Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected (virus? malware?)


  • This topic is locked This topic is locked
15 replies to this topic

#1 jjones312

jjones312

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 04 March 2014 - 10:35 PM

I recently installed a couple apps and during those installs I believe some unwanted items were installed.  I noticed my search engine changed in my browser (chrome).  Starting seeing mysearch, safesearch, and couple other pieces of software that would pop up ads indicating infections and to purchase etc.   I started to uninstall items from add/remove, and reset browser preferences etc.  I wanna think I got everything but I know that probably isn't likely..  Can anyone assist?  Below is my hijackthis log.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:34:30 PM, on 3/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
CHROME: 1.1.266.0
FIREFOX: 27.0.1 (en-US)
Boot mode: Normal
 
Running processes:
C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\LastPass\nplastpass.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jesse\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jesse\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll
O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:
 
\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab
 
\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky 
 
Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin
 
\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 
 
3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin
 
\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 
 
3.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:
 
\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -
 
deviceID "CN1CF1Q1JN05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D00CAFF0F2A117FBD45ECFDF63767572] "C:\Program Files (x86)\Google\Chrome
 
\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 
 
3.0\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab
 
\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 
 
3.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery
 
\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:  
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common 
 
Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows
 
\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 
 
3.0\avp.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch
 
\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - C:\Program Files (x86)\DisplayFusion
 
\DisplayFusionService.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software
 
\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin
 
\EvtEng.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files 
 
(x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows
 
\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center
 
\EKAiOHostService.exe
O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor
 
\EKPrinterSDK.exe
O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher
 
\v1.01\levelqualitywatcher64.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program 
 
Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla 
 
Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file 
 
missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe 
 
(file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files
 
\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared 
 
files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files 
 
(x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file 
 
missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) - Unknown owner - C:\Program Files 
 
(x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file 
 
missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file 
 
missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update 
 
Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe 
 
(file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program 
 
Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file 
 
missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware
 
\USB\vmware-usbarbitrator64.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat
 
\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file 
 
missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem
 
\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files 
 
(x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program 
 
Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 16809 bytes
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 04 March 2014 - 11:42 PM

DSS Log

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2013 2:54:54 PM
System Uptime: 3/1/2014 8:28:38 PM (72 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | 700Z3A/700Z4A/700Z5A/700Z5B
Processor: Intel® Core™ i7-2675QM CPU @ 2.20GHz | CPU | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 201 GiB total, 123.432 GiB free.
D: is FIXED (NTFS) - 708 GiB total, 527.908 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP83: 2/21/2014 3:00:10 AM - Windows Update
RP84: 2/24/2014 9:47:41 PM - Windows Update
RP85: 2/27/2014 9:56:37 PM - Windows Update
RP86: 3/3/2014 10:26:13 PM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
aioscnnr
Akamai NetSession Interface
Amazon Kindle
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Applian FLV and Media Player 3.1.1.12
Asmedia ASM104x USB 3.0 Host Controller Driver
„Windows Live Essentials“
„Windows Live“ fotogalerija
BitLord 2.3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
center
ChromecastApp
Cisco Packet Tracer 6.0.1
Cisco WebEx Meetings
Citrix Online Launcher
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
DisplayFusion 5.1.1
DisplayLink Core Software
DisplayLink Graphics
Easy File Share
Easy Migration
Easy Settings
Easy Support Center
essentials
ETDWare PS/2-X64 10.7.9.1_WHQL
ExpressCache
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.10
GNS3 0.8.6
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 6.1.0.1312
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Update
I.R.I.S. OCR
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Interactive Guide
Java 7 Update 51
Java Auto Updater
Kaspersky PURE 3.0
Kingsoft Office 2013 (9.1.0.4246)
Kodak AIO Printer
KODAK AiO Software
LastPass (uninstall only)
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Multimedia POP
Notepad++
ocr
Pearson IT Certification Practice Test
PL-2303 USB-to-Serial
Podstawowe programy Windows Live
PreReq
PrintProjects
PX Profile Update
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S Agent
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
SAMSUNG USB Driver for Mobile Phones
SavingsBull
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Software Launcher
SW Update
System Requirements Lab for Intel
User Guide
VMware vSphere Client 5.5
Windows Live
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Liven asennustyökalu
Windows Liven valokuvavalikoima
WinPcap 4.1.3
Wireshark 1.10.2 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/28/2014 11:45:25 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 05 March 2014 - 03:02 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 05 March 2014 - 08:55 AM

