Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Downloader.Gen won't remove


  • This topic is locked This topic is locked
17 replies to this topic

#1 Solanelli

Solanelli

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 12 December 2013 - 07:04 AM

Okay,

 

So, I had loads of PUP installed on my computer, I got most of them from CNET downloading software, so never again for me. I can't seem to remove the WIN32.Downloader.gen that spybot has detected. And I think Malware bytes have detected the same thing (and after I scanned the computer removed said malware, restarted, it's still there.)

 

I'm at a loss of what to do.

 

So for some reason the DDS is not working. It says that the program wasn't meant to run in "Compatibility Mode" I don't know what that means. I am running 8.1 Windows.

 

So, now I don't have the log, but I am attaching the MalwareBytes log below. Once I finish scanning with Spybot again, I'll attach that.

 

I'll appreciate any help whatsoever. Thank you so much. 

Attached File  MBAM-log-2013-12-12 (06-56-57).txt   2.26KB   0 downloads



BC AdBot (Login to Remove)

 


#2 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 December 2013 - 01:21 PM

Sorry, I have no idea about how to edit my previous post.  But I think the original log from the first full scan of my computer would be helpful so I'm attaching it here. I seem to have been infected by Search Protect and Conduit. And, I scanned with malware again after removing the thing from the last log (in the first post) and it says that no malware has been detected.
 
And sorry. I think I was infected with Search Protect and also Conduit, instead of Win32.Downloader.Gen.
 
Thanks for the help in advance.

 

SPYBOT LOG 

 

Search results from Spybot - Search & Destroy

 
12/12/2013 5:36:34 AM
Scan took 00:24:31.
22 items found.
 
Win32.Downloader.gen: [SBI $BCCEBCBD] Program directory (Directory, nothing done)
  C:\Users\I\AppData\Roaming\SearchProtect\
  Directory.subfile=C:\Users\I\AppData\Roaming\SearchProtect\bin\rep.dat
  Directory.subfile.size=25976
  Directory.subfile.md5=B81AF94D080EA26B7B65042DFE81CA13
  Directory.subfile.filedate=1386840758
  Directory.subfile.filedatetext=2013-12-12 04:32:37
 
Win32.Downloader.gen: [SBI $2B63DD0C] Program directory (Directory, nothing done)
  C:\Users\I\AppData\Roaming\SearchProtect\bin\
  Directory.subfile=C:\Users\I\AppData\Roaming\SearchProtect\bin\rep.dat
  Directory.subfile.size=25976
  Directory.subfile.md5=B81AF94D080EA26B7B65042DFE81CA13
  Directory.subfile.filedate=1386840758
  Directory.subfile.filedatetext=2013-12-12 04:32:37
 
Win32.Downloader.gen: [SBI $C408DE11]  Data (File, nothing done)
  C:\Users\I\AppData\Roaming\SearchProtect\bin\rep.dat
  Properties.size=25976
  Properties.md5=B81AF94D080EA26B7B65042DFE81CA13
  Properties.filedate=1386840758
  Properties.filedatetext=2013-12-12 04:32:37
 
Win32.Downloader.gen: [SBI $E6AD2227] Program directory (Directory, nothing done)
  C:\Users\I\AppData\Local\Conduit\
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
  Directory.subfile.size=319264
  Directory.subfile.md5=FD42EA980FE1833B3A5EB429273CD1B2
  Directory.subfile.filedate=1383756778
  Directory.subfile.filedatetext=2013-11-06 11:52:58
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll
  Directory.subfile.size=278272
  Directory.subfile.md5=DBA5610430A43DCC2D1FE60905C078A7
  Directory.subfile.filedate=1386833507
  Directory.subfile.filedatetext=2013-12-12 02:31:46
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe
  Directory.subfile.size=1245528
  Directory.subfile.md5=15739D2569FCFD26B0139BB4BC07D616
  Directory.subfile.filedate=1386136896
  Directory.subfile.filedatetext=2013-12-04 01:01:36
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\Chrome\CT3306061\configutaion.json
  Directory.subfile.size=215
  Directory.subfile.md5=6273E9148122886EEBA0DA5C0ECB9961
  Directory.subfile.filedate=1386833433
  Directory.subfile.filedatetext=2013-12-12 02:30:32
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\Chrome\CT3306061\Uninstaller.ico
  Directory.subfile.size=766
  Directory.subfile.md5=D8888A102BD0F55B27374D5F27DC1FDA
  Directory.subfile.filedate=1386136898
  Directory.subfile.filedatetext=2013-12-04 01:01:38
  Directory.subfile=C:\Users\I\AppData\Local\Conduit\Chrome\CT3306061\UninstallerUI.exe
  Directory.subfile.size=1716144
  Directory.subfile.md5=B4247172BBB88AD4D137B12DFC88664F
  Directory.subfile.filedate=1386136898
  Directory.subfile.filedatetext=2013-12-04 01:01:38
 
Win32.Downloader.gen: [SBI $F65FFCFA]  Library (File, nothing done)
  C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
  Properties.size=638560
  Properties.md5=6796F6E449F90A543DC3345538ACC46F
  Properties.filedate=1383756778
  Properties.filedatetext=2013-11-06 11:52:58
 
Win32.Downloader.gen: [SBI $84685D62] Program directory (Directory, nothing done)
  C:\Program Files (x86)\SearchProtect\bin\
 
Win32.Downloader.gen: [SBI $82F4FAFD]  Data (File, nothing done)
  C:\END
  Properties.size=9
  Properties.md5=A103FDF7348130EF3F3FEF56B1700A27
  Properties.filedate=1386833507
  Properties.filedatetext=2013-12-12 02:31:47
 
7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\7-ZIP\FM\FolderHistory
 
7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\7-ZIP\FM\PanelPath0
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
 
Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList
 
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
 
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
 
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
 
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
 
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
 
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-2531883189-1883883165-4202198115-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
 
Cookie: [SBI $49804B54] Browser: Cookie (4) (Browser: Cookie, nothing done)
  
 
Cache: [SBI $49804B54] Browser: Cache (46) (Browser: Cache, nothing done)
  
 
History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)
  
