (Google Inc.)
MountPoints2: {edfad534-619b-11e2-b162-f04da2569a7b} - "G:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Everything] - C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-12-06] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Mark\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-29] (Google Inc.)
HKU\patty iphone\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-29] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}
SearchScopes: HKLM-x32 - DefaultScope {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=719&r=2013/03/01&hid=2118183199&lg=EN&cc=US
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}
SearchScopes: HKCU - DefaultScope {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN40788762512774232&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119842&babsrc=SP_ss&mntrId=E472F04DA2569A7B
SearchScopes: HKCU - {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN40788762512774232&UM=2
SearchScopes: HKCU - {750070D6-F5EA-46EC-B521-825427D74280} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B9079E55-8DF4-4F16-8E50-55D8E6DB73ED&apn_sauid=F69D1B67-EC8A-4214-9895-120BCE09D797
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=719&r=2013/03/01&hid=2118183199&lg=EN&cc=US
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&crg=3.5000006.10043&st=23
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Browwsse2saVee - {282F1FCA-E619-9920-ECCD-BD61E359783C} - C:\ProgramData\Browwsse2saVee\5130433af20b5.dll ()
BHO-x32: Searcehh--NewTab - {4C490497-6C7E-D767-6D3F-AAC307074789} - C:\ProgramData\Searcehh--NewTab\5130463812671.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default
FF user.js: detected! => C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\user.js
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&crg=3.5000006.10043
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\mixidj-v44-customized-web-search.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\Extensions\WebSiteRecommendation@weliketheweb.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] C:\Users\Anthony\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.9_0
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Anthony\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Anthony\AppData\Local\Torch\Plugins\TorchPlugin.crx