 
ORIGINAL MALWARE BYTES LOG
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.12.03
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
~~~:: STORM [administrator]
 
Protection: Enabled
 
12/12/2013 2:00:27 AM
mbam-log-2013-12-12 (02-00-27).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 691587
Time elapsed: 2 hour(s), 22 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Connect_DLC_5 (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.ConduitSearchProtect) -> Data: C:\Users\I\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\I\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN23423511532060511&UM=2&ctid=CT3306061 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.ConduitSearchProtect) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN23423511532060511&UM=2&UP=SP894E01CF-4DD6-493B-9A57-EFE8C9CB5425) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 28
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Local\Temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
 
Files Detected: 121
C:\Program Files (x86)\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Conduit\CT3306061\Connect_DLC_5AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\2SF1L2RE\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\2SF1L2RE\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\3D3BM8DY\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\3OVXJKLP\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\3OVXJKLP\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Microsoft\Windows\INetCache\IE\ANIIUXKO\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\nsj2E83.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\nsk2577.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\nsy5585.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\nszA4C1.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\AU\AutoUpdate.zip (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\AU\SPUpdater.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\CT3306061.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3306061\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3306061\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3306061\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\GottenAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\hk64tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\hktbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\ldrtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\OtherAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\SharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\toolbar.cfg (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Connect_DLC_5\ToolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\I\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\I\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
 
(end)


#3 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 15 December 2013 - 09:12 PM

And the last one from Adware Cleaner (software found on this site.) How do I ensure I'm malware free?
 
 # AdwCleaner v3.015 - Report created 15/12/2013 at 21:02:56
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : xxx - STORM
# Running from : C:\Users\I\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\I\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\I\AppData\Local\Searchprotect
Folder Deleted : C:\Users\I\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\I\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2334 octets] - [15/12/2013 21:00:11]
AdwCleaner[S0].txt - [2278 octets] - [15/12/2013 21:02:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2338 octets] ##########

Edited by nasdaq, 24 December 2013 - 04:15 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 17 December 2013 - 07:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517253 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 17 December 2013 - 09:26 PM

Hello,

 

DDS is not working. It says it cannot run in Compatibility Mode. I'm running an HP Windows 8.1 64 Bit. 

 

I don't believe my laptop came with a Windows CD. 

 

Also, I think my malware was called Search Protect and Conduit, probably others. I scanned with Malware three times and each time it has found something, so I restarted it each time it asked. Now it does not find anything. I also scanned with SPYBOT, and it has found cookies and some registries changes as listed in the above posts. Then I scanned with Adware Cleaner and I think it has found some empty files of said malware, I'm not sure.

 

I just want to 100% clean my computer of all malware.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 18 December 2013 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The DDS tool is not compatible with Windows 8.1.

===

Lets check with this tool.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#7 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 19 December 2013 - 07:05 PM

Here is the FRST.txt file. 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013
Ran by xxx (administrator) on STORM on 19-12-2013 19:00:37
Running from C:\Users\I\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\I\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\I\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\I\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-13] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\I\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKCU\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18791584 2013-10-21] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Policies\Explorer: [] 
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Extension: (Google Docs) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0
CHR Extension: (YouTube) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (FlashBlock) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (avast! Online Security) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Website Logon) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0
CHR Extension: (Google Wallet) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
==================== Services (Whitelisted) =================
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2013-05-10] (Pharos Systems International)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20131203.011\BHDrvx64.sys [1526488 2013-12-02] (Symantec Corporation)
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20131218.011\IDSvia64.sys [521944 2013-12-11] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131218.017\ENG64.SYS [126040 2013-10-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131218.017\EX64.SYS [2099288 2013-10-16] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SymELAM.sys [23448 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2013-11-11] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-12-16] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-19 19:00 - 2013-12-19 19:00 - 00023629 _____ C:\Users\I\Downloads\FRST.txt
2013-12-19 19:00 - 2013-12-19 19:00 - 00000000 ____D C:\FRST
2013-12-19 18:59 - 2013-12-19 18:59 - 02192957 _____ (Farbar) C:\Users\I\Downloads\FRST64.exe
2013-12-16 07:02 - 2013-12-16 07:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-15 21:06 - 2013-12-15 21:10 - 00002418 _____ C:\Users\I\Desktop\AdwCleaner[S0].txt
2013-12-15 21:00 - 2013-12-15 21:07 - 00000000 ____D C:\AdwCleaner
2013-12-15 13:11 - 2013-12-15 13:11 - 01226750 _____ C:\Users\I\Downloads\AdwCleaner.exe
2013-12-14 04:04 - 2013-12-14 04:04 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (2).com
2013-12-12 06:54 - 2013-12-12 06:54 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (1).com
2013-12-12 06:44 - 2013-12-12 06:44 - 00001778 _____ C:\Users\I\Desktop\aswMBR.txt
2013-12-12 06:44 - 2013-12-12 06:44 - 00000512 _____ C:\Users\I\Desktop\MBR.dat
2013-12-12 06:42 - 2013-12-12 06:42 - 04745728 _____ (AVAST Software) C:\Users\I\Downloads\aswMBR.exe
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.scr
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.com
2013-12-12 05:49 - 2013-12-12 07:40 - 00002513 _____ C:\WINDOWS\wininit.ini
2013-12-12 04:53 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131212-045305.backup
2013-12-12 02:42 - 2013-12-12 02:44 - 00000000 ____D C:\Users\I\AppData\Local\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:43 - 00000000 ____D C:\Users\I\AppData\Local\genienext
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\Documents\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\.android
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 _____ C:\Users\I\daemonprocess.txt
2013-12-12 02:41 - 2013-12-12 02:44 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-12 02:39 - 2013-12-12 02:39 - 00000000 ____D C:\Users\I\AppData\Local\JockerSoft
2013-12-12 02:32 - 2013-12-12 02:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-12 02:30 - 2013-12-12 02:30 - 00000000 ____D C:\Users\I\AppData\Local\CRE
2013-12-12 02:29 - 2013-12-12 02:29 - 00017631 _____ C:\Users\I\Downloads\MonitorBright.zip
2013-12-12 02:02 - 2013-10-31 21:35 - 00000000 ____D C:\Users\I\Downloads\Amy Raby - Hearts and Thrones series
2013-12-12 02:01 - 2013-12-12 02:01 - 03844286 _____ C:\Users\I\Downloads\H_Thrones.rar
2013-12-12 01:59 - 2013-12-12 01:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 01:59 - 2013-12-12 01:59 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Users\I\AppData\Roaming\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 01:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-12 01:56 - 2013-12-12 01:57 - 04961709 _____ C:\Users\I\Downloads\lynn-kurland-nine-kingdoms-series.rar
2013-12-06 21:20 - 2013-12-06 21:20 - 06951048 _____ (Microsoft Corporation) C:\Users\I\Downloads\Silverlight.exe
2013-12-06 21:20 - 2013-12-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 04:18 - 2013-12-06 05:28 - 01930107 _____ C:\Users\I\Downloads\Hot Sauce Presentation.pptx
2013-12-06 02:49 - 2013-12-06 10:40 - 00020146 _____ C:\Users\I\Documents\EvrTransport Final.xlsx
2013-12-05 17:20 - 2013-12-12 05:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-05 17:20 - 2013-12-12 05:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-05 17:20 - 2013-12-05 17:20 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-05 17:20 - 2013-12-05 17:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-12-05 17:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2013-12-05 17:18 - 2013-12-05 17:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\I\Downloads\spybot-2.2.exe
2013-12-05 12:29 - 2013-12-05 12:30 - 38572240 _____ C:\Users\I\Downloads\Review-1-compressed.pptx
2013-12-05 02:19 - 2013-12-05 02:19 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013 (1).pptx
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Luminant_Software,_Inc
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Deployment
2013-12-05 00:24 - 2013-12-05 16:51 - 34476544 _____ C:\Users\I\Downloads\Lecture 22.audionote
2013-12-05 00:16 - 2013-12-05 00:16 - 22147529 _____ C:\Users\I\Downloads\Review-2 (1).pptx
2013-12-05 00:09 - 2013-10-23 15:21 - 00106928 _____ C:\Users\I\Documents\FirstFloor.bak
2013-12-04 17:56 - 2013-12-04 17:57 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (2).pptx
2013-12-04 13:34 - 2013-12-04 13:36 - 00023647 _____ C:\Users\I\Downloads\Ife Budget.xlsx
2013-12-04 13:22 - 2013-12-04 13:22 - 01329802 _____ C:\Users\I\Documents\IfeAnyansi-Final.pptx
2013-12-03 23:38 - 2013-12-03 23:38 - 00237844 _____ C:\Users\I\Documents\Construction Schedule.xps
2013-12-03 22:59 - 2013-12-04 13:21 - 01329782 _____ C:\Users\I\Documents\Firm.pptx
2013-12-03 21:04 - 2013-12-03 21:33 - 00001033 _____ C:\Users\I\Documents\plot.log
2013-12-03 14:30 - 2013-12-03 14:30 - 22147529 _____ C:\Users\I\Downloads\Review-2.pptx
2013-12-03 02:29 - 2013-12-03 02:29 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 06809497 _____ C:\Users\I\Downloads\Lecture16-2013 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (2).pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2.pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (1).pptx
2013-12-02 19:49 - 2013-12-02 19:50 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (1).pptx
2013-12-02 19:48 - 2013-12-02 19:48 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (1).pptx
2013-12-01 15:00 - 2013-12-01 15:00 - 02191360 _____ C:\Users\I\Downloads\Week11.ppt
2013-11-30 04:06 - 2013-11-30 04:07 - 00000000 ____D C:\Users\I\AppData\Local\Windows Live
2013-11-30 04:03 - 2013-11-30 04:03 - 12558048 _____ C:\Users\I\Downloads\Capture_20131129_8.wmv
2013-11-30 03:38 - 2013-11-30 03:38 - 00453726 _____ C:\Users\I\Downloads\Lecture15-2013 (1).pptx
2013-11-30 01:58 - 2013-11-30 01:58 - 00679310 _____ C:\Users\I\Downloads\Lecture14-2013 (1).pptx
2013-11-30 01:15 - 2013-11-30 01:15 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013.pptx
2013-11-30 01:12 - 2013-11-30 01:12 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013.pptx
2013-11-30 01:03 - 2013-11-30 01:03 - 02293199 _____ C:\Users\I\Downloads\Lecture13-2013.pptx
2013-11-29 23:40 - 2013-11-29 23:40 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013 (1).pptx
2013-11-29 23:20 - 2013-11-29 23:20 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (2).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013.pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (1).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 00489587 _____ C:\Users\I\Downloads\Lecture11-2013.pptx
2013-11-29 20:26 - 2013-11-29 20:26 - 01376256 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design (1).ppt
2013-11-29 20:19 - 2013-11-29 20:19 - 01374208 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design.ppt
2013-11-29 18:18 - 2013-11-29 18:18 - 03742708 _____ C:\Users\I\Downloads\Lecture19.pptx
2013-11-29 18:12 - 2013-11-29 18:12 - 00267264 _____ C:\Users\I\Downloads\Rational Method.ppt
2013-11-22 17:06 - 2013-11-22 17:06 - 00011330 _____ C:\Users\I\Documents\EVR Transport Hw.xlsx
2013-11-22 14:58 - 2013-12-16 07:12 - 00003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForIfe
2013-11-22 14:58 - 2013-12-16 07:12 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForIfe.job
2013-11-21 22:49 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Desktop\WA - SE.epub
2013-11-21 22:47 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Downloads\WA - SE_1.epub
2013-11-21 22:46 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Downloads\WA - SE.epub
2013-11-21 22:45 - 2013-11-21 22:45 - 00814408 _____ C:\Users\I\Downloads\WASE.zip
2013-11-21 19:31 - 2013-11-21 19:31 - 00223084 _____ C:\Users\I\Downloads\Susan_Ee___Angelfall (1).epub
2013-11-20 23:52 - 2013-11-20 23:52 - 00031319 _____ C:\Users\I\Downloads\IFE- CE511-OptimizationAssignment.xlsx
2013-11-20 19:03 - 2013-11-20 19:50 - 00750934 _____ C:\Users\I\Documents\Manufacturing.pptx
2013-11-20 18:42 - 2013-11-20 18:42 - 00798384 _____ C:\Users\I\Documents\Sales2.pptx
2013-11-19 14:36 - 2013-11-19 14:36 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-19 14:34 - 2013-11-19 14:35 - 00527423 _____ (                                                            ) C:\Users\I\Downloads\Lame_v3.99.3_for_Windows.exe
 
==================== One Month Modified Files and Folders =======
 
2013-12-19 19:00 - 2013-12-19 19:00 - 00023629 _____ C:\Users\I\Downloads\FRST.txt
2013-12-19 19:00 - 2013-12-19 19:00 - 00000000 ____D C:\FRST
2013-12-19 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-19 18:59 - 2013-12-19 18:59 - 02192957 _____ (Farbar) C:\Users\I\Downloads\FRST64.exe
2013-12-19 18:39 - 2013-09-13 00:24 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001UA.job
2013-12-19 18:19 - 2013-08-01 17:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2531883189-1883883165-4202198115-1001