==================== Services (Whitelisted) =================

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2010-01-19] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 12:36 - 2013-08-20 12:36 - 00000000 ____D C:\FRST
2013-08-18 21:14 - 2013-08-18 21:14 - 00000000 ___RD C:\Users\Anthony\Documents\MARK-PC
2013-08-18 17:55 - 2013-08-18 17:55 - 01446477 _____ C:\Users\Anthony\Downloads\WDFirmwareUpdater.zip
2013-08-17 12:40 - 2013-08-17 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-13 16:48 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 16:48 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 16:48 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-13 16:48 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 16:48 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-13 16:48 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 16:48 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 16:48 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 16:48 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 16:48 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 16:48 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 16:48 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 16:48 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-13 16:48 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:41 - 2013-08-13 16:44 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 16:08 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 16:08 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 16:08 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 16:08 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:08 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 16:08 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 16:08 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 16:08 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 16:08 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 16:08 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 16:08 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 16:08 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 16:08 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:08 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:08 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:08 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:08 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:08 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:08 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:08 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:08 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:08 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:08 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:08 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:08 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:08 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 16:08 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 15:38 - 2013-08-13 15:38 - 00000000 _____ C:\Users\Anthony\Desktop\initdebug.nfo
2013-08-13 15:37 - 2013-08-18 22:43 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-08-13 15:37 - 2013-08-13 15:37 - 02142960 _____ C:\Users\Anthony\Desktop\speedfan-4.47-multi.exe
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\patty iphone\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\Mark\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\Anthony\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-08-13 15:37 - 2013-08-13 15:37 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-08-13 15:33 - 2013-08-13 15:33 - 00288688 _____ C:\Users\Anthony\Downloads\SpeedFan.exe
2013-08-13 15:32 - 2013-08-13 15:32 - 00003236 _____ C:\Windows\System32\Tasks\DSite
2013-08-13 15:32 - 2013-08-13 15:32 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\SimilarSites
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\DSite
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Program Files (x86)\SimilarSites
2013-08-13 15:31 - 2013-08-13 15:31 - 00714352 _____ C:\Users\Anthony\Downloads\ZipOpenerSetup.exe
2013-08-13 15:13 - 2013-08-13 15:13 - 00891115 _____ C:\Users\Anthony\Downloads\SecurityCheck.exe
2013-08-13 15:13 - 2013-08-13 15:13 - 00000476 _____ C:\Users\Anthony\Downloads\defogger_disable.log
2013-08-13 15:13 - 2013-08-13 15:13 - 00000000 _____ C:\Users\Anthony\defogger_reenable
2013-08-13 15:12 - 2013-08-13 15:12 - 00050477 _____ C:\Users\Anthony\Downloads\Defogger.exe
2013-08-06 10:25 - 2013-08-06 10:25 - 00879352 _____ C:\Windows\Minidump\080613-20389-01.dmp
2013-08-05 21:13 - 2013-08-05 21:13 - 00262144 _____ C:\Windows\Minidump\080513-18891-01.dmp
2013-08-05 20:31 - 2013-08-05 20:31 - 00262144 _____ C:\Windows\Minidump\080513-18236-01.dmp
2013-08-05 17:53 - 2013-08-05 17:53 - 00262144 _____ C:\Windows\Minidump\080513-19484-01.dmp
2013-07-26 08:00 - 2013-07-26 08:00 - 00008460 _____ C:\Users\Anthony\Desktop\c1581.jar
2013-07-26 06:58 - 2013-07-26 06:58 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message (2).zip
2013-07-26 06:56 - 2013-07-26 06:56 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message (1).zip
2013-07-25 21:56 - 2013-07-25 21:56 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message.zip
2013-07-22 10:24 - 2013-07-22 10:24 - 01067192 _____ (Solid State Networks) C:\Users\Anthony\Downloads\install_flashplayer11x32axau_mssa_aaa_aih.exe
2013-07-21 18:52 - 2013-08-02 16:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-21 02:37 - 2013-05-17 09:41 - 00192512 _____ C:\Users\Anthony\AppData\Local\common_functions.dll
2013-07-21 02:37 - 2012-06-26 05:59 - 00940544 _____ (Apache Software Foundation) C:\Users\Anthony\AppData\Local\log4cxx.dll
2013-07-21 02:32 - 2013-07-21 02:32 - 00000000 ____D C:\Users\Anthony\AppData\Local\CRE