2013-12-19 18:14 - 2013-08-01 18:00 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-19 18:14 - 2013-08-01 17:58 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 18:14 - 2013-08-01 17:58 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 18:03 - 2013-08-01 21:15 - 00000000 ____D C:\Users\I\Documents\Youcam
2013-12-19 17:45 - 2013-11-10 21:54 - 01906812 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-19 17:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-19 02:39 - 2013-09-13 00:24 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001Core.job
2013-12-18 13:04 - 2013-11-03 20:36 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2013-12-17 17:22 - 2013-08-01 17:39 - 00000000 ____D C:\Users\I\AppData\Local\Packages
2013-12-16 07:12 - 2013-11-22 14:58 - 00003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForIfe
2013-12-16 07:12 - 2013-11-22 14:58 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForIfe.job
2013-12-16 07:11 - 2013-11-10 20:03 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2013-12-16 07:11 - 2013-11-10 20:02 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-16 07:02 - 2013-12-16 07:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-16 07:02 - 2013-11-10 21:37 - 00000000 ____D C:\Users\I
2013-12-16 07:02 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-16 07:02 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-16 07:02 - 2013-07-23 10:34 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2013-12-16 07:01 - 2013-09-29 22:55 - 00061126 _____ C:\WINDOWS\PFRO.log
2013-12-15 21:10 - 2013-12-15 21:06 - 00002418 _____ C:\Users\I\Desktop\AdwCleaner[S0].txt
2013-12-15 21:07 - 2013-12-15 21:00 - 00000000 ____D C:\AdwCleaner
2013-12-15 16:48 - 2013-11-11 11:28 - 00001719 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2013-12-15 13:11 - 2013-12-15 13:11 - 01226750 _____ C:\Users\I\Downloads\AdwCleaner.exe
2013-12-14 21:37 - 2013-09-29 23:04 - 00958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-14 04:04 - 2013-12-14 04:04 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (2).com
2013-12-12 07:40 - 2013-12-12 05:49 - 00002513 _____ C:\WINDOWS\wininit.ini
2013-12-12 06:54 - 2013-12-12 06:54 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (1).com
2013-12-12 06:44 - 2013-12-12 06:44 - 00001778 _____ C:\Users\I\Desktop\aswMBR.txt
2013-12-12 06:44 - 2013-12-12 06:44 - 00000512 _____ C:\Users\I\Desktop\MBR.dat
2013-12-12 06:42 - 2013-12-12 06:42 - 04745728 _____ (AVAST Software) C:\Users\I\Downloads\aswMBR.exe
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.scr
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.com
2013-12-12 05:48 - 2013-12-05 17:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-12 05:08 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-12 05:04 - 2013-12-05 17:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-12 02:44 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\AppData\Local\Mobogenie
2013-12-12 02:44 - 2013-12-12 02:41 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-12 02:44 - 2013-10-19 23:34 - 00000000 ____D C:\Users\I\AppData\Local\cache
2013-12-12 02:43 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\AppData\Local\genienext
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\Documents\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\.android
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 _____ C:\Users\I\daemonprocess.txt
2013-12-12 02:39 - 2013-12-12 02:39 - 00000000 ____D C:\Users\I\AppData\Local\JockerSoft
2013-12-12 02:32 - 2013-12-12 02:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-12 02:30 - 2013-12-12 02:30 - 00000000 ____D C:\Users\I\AppData\Local\CRE
2013-12-12 02:29 - 2013-12-12 02:29 - 00017631 _____ C:\Users\I\Downloads\MonitorBright.zip
2013-12-12 02:01 - 2013-12-12 02:01 - 03844286 _____ C:\Users\I\Downloads\H_Thrones.rar
2013-12-12 01:59 - 2013-12-12 01:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 01:59 - 2013-12-12 01:59 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Users\I\AppData\Roaming\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 01:57 - 2013-12-12 01:56 - 04961709 _____ C:\Users\I\Downloads\lynn-kurland-nine-kingdoms-series.rar
2013-12-09 03:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-06 21:20 - 2013-12-06 21:20 - 06951048 _____ (Microsoft Corporation) C:\Users\I\Downloads\Silverlight.exe
2013-12-06 21:20 - 2013-12-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 18:09 - 2013-08-01 17:58 - 00003872 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 18:09 - 2013-08-01 17:58 - 00003636 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 10:40 - 2013-12-06 02:49 - 00020146 _____ C:\Users\I\Documents\EvrTransport Final.xlsx
2013-12-06 05:28 - 2013-12-06 04:18 - 01930107 _____ C:\Users\I\Downloads\Hot Sauce Presentation.pptx
2013-12-05 17:20 - 2013-12-05 17:20 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-05 17:20 - 2013-12-05 17:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-12-05 17:19 - 2013-12-05 17:18 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\I\Downloads\spybot-2.2.exe
2013-12-05 16:51 - 2013-12-05 00:24 - 34476544 _____ C:\Users\I\Downloads\Lecture 22.audionote
2013-12-05 16:51 - 2013-10-06 11:40 - 00000000 ____D C:\Users\I\AppData\Roaming\Audacity
2013-12-05 12:30 - 2013-12-05 12:29 - 38572240 _____ C:\Users\I\Downloads\Review-1-compressed.pptx
2013-12-05 02:34 - 2013-09-13 00:24 - 00003850 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001UA
2013-12-05 02:34 - 2013-09-13 00:24 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001Core
2013-12-05 02:19 - 2013-12-05 02:19 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013 (1).pptx
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Luminant_Software,_Inc
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Deployment
2013-12-05 00:16 - 2013-12-05 00:16 - 22147529 _____ C:\Users\I\Downloads\Review-2 (1).pptx
2013-12-05 00:09 - 2013-10-22 13:30 - 00111966 _____ C:\Users\I\Documents\FirstFloor.dwg
2013-12-04 17:57 - 2013-12-04 17:56 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (2).pptx
2013-12-04 13:36 - 2013-12-04 13:34 - 00023647 _____ C:\Users\I\Downloads\Ife Budget.xlsx
2013-12-04 13:22 - 2013-12-04 13:22 - 01329802 _____ C:\Users\I\Documents\IfeAnyansi-Final.pptx
2013-12-04 13:21 - 2013-12-03 22:59 - 01329782 _____ C:\Users\I\Documents\Firm.pptx
2013-12-03 23:38 - 2013-12-03 23:38 - 00237844 _____ C:\Users\I\Documents\Construction Schedule.xps
2013-12-03 22:56 - 2013-09-17 16:39 - 00000000 ____D C:\Users\I\Documents\Water Resources EGR
2013-12-03 21:33 - 2013-12-03 21:04 - 00001033 _____ C:\Users\I\Documents\plot.log
2013-12-03 14:30 - 2013-12-03 14:30 - 22147529 _____ C:\Users\I\Downloads\Review-2.pptx
2013-12-03 02:29 - 2013-12-03 02:29 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 06809497 _____ C:\Users\I\Downloads\Lecture16-2013 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (2).pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2.pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (1).pptx
2013-12-02 19:50 - 2013-12-02 19:49 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (1).pptx
2013-12-02 19:48 - 2013-12-02 19:48 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (1).pptx
2013-12-02 19:48 - 2013-09-23 01:49 - 00000000 ____D C:\Users\I\Documents\EVR Transport
2013-12-01 15:00 - 2013-12-01 15:00 - 02191360 _____ C:\Users\I\Downloads\Week11.ppt
2013-11-30 04:07 - 2013-11-30 04:06 - 00000000 ____D C:\Users\I\AppData\Local\Windows Live
2013-11-30 04:03 - 2013-11-30 04:03 - 12558048 _____ C:\Users\I\Downloads\Capture_20131129_8.wmv
2013-11-30 03:38 - 2013-11-30 03:38 - 00453726 _____ C:\Users\I\Downloads\Lecture15-2013 (1).pptx
2013-11-30 01:58 - 2013-11-30 01:58 - 00679310 _____ C:\Users\I\Downloads\Lecture14-2013 (1).pptx
2013-11-30 01:15 - 2013-11-30 01:15 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013.pptx
2013-11-30 01:12 - 2013-11-30 01:12 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013.pptx
2013-11-30 01:03 - 2013-11-30 01:03 - 02293199 _____ C:\Users\I\Downloads\Lecture13-2013.pptx
2013-11-29 23:40 - 2013-11-29 23:40 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013 (1).pptx
2013-11-29 23:20 - 2013-11-29 23:20 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (2).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013.pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (1).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 00489587 _____ C:\Users\I\Downloads\Lecture11-2013.pptx
2013-11-29 20:26 - 2013-11-29 20:26 - 01376256 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design (1).ppt
2013-11-29 20:19 - 2013-11-29 20:19 - 01374208 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design.ppt
2013-11-29 18:18 - 2013-11-29 18:18 - 03742708 _____ C:\Users\I\Downloads\Lecture19.pptx
2013-11-29 18:12 - 2013-11-29 18:12 - 00267264 _____ C:\Users\I\Downloads\Rational Method.ppt
2013-11-26 13:37 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-11-25 14:52 - 2013-09-11 22:50 - 00004950 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Storm-Ife Storm
2013-11-22 17:06 - 2013-11-22 17:06 - 00011330 _____ C:\Users\I\Documents\EVR Transport Hw.xlsx
2013-11-22 14:58 - 2013-08-01 17:42 - 00000000 ____D C:\Users\I\AppData\Local\Hewlett-Packard
2013-11-21 22:45 - 2013-11-21 22:45 - 00814408 _____ C:\Users\I\Downloads\WASE.zip
2013-11-21 19:31 - 2013-11-21 19:31 - 00223084 _____ C:\Users\I\Downloads\Susan_Ee___Angelfall (1).epub
2013-11-20 23:52 - 2013-11-20 23:52 - 00031319 _____ C:\Users\I\Downloads\IFE- CE511-OptimizationAssignment.xlsx
2013-11-20 23:51 - 2013-11-17 15:40 - 00031317 _____ C:\Users\I\Downloads\CE511-OptimizationAssignment.xlsx
2013-11-20 19:50 - 2013-11-20 19:03 - 00750934 _____ C:\Users\I\Documents\Manufacturing.pptx
2013-11-20 18:42 - 2013-11-20 18:42 - 00798384 _____ C:\Users\I\Documents\Sales2.pptx
2013-11-20 17:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-20 17:35 - 2013-08-01 17:42 - 00000000 ___RD C:\Users\I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-20 17:35 - 2013-08-01 17:42 - 00000000 ___RD C:\Users\I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-20 16:53 - 2013-08-22 09:44 - 00557744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-20 16:51 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-20 16:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-20 16:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-20 16:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-19 14:36 - 2013-11-19 14:36 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-19 14:35 - 2013-11-19 14:34 - 00527423 _____ (                                                            ) C:\Users\I\Downloads\Lame_v3.99.3_for_Windows.exe
2013-11-19 03:40 - 2013-11-21 22:49 - 00826993 ____N C:\Users\I\Desktop\WA - SE.epub
2013-11-19 03:40 - 2013-11-21 22:47 - 00826993 ____N C:\Users\I\Downloads\WA - SE_1.epub
2013-11-19 03:40 - 2013-11-21 22:46 - 00826993 ____N C:\Users\I\Downloads\WA - SE.epub
 
Some content of TEMP:
====================
C:\Users\I\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-18 19:37
 
 
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013
Ran by Ife (administrator) on STORM on 19-12-2013 19:00:37
Running from C:\Users\I\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Akamai Technologies, Inc.) C:\Users\I\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\I\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\I\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-13] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\I\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKCU\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18791584 2013-10-21] (Microsoft Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Policies\Explorer: [] 
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [ADSK DLMSession] - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Extension: (Google Docs) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0
CHR Extension: (YouTube) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (FlashBlock) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (avast! Online Security) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Website Logon) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0
CHR Extension: (Google Wallet) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\I\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
==================== Services (Whitelisted) =================
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2013-05-10] (Pharos Systems International)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20131203.011\BHDrvx64.sys [1526488 2013-12-02] (Symantec Corporation)
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20131218.011\IDSvia64.sys [521944 2013-12-11] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131218.017\ENG64.SYS [126040 2013-10-16] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131218.017\EX64.SYS [2099288 2013-10-16] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SymELAM.sys [23448 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2013-11-11] (Symantec Corporation)
R1 Teefer2; C:\Windows\system32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-12-16] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-19 19:00 - 2013-12-19 19:00 - 00023629 _____ C:\Users\I\Downloads\FRST.txt
2013-12-19 19:00 - 2013-12-19 19:00 - 00000000 ____D C:\FRST
2013-12-19 18:59 - 2013-12-19 18:59 - 02192957 _____ (Farbar) C:\Users\I\Downloads\FRST64.exe
2013-12-16 07:02 - 2013-12-16 07:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-15 21:06 - 2013-12-15 21:10 - 00002418 _____ C:\Users\I\Desktop\AdwCleaner[S0].txt
2013-12-15 21:00 - 2013-12-15 21:07 - 00000000 ____D C:\AdwCleaner
2013-12-15 13:11 - 2013-12-15 13:11 - 01226750 _____ C:\Users\I\Downloads\AdwCleaner.exe
2013-12-14 04:04 - 2013-12-14 04:04 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (2).com
2013-12-12 06:54 - 2013-12-12 06:54 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (1).com
2013-12-12 06:44 - 2013-12-12 06:44 - 00001778 _____ C:\Users\I\Desktop\aswMBR.txt
2013-12-12 06:44 - 2013-12-12 06:44 - 00000512 _____ C:\Users\I\Desktop\MBR.dat
2013-12-12 06:42 - 2013-12-12 06:42 - 04745728 _____ (AVAST Software) C:\Users\I\Downloads\aswMBR.exe
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.scr
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.com
2013-12-12 05:49 - 2013-12-12 07:40 - 00002513 _____ C:\WINDOWS\wininit.ini
2013-12-12 04:53 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131212-045305.backup
2013-12-12 02:42 - 2013-12-12 02:44 - 00000000 ____D C:\Users\I\AppData\Local\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:43 - 00000000 ____D C:\Users\I\AppData\Local\genienext
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\Documents\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\.android
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 _____ C:\Users\I\daemonprocess.txt
2013-12-12 02:41 - 2013-12-12 02:44 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-12 02:39 - 2013-12-12 02:39 - 00000000 ____D C:\Users\I\AppData\Local\JockerSoft
2013-12-12 02:32 - 2013-12-12 02:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-12 02:30 - 2013-12-12 02:30 - 00000000 ____D C:\Users\I\AppData\Local\CRE
2013-12-12 02:29 - 2013-12-12 02:29 - 00017631 _____ C:\Users\I\Downloads\MonitorBright.zip
2013-12-12 02:02 - 2013-10-31 21:35 - 00000000 ____D C:\Users\I\Downloads\Amy Raby - Hearts and Thrones series
2013-12-12 02:01 - 2013-12-12 02:01 - 03844286 _____ C:\Users\I\Downloads\H_Thrones.rar