==================== One Month Modified Files and Folders =======

2013-08-20 12:36 - 2013-08-20 12:36 - 01576208 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe
2013-08-20 12:36 - 2013-08-20 12:36 - 00000000 ____D C:\FRST
2013-08-20 12:22 - 2013-04-29 10:57 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-20 11:59 - 2013-01-17 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 11:46 - 2013-01-17 12:36 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000UA.job
2013-08-20 11:46 - 2013-01-17 12:36 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000Core.job
2013-08-19 20:39 - 2013-01-16 11:29 - 01875963 _____ C:\Windows\WindowsUpdate.log
2013-08-19 19:06 - 2013-04-29 10:57 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-18 22:43 - 2013-08-13 15:37 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-08-18 21:14 - 2013-08-18 21:14 - 00000000 ___RD C:\Users\Anthony\Documents\MARK-PC
2013-08-18 21:05 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-18 21:00 - 2009-07-13 23:51 - 00045489 _____ C:\Windows\setupact.log
2013-08-18 18:09 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:09 - 2009-07-13 23:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-18 18:07 - 2013-02-03 00:59 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Western Digital
2013-08-18 18:07 - 2013-02-03 00:59 - 00000000 ____D C:\Users\Anthony\AppData\Local\Western Digital
2013-08-18 17:56 - 2013-01-18 13:49 - 00000000 ____D C:\ProgramData\Western Digital
2013-08-18 17:55 - 2013-08-18 17:55 - 01446477 _____ C:\Users\Anthony\Downloads\WDFirmwareUpdater.zip
2013-08-18 17:50 - 2013-03-01 01:11 - 00000420 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-08-18 17:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-17 16:10 - 2013-01-17 12:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 12:40 - 2013-08-17 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-17 11:50 - 2010-11-20 22:47 - 00093154 _____ C:\Windows\PFRO.log
2013-08-15 13:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-13 17:05 - 2013-01-18 14:11 - 00000000 ____D C:\Program Files (x86)\Everything
2013-08-13 16:44 - 2013-08-13 16:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 16:41 - 2013-01-17 11:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 15:38 - 2013-08-13 15:38 - 00000000 _____ C:\Users\Anthony\Desktop\initdebug.nfo
2013-08-13 15:37 - 2013-08-13 15:37 - 02142960 _____ C:\Users\Anthony\Desktop\speedfan-4.47-multi.exe
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\patty iphone\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\Mark\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00001011 _____ C:\Users\Anthony\Desktop\SpeedFan.lnk
2013-08-13 15:37 - 2013-08-13 15:37 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-08-13 15:37 - 2013-08-13 15:37 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-08-13 15:33 - 2013-08-13 15:33 - 00288688 _____ C:\Users\Anthony\Downloads\SpeedFan.exe
2013-08-13 15:32 - 2013-08-13 15:32 - 00003236 _____ C:\Windows\System32\Tasks\DSite
2013-08-13 15:32 - 2013-08-13 15:32 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\SimilarSites
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\DSite
2013-08-13 15:32 - 2013-08-13 15:32 - 00000000 ____D C:\Program Files (x86)\SimilarSites
2013-08-13 15:31 - 2013-08-13 15:31 - 00714352 _____ C:\Users\Anthony\Downloads\ZipOpenerSetup.exe
2013-08-13 15:13 - 2013-08-13 15:13 - 00891115 _____ C:\Users\Anthony\Downloads\SecurityCheck.exe
2013-08-13 15:13 - 2013-08-13 15:13 - 00000476 _____ C:\Users\Anthony\Downloads\defogger_disable.log