2013-12-12 01:59 - 2013-12-12 01:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 01:59 - 2013-12-12 01:59 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Users\I\AppData\Roaming\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 01:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-12 01:56 - 2013-12-12 01:57 - 04961709 _____ C:\Users\I\Downloads\lynn-kurland-nine-kingdoms-series.rar
2013-12-06 21:20 - 2013-12-06 21:20 - 06951048 _____ (Microsoft Corporation) C:\Users\I\Downloads\Silverlight.exe
2013-12-06 21:20 - 2013-12-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 04:18 - 2013-12-06 05:28 - 01930107 _____ C:\Users\I\Downloads\Hot Sauce Presentation.pptx
2013-12-06 02:49 - 2013-12-06 10:40 - 00020146 _____ C:\Users\I\Documents\EvrTransport Final.xlsx
2013-12-05 17:20 - 2013-12-12 05:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-05 17:20 - 2013-12-12 05:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-05 17:20 - 2013-12-05 17:20 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-05 17:20 - 2013-12-05 17:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-12-05 17:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2013-12-05 17:18 - 2013-12-05 17:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\I\Downloads\spybot-2.2.exe
2013-12-05 12:29 - 2013-12-05 12:30 - 38572240 _____ C:\Users\I\Downloads\Review-1-compressed.pptx
2013-12-05 02:19 - 2013-12-05 02:19 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013 (1).pptx
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Luminant_Software,_Inc
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Deployment
2013-12-05 00:24 - 2013-12-05 16:51 - 34476544 _____ C:\Users\I\Downloads\Lecture 22.audionote
2013-12-05 00:16 - 2013-12-05 00:16 - 22147529 _____ C:\Users\I\Downloads\Review-2 (1).pptx
2013-12-05 00:09 - 2013-10-23 15:21 - 00106928 _____ C:\Users\I\Documents\FirstFloor.bak
2013-12-04 17:56 - 2013-12-04 17:57 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (2).pptx
2013-12-04 13:34 - 2013-12-04 13:36 - 00023647 _____ C:\Users\I\Downloads\Ife Budget.xlsx
2013-12-04 13:22 - 2013-12-04 13:22 - 01329802 _____ C:\Users\I\Documents\IfeAnyansi-Final.pptx
2013-12-03 23:38 - 2013-12-03 23:38 - 00237844 _____ C:\Users\I\Documents\Construction Schedule.xps
2013-12-03 22:59 - 2013-12-04 13:21 - 01329782 _____ C:\Users\I\Documents\Firm.pptx
2013-12-03 21:04 - 2013-12-03 21:33 - 00001033 _____ C:\Users\I\Documents\plot.log
2013-12-03 14:30 - 2013-12-03 14:30 - 22147529 _____ C:\Users\I\Downloads\Review-2.pptx
2013-12-03 02:29 - 2013-12-03 02:29 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 06809497 _____ C:\Users\I\Downloads\Lecture16-2013 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (2).pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2.pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (1).pptx
2013-12-02 19:49 - 2013-12-02 19:50 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (1).pptx
2013-12-02 19:48 - 2013-12-02 19:48 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (1).pptx
2013-12-01 15:00 - 2013-12-01 15:00 - 02191360 _____ C:\Users\I\Downloads\Week11.ppt
2013-11-30 04:06 - 2013-11-30 04:07 - 00000000 ____D C:\Users\I\AppData\Local\Windows Live
2013-11-30 04:03 - 2013-11-30 04:03 - 12558048 _____ C:\Users\I\Downloads\Capture_20131129_8.wmv
2013-11-30 03:38 - 2013-11-30 03:38 - 00453726 _____ C:\Users\I\Downloads\Lecture15-2013 (1).pptx
2013-11-30 01:58 - 2013-11-30 01:58 - 00679310 _____ C:\Users\I\Downloads\Lecture14-2013 (1).pptx
2013-11-30 01:15 - 2013-11-30 01:15 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013.pptx
2013-11-30 01:12 - 2013-11-30 01:12 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013.pptx
2013-11-30 01:03 - 2013-11-30 01:03 - 02293199 _____ C:\Users\I\Downloads\Lecture13-2013.pptx
2013-11-29 23:40 - 2013-11-29 23:40 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013 (1).pptx
2013-11-29 23:20 - 2013-11-29 23:20 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (2).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013.pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (1).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 00489587 _____ C:\Users\I\Downloads\Lecture11-2013.pptx
2013-11-29 20:26 - 2013-11-29 20:26 - 01376256 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design (1).ppt
2013-11-29 20:19 - 2013-11-29 20:19 - 01374208 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design.ppt
2013-11-29 18:18 - 2013-11-29 18:18 - 03742708 _____ C:\Users\I\Downloads\Lecture19.pptx
2013-11-29 18:12 - 2013-11-29 18:12 - 00267264 _____ C:\Users\I\Downloads\Rational Method.ppt
2013-11-22 17:06 - 2013-11-22 17:06 - 00011330 _____ C:\Users\I\Documents\EVR Transport Hw.xlsx
2013-11-22 14:58 - 2013-12-16 07:12 - 00003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForIfe
2013-11-22 14:58 - 2013-12-16 07:12 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForIfe.job
2013-11-21 22:49 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Desktop\WA - SE.epub
2013-11-21 22:47 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Downloads\WA - SE_1.epub
2013-11-21 22:46 - 2013-11-19 03:40 - 00826993 ____N C:\Users\I\Downloads\WA - SE.epub
2013-11-21 22:45 - 2013-11-21 22:45 - 00814408 _____ C:\Users\I\Downloads\WASE.zip
2013-11-21 19:31 - 2013-11-21 19:31 - 00223084 _____ C:\Users\I\Downloads\Susan_Ee___Angelfall (1).epub
2013-11-20 23:52 - 2013-11-20 23:52 - 00031319 _____ C:\Users\I\Downloads\IFE- CE511-OptimizationAssignment.xlsx
2013-11-20 19:03 - 2013-11-20 19:50 - 00750934 _____ C:\Users\I\Documents\Manufacturing.pptx
2013-11-20 18:42 - 2013-11-20 18:42 - 00798384 _____ C:\Users\I\Documents\Sales2.pptx
2013-11-19 14:36 - 2013-11-19 14:36 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-19 14:34 - 2013-11-19 14:35 - 00527423 _____ (                                                            ) C:\Users\I\Downloads\Lame_v3.99.3_for_Windows.exe
 
==================== One Month Modified Files and Folders =======
 
2013-12-19 19:00 - 2013-12-19 19:00 - 00023629 _____ C:\Users\I\Downloads\FRST.txt
2013-12-19 19:00 - 2013-12-19 19:00 - 00000000 ____D C:\FRST
2013-12-19 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-19 18:59 - 2013-12-19 18:59 - 02192957 _____ (Farbar) C:\Users\I\Downloads\FRST64.exe
2013-12-19 18:39 - 2013-09-13 00:24 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001UA.job
2013-12-19 18:19 - 2013-08-01 17:48 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2531883189-1883883165-4202198115-1001
2013-12-19 18:14 - 2013-08-01 18:00 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-19 18:14 - 2013-08-01 17:58 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 18:14 - 2013-08-01 17:58 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 18:03 - 2013-08-01 21:15 - 00000000 ____D C:\Users\I\Documents\Youcam
2013-12-19 17:45 - 2013-11-10 21:54 - 01906812 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-19 17:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-19 02:39 - 2013-09-13 00:24 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001Core.job
2013-12-18 13:04 - 2013-11-03 20:36 - 00000554 _____ C:\WINDOWS\Tasks\MATLAB R2013b Startup Accelerator.job
2013-12-17 17:22 - 2013-08-01 17:39 - 00000000 ____D C:\Users\I\AppData\Local\Packages
2013-12-16 07:12 - 2013-11-22 14:58 - 00003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForIfe
2013-12-16 07:12 - 2013-11-22 14:58 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForIfe.job
2013-12-16 07:11 - 2013-11-10 20:03 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2013-12-16 07:11 - 2013-11-10 20:02 - 00000000 _____ C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-16 07:02 - 2013-12-16 07:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-16 07:02 - 2013-11-10 21:37 - 00000000 ____D C:\Users\I