2013-08-13 15:13 - 2013-08-13 15:13 - 00000000 _____ C:\Users\Anthony\defogger_reenable
2013-08-13 15:13 - 2013-01-17 17:59 - 00000000 ____D C:\Users\Anthony
2013-08-13 15:12 - 2013-08-13 15:12 - 00050477 _____ C:\Users\Anthony\Downloads\Defogger.exe
2013-08-06 10:25 - 2013-08-06 10:25 - 00879352 _____ C:\Windows\Minidump\080613-20389-01.dmp
2013-08-06 10:25 - 2013-03-11 23:15 - 517071796 _____ C:\Windows\MEMORY.DMP
2013-08-06 10:25 - 2013-03-11 23:15 - 00000000 ____D C:\Windows\Minidump
2013-08-05 21:13 - 2013-08-05 21:13 - 00262144 _____ C:\Windows\Minidump\080513-18891-01.dmp
2013-08-05 20:31 - 2013-08-05 20:31 - 00262144 _____ C:\Windows\Minidump\080513-18236-01.dmp
2013-08-05 17:53 - 2013-08-05 17:53 - 00262144 _____ C:\Windows\Minidump\080513-19484-01.dmp
2013-08-02 16:24 - 2013-07-21 18:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 10:17 - 2013-04-27 14:51 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-26 13:26 - 2013-07-11 16:12 - 00000000 ____D C:\Users\Anthony\Desktop\c1581
2013-07-26 13:00 - 2013-06-11 19:38 - 00001078 _____ C:\Users\Anthony\.drjava
2013-07-26 08:00 - 2013-07-26 08:00 - 00008460 _____ C:\Users\Anthony\Desktop\c1581.jar
2013-07-26 06:58 - 2013-07-26 06:58 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message (2).zip
2013-07-26 06:56 - 2013-07-26 06:56 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message (1).zip
2013-07-26 00:13 - 2013-08-13 16:48 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 00:13 - 2013-08-13 16:48 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 00:13 - 2013-08-13 16:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 00:12 - 2013-08-13 16:48 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 00:12 - 2013-08-13 16:48 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 22:35 - 2013-08-13 16:48 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 22:13 - 2013-08-13 16:48 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 22:13 - 2013-08-13 16:48 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 22:12 - 2013-08-13 16:48 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 22:11 - 2013-08-13 16:48 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 22:11 - 2013-08-13 16:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 21:56 - 2013-07-25 21:56 - 00005500 _____ C:\Users\Anthony\Downloads\Untitled_Message.zip
2013-07-25 21:49 - 2013-08-13 16:48 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 21:39 - 2013-08-13 16:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 20:59 - 2013-08-13 16:48 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 04:25 - 2013-08-13 16:08 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 03:57 - 2013-08-13 16:08 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-22 10:30 - 2013-01-17 18:00 - 00000000 ____D C:\Users\Anthony\AppData\Local\Adobe
2013-07-22 10:27 - 2013-01-17 12:38 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 10:27 - 2013-01-17 12:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-22 10:27 - 2013-01-17 12:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 10:24 - 2013-07-22 10:24 - 01067192 _____ (Solid State Networks) C:\Users\Anthony\Downloads\install_flashplayer11x32axau_mssa_aaa_aih.exe
2013-07-21 18:51 - 2013-04-29 10:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-21 02:35 - 2013-03-01 00:59 - 00000000 ____D C:\Users\Anthony\AppData\Local\Conduit
2013-07-21 02:33 - 2013-03-01 00:59 - 00000009 _____ C:\END
2013-07-21 02:32 - 2013-07-21 02:32 - 00000000 ____D C:\Users\Anthony\AppData\Local\CRE
2013-07-21 02:31 - 2013-01-17 12:38 - 00000000 ____D C:\ProgramData\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-15 13:06

==================== End Of Log ============================

 

And Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2013 04
Ran by Anthony at 2013-08-20 12:37:48
Running from C:\Users\Anthony\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe AIR (x32 Version: 3.5.0.1060)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dev-C++ 5 beta 9 release (4.9.9.2) (x32)
dows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (Version: 09/02/2009 1.0.0.1)
Everything 1.2.1.371 (x32)
firstobject XML Editor version 2.4.2 (x32)
Git version 1.8.3-preview20130601 (x32 Version: 1.8.3-preview20130601)
Google Chrome (x32 Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 13.01.1000)
iPad/iPhone/iPod to Computer Transfer 7.8.4 (x32)
iTunes (Version: 11.0.4.4)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Codec Pack 9.7.0 (64-bit) (Version: 9.7.0)
K-Lite Codec Pack 9.7.0 (Full) (x32 Version: 9.7.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
McAfee Security Scan Plus (x32 Version: 3.0.287.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
OptimizerPro (Version: 1.0)
QuickBooks (x32 Version: 22.0.4012.2206)
QuickBooks Premier Edition 2012 (x32 Version: 22.0.4012.2206)
QuickTime (x32 Version: 7.74.80.86)
Searcehh--NewTab (x32 Version: )
Search Assistant WebSearch 1.74 (x32)
SpeedFan (remove only) (x32)
swMSM (x32 Version: 12.0.0.1)
TI Connect 1.6 (x32 Version: 1.6)
Torch (HKCU Version: 25.0.0.3646)
TouchCopy 12 (x32 Version: 12.08)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (Version: 06/11/2009 1.0.0.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points  =========================

23-07-2013 22:47:48 Windows Update
30-07-2013 14:53:53 Windows Update
02-08-2013 20:47:48 Windows Update
07-08-2013 22:57:28 Windows Update
11-08-2013 17:27:25 Windows Update
13-08-2013 21:40:28 Windows Update
17-08-2013 17:01:04 Windows Update
18-08-2013 23:07:07 Removed WD SmartWare
18-08-2013 23:12:54 Windows Backup
19-08-2013 03:28:37 Windows Backup