2013-12-16 07:02 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-16 07:02 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-12-16 07:02 - 2013-07-23 10:34 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2013-12-16 07:01 - 2013-09-29 22:55 - 00061126 _____ C:\WINDOWS\PFRO.log
2013-12-15 21:10 - 2013-12-15 21:06 - 00002418 _____ C:\Users\I\Desktop\AdwCleaner[S0].txt
2013-12-15 21:07 - 2013-12-15 21:00 - 00000000 ____D C:\AdwCleaner
2013-12-15 16:48 - 2013-11-11 11:28 - 00001719 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2013-12-15 13:11 - 2013-12-15 13:11 - 01226750 _____ C:\Users\I\Downloads\AdwCleaner.exe
2013-12-14 21:37 - 2013-09-29 23:04 - 00958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-14 04:04 - 2013-12-14 04:04 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (2).com
2013-12-12 07:40 - 2013-12-12 05:49 - 00002513 _____ C:\WINDOWS\wininit.ini
2013-12-12 06:54 - 2013-12-12 06:54 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds (1).com
2013-12-12 06:44 - 2013-12-12 06:44 - 00001778 _____ C:\Users\I\Desktop\aswMBR.txt
2013-12-12 06:44 - 2013-12-12 06:44 - 00000512 _____ C:\Users\I\Desktop\MBR.dat
2013-12-12 06:42 - 2013-12-12 06:42 - 04745728 _____ (AVAST Software) C:\Users\I\Downloads\aswMBR.exe
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.scr
2013-12-12 06:36 - 2013-12-12 06:36 - 00688992 _____ (Swearware) C:\Users\I\Downloads\dds.com
2013-12-12 05:48 - 2013-12-05 17:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-12 05:08 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-12 05:04 - 2013-12-05 17:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-12 02:44 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\AppData\Local\Mobogenie
2013-12-12 02:44 - 2013-12-12 02:41 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-12 02:44 - 2013-10-19 23:34 - 00000000 ____D C:\Users\I\AppData\Local\cache
2013-12-12 02:43 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\AppData\Local\genienext
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\Documents\Mobogenie
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 ____D C:\Users\I\.android
2013-12-12 02:42 - 2013-12-12 02:42 - 00000000 _____ C:\Users\I\daemonprocess.txt
2013-12-12 02:39 - 2013-12-12 02:39 - 00000000 ____D C:\Users\I\AppData\Local\JockerSoft
2013-12-12 02:32 - 2013-12-12 02:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-12 02:30 - 2013-12-12 02:30 - 00000000 ____D C:\Users\I\AppData\Local\CRE
2013-12-12 02:29 - 2013-12-12 02:29 - 00017631 _____ C:\Users\I\Downloads\MonitorBright.zip
2013-12-12 02:01 - 2013-12-12 02:01 - 03844286 _____ C:\Users\I\Downloads\H_Thrones.rar
2013-12-12 01:59 - 2013-12-12 01:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\I\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-12 01:59 - 2013-12-12 01:59 - 00001132 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Users\I\AppData\Roaming\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-12 01:59 - 2013-12-12 01:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-12 01:57 - 2013-12-12 01:56 - 04961709 _____ C:\Users\I\Downloads\lynn-kurland-nine-kingdoms-series.rar
2013-12-09 03:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-12-06 21:20 - 2013-12-06 21:20 - 06951048 _____ (Microsoft Corporation) C:\Users\I\Downloads\Silverlight.exe
2013-12-06 21:20 - 2013-12-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-06 18:09 - 2013-08-01 17:58 - 00003872 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 18:09 - 2013-08-01 17:58 - 00003636 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 10:40 - 2013-12-06 02:49 - 00020146 _____ C:\Users\I\Documents\EvrTransport Final.xlsx
2013-12-06 05:28 - 2013-12-06 04:18 - 01930107 _____ C:\Users\I\Downloads\Hot Sauce Presentation.pptx
2013-12-05 17:20 - 2013-12-05 17:20 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-05 17:20 - 2013-12-05 17:20 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-12-05 17:19 - 2013-12-05 17:18 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\I\Downloads\spybot-2.2.exe
2013-12-05 16:51 - 2013-12-05 00:24 - 34476544 _____ C:\Users\I\Downloads\Lecture 22.audionote
2013-12-05 16:51 - 2013-10-06 11:40 - 00000000 ____D C:\Users\I\AppData\Roaming\Audacity
2013-12-05 12:30 - 2013-12-05 12:29 - 38572240 _____ C:\Users\I\Downloads\Review-1-compressed.pptx
2013-12-05 02:34 - 2013-09-13 00:24 - 00003850 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001UA
2013-12-05 02:34 - 2013-09-13 00:24 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2531883189-1883883165-4202198115-1001Core
2013-12-05 02:19 - 2013-12-05 02:19 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013 (1).pptx
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Luminant_Software,_Inc
2013-12-05 00:25 - 2013-12-05 00:25 - 00000000 ____D C:\Users\I\AppData\Local\Deployment
2013-12-05 00:16 - 2013-12-05 00:16 - 22147529 _____ C:\Users\I\Downloads\Review-2 (1).pptx
2013-12-05 00:09 - 2013-10-22 13:30 - 00111966 _____ C:\Users\I\Documents\FirstFloor.dwg
2013-12-04 17:57 - 2013-12-04 17:56 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (2).pptx
2013-12-04 13:36 - 2013-12-04 13:34 - 00023647 _____ C:\Users\I\Downloads\Ife Budget.xlsx
2013-12-04 13:22 - 2013-12-04 13:22 - 01329802 _____ C:\Users\I\Documents\IfeAnyansi-Final.pptx
2013-12-04 13:21 - 2013-12-03 22:59 - 01329782 _____ C:\Users\I\Documents\Firm.pptx
2013-12-03 23:38 - 2013-12-03 23:38 - 00237844 _____ C:\Users\I\Documents\Construction Schedule.xps
2013-12-03 22:56 - 2013-09-17 16:39 - 00000000 ____D C:\Users\I\Documents\Water Resources EGR
2013-12-03 21:33 - 2013-12-03 21:04 - 00001033 _____ C:\Users\I\Documents\plot.log
2013-12-03 14:30 - 2013-12-03 14:30 - 22147529 _____ C:\Users\I\Downloads\Review-2.pptx
2013-12-03 02:29 - 2013-12-03 02:29 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 06809497 _____ C:\Users\I\Downloads\Lecture16-2013 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (2).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 01787334 _____ C:\Users\I\Downloads\HydrologicDesign1 (1).pptx
2013-12-03 01:19 - 2013-12-03 01:19 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (2).pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2.pptx
2013-12-02 19:51 - 2013-12-02 19:51 - 00405250 _____ C:\Users\I\Downloads\HydrologicDesign2 (1).pptx
2013-12-02 19:50 - 2013-12-02 19:49 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013 (1).pptx
2013-12-02 19:48 - 2013-12-02 19:48 - 03742708 _____ C:\Users\I\Downloads\Lecture19 (1).pptx
2013-12-02 19:48 - 2013-09-23 01:49 - 00000000 ____D C:\Users\I\Documents\EVR Transport
2013-12-01 15:00 - 2013-12-01 15:00 - 02191360 _____ C:\Users\I\Downloads\Week11.ppt
2013-11-30 04:07 - 2013-11-30 04:06 - 00000000 ____D C:\Users\I\AppData\Local\Windows Live
2013-11-30 04:03 - 2013-11-30 04:03 - 12558048 _____ C:\Users\I\Downloads\Capture_20131129_8.wmv
2013-11-30 03:38 - 2013-11-30 03:38 - 00453726 _____ C:\Users\I\Downloads\Lecture15-2013 (1).pptx
2013-11-30 01:58 - 2013-11-30 01:58 - 00679310 _____ C:\Users\I\Downloads\Lecture14-2013 (1).pptx
2013-11-30 01:15 - 2013-11-30 01:15 - 39216352 _____ C:\Users\I\Downloads\Lecture22-2013.pptx
2013-11-30 01:12 - 2013-11-30 01:12 - 57667298 _____ C:\Users\I\Downloads\Lecture21-2013.pptx
2013-11-30 01:03 - 2013-11-30 01:03 - 02293199 _____ C:\Users\I\Downloads\Lecture13-2013.pptx
2013-11-29 23:40 - 2013-11-29 23:40 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013 (1).pptx
2013-11-29 23:20 - 2013-11-29 23:20 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (2).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 03510727 _____ C:\Users\I\Downloads\Lecture12-2013.pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 02503771 _____ C:\Users\I\Downloads\Lecture10-2013 (1).pptx
2013-11-29 23:19 - 2013-11-29 23:19 - 00489587 _____ C:\Users\I\Downloads\Lecture11-2013.pptx
2013-11-29 20:26 - 2013-11-29 20:26 - 01376256 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design (1).ppt
2013-11-29 20:19 - 2013-11-29 20:19 - 01374208 _____ C:\Users\I\Downloads\CE154 - Lecture 7 Pipe System Design.ppt
2013-11-29 18:18 - 2013-11-29 18:18 - 03742708 _____ C:\Users\I\Downloads\Lecture19.pptx
2013-11-29 18:12 - 2013-11-29 18:12 - 00267264 _____ C:\Users\I\Downloads\Rational Method.ppt
2013-11-26 13:37 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-11-25 14:52 - 2013-09-11 22:50 - 00004950 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Storm-Ife Storm
2013-11-22 17:06 - 2013-11-22 17:06 - 00011330 _____ C:\Users\I\Documents\EVR Transport Hw.xlsx
2013-11-22 14:58 - 2013-08-01 17:42 - 00000000 ____D C:\Users\I\AppData\Local\Hewlett-Packard
2013-11-21 22:45 - 2013-11-21 22:45 - 00814408 _____ C:\Users\I\Downloads\WASE.zip
2013-11-21 19:31 - 2013-11-21 19:31 - 00223084 _____ C:\Users\I\Downloads\Susan_Ee___Angelfall (1).epub
2013-11-20 23:52 - 2013-11-20 23:52 - 00031319 _____ C:\Users\I\Downloads\IFE- CE511-OptimizationAssignment.xlsx
2013-11-20 23:51 - 2013-11-17 15:40 - 00031317 _____ C:\Users\I\Downloads\CE511-OptimizationAssignment.xlsx
2013-11-20 19:50 - 2013-11-20 19:03 - 00750934 _____ C:\Users\I\Documents\Manufacturing.pptx
2013-11-20 18:42 - 2013-11-20 18:42 - 00798384 _____ C:\Users\I\Documents\Sales2.pptx
2013-11-20 17:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-20 17:35 - 2013-08-01 17:42 - 00000000 ___RD C:\Users\I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-20 17:35 - 2013-08-01 17:42 - 00000000 ___RD C:\Users\I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-20 16:53 - 2013-08-22 09:44 - 00557744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-20 16:51 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-20 16:51 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-20 16:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-20 16:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-19 14:36 - 2013-11-19 14:36 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-19 14:35 - 2013-11-19 14:34 - 00527423 _____ (                                                            ) C:\Users\I\Downloads\Lame_v3.99.3_for_Windows.exe
2013-11-19 03:40 - 2013-11-21 22:49 - 00826993 ____N C:\Users\I\Desktop\WA - SE.epub
2013-11-19 03:40 - 2013-11-21 22:47 - 00826993 ____N C:\Users\I\Downloads\WA - SE_1.epub
2013-11-19 03:40 - 2013-11-21 22:46 - 00826993 ____N C:\Users\I\Downloads\WA - SE.epub
 
Some content of TEMP:
====================
C:\Users\I\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-18 19:37
 
==================== End Of Log ============================

Attached Files


Edited by nasdaq, 24 December 2013 - 04:19 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 20 December 2013 - 07:47 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [] - [x]
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
SearchScopes: HKLM - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {2F272EF4-52BC-47DF-9F60-C693D1CC7A09} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Any remaining issues with this computer?

#9 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 20 December 2013 - 06:08 PM

Hello,

 

Thanks for your help. The only possible problem from this log is that the 2nd to last file was "moved" instead of "deleted". Also, when I turn on my laptop, pop ups appear and say that "blahblah.dll was not found" , and I googled it. I think some of the malware was set up to run on startup and once it was deleted, my computer is letting me know that they're not there anymore. 

 

Here is the file

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Ife at 2013-12-20 18:03:11 Run:1
Running from C:\Users\I\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [] - [x]
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
end
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key deleted successfully.
HKCR\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key deleted successfully.
HKCR\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{716F9154-F335-4C67-8207-D528C90E6799} => Key deleted successfully.
HKCR\CLSID\{716F9154-F335-4C67-8207-D528C90E6799} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil => Key deleted successfully.
C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx => Moved successfully.
"C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Directory not found.
 
==== End of Fixlog ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 21 December 2013 - 08:19 AM

Run the Farbar Recovery Scan Tool normally one more time and post the log for my review.



#11 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 December 2013 - 09:21 PM

Hi,

 

It won't let me fix again. When I open the Farbar recovery tool, it updates and then makes a new file of the same name in the same directory. However, when I click fix after its done updating, for some reason it can't find the file I named fixlist.txt in the folder. And I know its there cause I made a new one and made sure it was in the same folder. 

 

Ife



#12 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 22 December 2013 - 09:30 PM

Hey,

 

I tried it again, and it managed to work this time. Here is the fixlog file. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2013 01
Ran by ~~~ at 2013-12-22 21:28:28 Run:2
Running from C:\Users\I\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKCU\...\Policies\Explorer: []
HKLM-x32\...\Run: [] - [x]
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {716F9154-F335-4C67-8207-D528C90E6799} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN23423511532060511&UM=2
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
 
end
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKCR\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKCR\Wow6432Node\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKCR\CLSID\{2F272EF4-52BC-47DF-9F60-C693D1CC7A09} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{716F9154-F335-4C67-8207-D528C90E6799} => Key not found.
HKCR\CLSID\{716F9154-F335-4C67-8207-D528C90E6799} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value not found.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil => Key not found.
"C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Directory not found.
"C:\Users\I\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Directory not found.
 

 

==== End of Fixlog ====


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 23 December 2013 - 09:27 AM

If still having issues with this computer run this On-line scan.
Let me know if the problem persists.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:39 PM

Posted 26 December 2013 - 01:52 PM

Download Security Check by screen317 from here.
Run this tool and I will see what you have for your security.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#15 Solanelli

Solanelli
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 26 December 2013 - 10:47 PM

Hi, 

Again, thanks for the help. The ESET scanner results are below. It found some remnants of CNET installer and conduit. I'll scan with the screen317 next. 

 

C:\$Recycle.Bin\S-1-5-21-2531883189-1883883165-4202198115-1001\$R7ZQUAC.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-2531883189-1883883165-4202198115-1001\$RIGM0SV.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-2531883189-1883883165-4202198115-1001\$RWDMJN3.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\Users\I\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\Users\I\AppData\LocalLow\Connect_DLC_5\tbConn.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\I\Documents\Jental\Documents and Settings\Downloads\Unconfirmed 99174.crdownload a variant of Win32/InstallCore.D application cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users