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {001DD1AA-C744-49C2-9A9A-2B21962D1B9B} - System32\Tasks\GorillaPrice => C:\Program No File
Task: {02411304-BEF5-49C2-870E-AA52170103F9} - System32\Tasks\Poppet => C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\trillipoppet.exe No File
Task: {252BDB20-0EC7-40C1-890E-4DFA3774808F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: {3BCFCDB0-0E6B-4FF1-B47B-9CA1BC96066B} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2223099623-3214478855-2564085246-1003 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {439EDA6C-CC44-431C-975D-D319A46BC92D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {783BB437-A563-44DB-BFFE-05C7351939B3} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-01-23] ()
Task: {79BC3CA4-8B5E-4BB9-9998-C3CC1A37DAF6} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {845A576B-0522-423D-BC4F-D99D43954A4F} - System32\Tasks\4918 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {85830AF5-E0D0-47F7-92AD-CB2223593DBA} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {8F4D291B-14E6-4EF6-9DD3-9232863D9575} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22] (Adobe Systems Incorporated)
Task: {9252CE55-E314-48FB-A83B-1841AA05B050} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29] (Google Inc.)
Task: {9D0C4DF2-2F18-473B-9D6B-C6E8E9017188} - System32\Tasks\DSite => C:\Users\Anthony\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {A3125E05-3A25-4BAF-9B10-C356512F83C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {C1859714-6949-4085-993C-DBAE3B759997} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {C9A37CD2-8DF1-4056-8E3C-A1707C4A9638} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2223099623-3214478855-2564085246-1002 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {DE2D37C2-ABF7-403C-B24B-113D55B88CA3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {F29FB967-A375-4F8F-9B3B-336B7C6F1354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F8EC4495-AAC0-4D8B-B5B2-2702624E5EB7} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Anthony\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2223099623-3214478855-2564085246-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Advanced-N + WiMAX 6250
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12402

Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12402

Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11216

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11216

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10218

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10218

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9220


System errors:
=============
Error: (08/19/2013 07:05:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/18/2013 11:24:16 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/13/2013 04:40:49 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/10/2013 11:16:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.


Microsoft Office Sessions:
=========================
Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12402

Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12402

Error: (08/20/2013 02:57:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11216

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11216

Error: (08/20/2013 02:57:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10218

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10218

Error: (08/20/2013 02:57:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/20/2013 02:57:09 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9220


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 5940.52 MB
Available physical RAM: 3598.68 MB
Total Pagefile: 11879.23 MB
Available Pagefile: 9367.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:129.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 07F2837E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thank you again!



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 20 August 2013 - 01:02 PM

Please do the following:

Download attached fixlist.txt file and save it to your downloads folder

[attachment=141031:FixList.txt]

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 uno0322

uno0322
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 August 2013 - 01:08 PM

Here you go!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-08-2013 04
Ran by Anthony at 2013-08-20 13:06:58 Run:1
Running from C:\Users\Anthony\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}
SearchScopes: HKLM-x32 - DefaultScope {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=719&r=2013/03/01&hid=2118183199&lg=EN&cc=US
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}
SearchScopes: HKCU - DefaultScope {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN40788762512774232&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119842&babsrc=SP_ss&mntrId=E472F04DA2569A7B
SearchScopes: HKCU - {5ECA3AEA-F33A-4467-BADD-FD14088F551B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN40788762512774232&UM=2
SearchScopes: HKCU - {750070D6-F5EA-46EC-B521-825427D74280} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B9079E55-8DF4-4F16-8E50-55D8E6DB73ED&apn_sauid=F69D1B67-EC8A-4214-9895-120BCE09D797
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.pu-results.info/?l=1&q={searchTerms}&pid=719&r=2013/03/01&hid=2118183199&lg=EN&cc=US
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&crg=3.5000006.10043&st=23
BHO-x32: Browwsse2saVee - {282F1FCA-E619-9920-ECCD-BD61E359783C} - C:\ProgramData\Browwsse2saVee\5130433af20b5.dll ()
BHO-x32: Searcehh--NewTab - {4C490497-6C7E-D767-6D3F-AAC307074789} - C:\ProgramData\Searcehh--NewTab\5130463812671.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&crg=3.5000006.10043
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\mixidj-v44-customized-web-search.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}] C:\Users\Anthony\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
2013-07-21 02:35 - 2013-03-01 00:59 - 00000000 ____D C:\Users\Anthony\AppData\Local\Conduit


























*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5ECA3AEA-F33A-4467-BADD-FD14088F551B} => Key deleted successfully.
HKCR\CLSID\{5ECA3AEA-F33A-4467-BADD-FD14088F551B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{750070D6-F5EA-46EC-B521-825427D74280} => Key deleted successfully.
HKCR\CLSID\{750070D6-F5EA-46EC-B521-825427D74280} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282F1FCA-E619-9920-ECCD-BD61E359783C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{282F1FCA-E619-9920-ECCD-BD61E359783C} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C490497-6C7E-D767-6D3F-AAC307074789} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4C490497-6C7E-D767-6D3F-AAC307074789} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
Firefox newtab deleted successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\BrowserProtect.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\delta.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\mixidj-v44-customized-web-search.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\sweetim.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\web-search.xml => Moved successfully.
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\searchplugins\WebSearch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => Value deleted successfully.
C:\Users\Anthony\AppData\Local\Conduit => Moved successfully.

==== End of Fixlog ====



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 20 August 2013 - 01:13 PM

Please run the following

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 uno0322

uno0322
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 August 2013 - 01:39 PM

ComboFix 13-08-19.02 - Anthony 08/20/2013  13:29:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5941.4057 [GMT -5:00]
Running from: c:\users\Anthony\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\NetNucleous
c:\program files (x86)\NetNucleous\GorillaPrice\config.dat
c:\programdata\BetterSoft\OptimizerPro
c:\programdata\BetterSoft\OptimizerPro\3036567561.dll
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe
c:\programdata\Browwsse2saVee
c:\programdata\Browwsse2saVee\5130433af20b5.dll
c:\programdata\Browwsse2saVee\5130433af20b5.tlb
c:\programdata\Browwsse2saVee\513045df91e5d.dll
c:\programdata\Browwsse2saVee\513045df91e5d.tlb
c:\programdata\Browwsse2saVee\settings.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\Searcehh--NewTab
c:\programdata\Microsoft\Windows\Start Menu\Programs\Searcehh--NewTab\Searcehh--NewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Searcehh--NewTab\Uninstall.lnk
c:\programdata\Searcehh--NewTab
c:\programdata\Searcehh--NewTab\5130463812671.dll
c:\programdata\Searcehh--NewTab\5130463812671.tlb
c:\programdata\Searcehh--NewTab\data\Searcehh--NewTab.dat
c:\programdata\Searcehh--NewTab\settings.ini
c:\programdata\Searcehh--NewTab\uninstall.exe
c:\users\Anthony\AppData\Local\common_functions.dll
c:\users\Anthony\AppData\Local\ie_runner_app.exe
c:\windows\PFRO.log
.
----- File Replicators -----
.
c:\program files (x86)\Git\bin\git.exe
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ignore.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-column.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-credential.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut14_BEE26BE476C840AC98CBE2DB38670EE6.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut141_B19E6CA6BFE54DABBAFB75D45E634D74.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-20 to 2013-08-20  )))))))))))))))))))))))))))))))
.
.
2013-08-20 18:35 . 2013-08-20 18:35    --------    d-----w-    c:\users\patty iphone\AppData\Local\temp
2013-08-20 18:35 . 2013-08-20 18:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-20 17:36 . 2013-08-20 17:36    --------    d-----w-    C:\FRST
2013-08-20 00:25 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66218E53-D60C-4EFA-AFB9-4C7FFE46EB8B}\mpengine.dll
2013-08-18 22:58 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-13 21:41 . 2013-08-13 21:44    --------    d-----w-    c:\windows\system32\MRT
2013-08-13 20:37 . 2013-08-19 03:43    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-08-13 20:32 . 2013-08-13 20:32    --------    d-----w-    c:\program files (x86)\SimilarSites
2013-08-13 20:32 . 2013-08-13 20:32    --------    d-----w-    c:\users\Anthony\AppData\Roaming\SimilarSites
2013-08-13 20:32 . 2013-08-13 20:32    --------    d-----w-    c:\users\Anthony\AppData\Roaming\DSite
2013-08-05 17:42 . 2013-08-05 17:42    --------    d-----w-    c:\users\Anthony\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-13 21:41 . 2013-01-17 16:51    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-22 15:27 . 2013-01-17 17:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-22 15:27 . 2013-01-17 17:38    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-17 17:22 . 2013-07-17 17:22    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B78B1F3D-103A-404F-992C-32DDF74AE5B6}\gapaengine.dll
2013-07-09 04:45 . 2013-08-13 21:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-06-24 11:35 . 2013-06-24 11:35    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 11:34 . 2013-01-17 17:38    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 11:34 . 2013-01-17 17:38    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-20 20:24 . 2013-03-13 22:13    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-05 03:34 . 2013-07-11 20:03    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 20:03    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 20:03    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-12-06 2643320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-12-6 6186872]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe [2012-9-11 271808]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-12-6 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 21:22    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17 15:27]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29 15:57]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29 15:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN17758826671925844&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-08-13 15:32; WebSiteRecommendation@weliketheweb.com; c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cpnjy1qi.default\extensions\WebSiteRecommendation@weliketheweb.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e472ed36000000000000f04da2569a7b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15817
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1617:15
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-OurSoftUpdaterChecker - c:\program files (x86)\NetNucleous\GorillaPrice\GPCheck.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\Searcehh--NewTab\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2223099623-3214478855-2564085246-1003)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2223099623-3214478855-2564085246-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-20  13:37:52
ComboFix-quarantined-files.txt  2013-08-20 18:37
.
Pre-Run: 141,377,642,496 bytes free
Post-Run: 144,383,606,784 bytes free
.
- - End Of File - - E0B1545AF996AE47E2D002A7FA1F2CA3
A36C5E4F47E84449FF07ED3517B43A31
 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 20 August 2013 - 03:06 PM

There are still signs of adware in the log, we need to run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Clean
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 uno0322

uno0322
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 August 2013 - 08:39 PM

Junk tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anthony on Tue 08/20/2013 at 17:06:36.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeinc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3279141
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298580
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bettersoft"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler"
Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\local\jollywallet"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\local\swvupdater"
Failed to delete: [Folder] "C:\Users\Anthony\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Anthony\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\websearch"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cpnjy1qi.default\user.js
Successfully deleted: [Folder] C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cpnjy1qi.default\sweetpackstoolbardata
Successfully deleted the following from C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cpnjy1qi.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3298580");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN17758826671925844&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=121284&babsrc=NT_ss&mntrId=e472ed36000000000000f04da2569a7b");
user_pref("extensions.crossrider.bic", "13e33e4c808fae321eb9788dca7537b2");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "22");
user_pref("extensions.delta.cntry", "US");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "D0B91591C71B56236DBF9E837C887FE4");
user_pref("extensions.delta.id", "e472ed36000000000000f04da2569a7b");
user_pref("extensions.delta.instlDay", "15817");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.16.1617:15:20");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1617:15:20");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.wajam.affiliate_id", "5926");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABE
user_pref("extensions.wajam.trace_log", "1366670231891 - processInstallationUpgrade - version: 1.26\n1366670231892 - processInstallationUpgrade - versionActual: 1.26\n13666702
user_pref("extensions.wajam.unique_id", "A89348BF45C7E4ABCF24770050D44363");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.26");
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
user_pref("smartbar.machineId", "MDSLHHB9OISYJD+E7RWDWSYHAEH1PYEFVWJ/GUWPI6ZCJ+IRGH24ATYZREAALJWCR7SR3VFPMCZ/JYCDG3POJW");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.5000006.10043");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
user_pref("sweetim.toolbar.defaultProvider", "bng");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "true");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
user_pref("sweetim.toolbar.previous.browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}&src=97&crg=3.5000006.10043&st=23");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN11780384981683821&UM=2&SearchSource=3&q={search
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www1.delta-search.com/?affID=119842&babsrc=HP_ss&mntrId=E472F04DA2569A7B");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.3.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.3.callback", "");
user_pref("sweetim.toolbar.scripts.3.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.3.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.3.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.3.enable", "false");
user_pref("sweetim.toolbar.scripts.3.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.3.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{F5646936-D3C7-11E2-9B8A-F04DA2569A7B}");
user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={F5646936-D3C7-11E2-9B8A-F04DA2569A7B}");
user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
user_pref("sweetim.toolbar.version", "1.13.0.1");
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");
Emptied folder: C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cpnjy1qi.default\minidumps [105 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 17:11:16.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

mbam-log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Anthony :: USER-PC [administrator]

Protection: Enabled

8/20/2013 5:22:37 PM
mbam-log-2013-08-20 (17-22-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274258
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Anthony\Downloads\CodecPerformerSetup.exe (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Anthony\Downloads\SpeedFan.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

(end)

 

ESET SCAN:

 

C:\Qoobox\Quarantine\C\ProgramData\BetterSoft\OptimizerPro\3036567561.dll.vir    Win32/GenUpdater application
C:\Qoobox\Quarantine\C\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe.vir    Win32/GenUpdater application
C:\Qoobox\Quarantine\C\ProgramData\Browwsse2saVee\5130433af20b5.dll.vir    a variant of Win32/Adware.MultiPlug.I application
C:\Qoobox\Quarantine\C\ProgramData\Browwsse2saVee\513045df91e5d.dll.vir    a variant of Win32/Adware.MultiPlug.I application
C:\Qoobox\Quarantine\C\ProgramData\Searcehh--NewTab\5130463812671.dll.vir    a variant of Win32/Adware.MultiPlug.I application
C:\Users\Anthony\Downloads\Calculus_Made_Easy_Ti_89_Titanium_downloader_424.exe    a variant of Win32/YourFileDownloader.B application
C:\Users\Anthony\Downloads\setup.exe    a variant of Win32/AirAdInstaller.A application
C:\Users\Anthony\Downloads\Setup_ODM.exe    Win32/Adware.RK.AQ application
C:\Users\Anthony\Downloads\ZipOpenerSetup.exe    a variant of Win32/InstallCore.CF application
 

Thank you again,

 

UNO Student
 



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 21 August 2013 - 08:05 AM

These installation files are bundles with adware, if you no longer need them, right click and delete them

C:\Users\Anthony\Downloads\Calculus_Made_Easy_Ti_89_Titanium_downloader_424.exe
C:\Users\Anthony\Downloads\setup.exe
C:\Users\Anthony\Downloads\Setup_ODM.exe
C:\Users\Anthony\Downloads\ZipOpenerSetup.exe


The other detections are in quarantine already.

How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 uno0322

uno0322
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 23 August 2013 - 09:04 PM

Sorry for the lengthy wait for a response, work has been busy last couple of days.

 

I deleted those files but haven't had a chance to test it since last fix. I will post after i run it through the paces.

 

Thank you so much,

 

Uno Student



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 23 August 2013 - 09:35 PM

ok, let me know how it goes

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:47 PM

Posted 23 September 2013 - 12:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users