Here is the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by Jesse (administrator) on BCS-LT-01 on 05-03-2014 05:52:58
Running from D:\Software\Utilities
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\windows\system32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [BrowserSafeguard] - "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
HKLM\...\Runonce: [WinSATRestorePower] - powercfg -setactive 0837d845-c98c-413e-af4c-4a5e8a2dd5b7
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [Google Update] - C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-09] (Google Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [GoogleChromeAutoLaunch_D00CAFF0F2A117FBD45ECFDF63767572] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-02-19] (Google Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {45c0c924-2bdb-11e1-84b7-806e6f6e6963} - E:\start_win.exe
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {e91b789c-6101-11e3-a45b-e8039a24f3fd} - F:\VZW_Software_upgrade_assistant.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEOptimizer - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default
FF user.js: detected! => C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\user.js
FF DefaultSearchEngine: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Jesse\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\searchplugins\Mysearchdial.xml
FF Extension: SavingsBull - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\SavingsBull@jetpack [2014-02-28]
FF Extension: No Name - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\staged [2014-02-28]
FF Extension: LastPass - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\support@lastpass.com [2013-12-27]
FF Extension: MySearchDial NewTab - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-01-19]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Entanglement Web App) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-06]
CHR Extension: (No Name) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-02-20]
CHR Extension: (Google Docs) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (WiBit) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2013-12-06]
CHR Extension: (The Google Chromebook Forum) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbfdponfijhgaiohjnbnbhoeccaidbk [2013-12-06]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google Cast) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-23]
CHR Extension: (Chrome RDP) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2014-01-12]
CHR Extension: (Google Search) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-26]
CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2013-12-06]
CHR Extension: (UberConference Bookmark) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlhdbjgofnajhpiakdjklonjlpbbonnc [2014-01-02]
CHR Extension: (The Godfather: Five Families) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2013-12-06]
CHR Extension: (Podio Notifications) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaafmmmpabgogfimjhfakfcemahdbaf [2013-12-06]
CHR Extension: (Google Calendar) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-06]
CHR Extension: (CloudRDP by Ericom) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgdcndfiodbbfendajnjbkihbhkmakm [2013-12-06]
CHR Extension: (Springpad) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-12-06]
CHR Extension: (Games) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobcpibfeplaikcclojfdhfdmbbeofai [2013-12-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-12]
CHR Extension: (Safe Money) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-12-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-12-09]
CHR Extension: (Music) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgakehlldcacnfhjampnkihibmkgclhk [2013-12-06]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-26]
CHR Extension: (Cloud Reader) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-06]
CHR Extension: (Google Talk Launcher) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjglmbkgdgdgdigllcokdabceikdppi [2013-12-06]
CHR Extension: (Google Play Music) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-12-06]
CHR Extension: (Podio) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb [2013-12-06]
CHR Extension: (2X Client for RDP/Remote Desktop) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbefefbcoggageojgcmipnfgjlekmpjp [2014-02-20]
CHR Extension: (Google Voice (by Google)) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-12-06]
CHR Extension: (Google Play) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-12-06]
CHR Extension: (DSL speedtest) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2013-12-06]
CHR Extension: (Google Play Books) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-06]
CHR Extension: (No Name) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-02-20]
CHR Extension: (LastPass Vault) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2013-12-06]
CHR Extension: (SavingsBull) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb [2014-02-28]
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (LogMeIn) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-12-18]
CHR Extension: (Picasa) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-12-06]
CHR Extension: (ThinRDP) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\philkmdomdibmijhncdoncldgkmnjhbg [2013-12-06]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR Extension: (Anti-Banner) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-26]
CHR Extension: (BeeBole) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pninkgekpdnecobeoajaanajdponegep [2013-12-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) =================
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9936176 2013-11-29] (DisplayLink Corp.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.5.52277.0.sys [46384 2013-12-09] ()
S3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-11-29] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [203568 2013-11-29] (DisplayLink Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 05:52 - 2014-03-05 05:52 - 00000000 ____D () C:\FRST
2014-03-04 21:03 - 2014-03-04 21:03 - 00003158 _____ () C:\windows\System32\Tasks\{DA634D30-0B1A-449C-82B4-A2FD11326028}
2014-03-04 20:39 - 2014-03-04 20:39 - 00029969 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-03-04 20:39 - 2014-03-04 20:39 - 00007288 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-03-04 19:00 - 2014-03-04 19:01 - 01389056 _____ () C:\Users\Jesse\Downloads\debt-reduction-calculator.xls
2014-03-03 18:30 - 2014-03-03 18:30 - 00000000 ____D () C:\Program Files\SavingsBull
2014-02-28 17:04 - 2014-02-28 17:37 - 00002363 _____ () C:\Users\Jesse\Desktop\CabSRV - Chrome.lnk
2014-02-28 14:46 - 2014-02-28 14:46 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-28 12:09 - 2014-03-04 19:34 - 00016811 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-02-28 12:09 - 2014-02-28 12:09 - 00003130 _____ () C:\windows\System32\Tasks\{8868FD29-3CFF-4C0C-9BEB-CC2986622A64}
2014-02-28 12:07 - 2014-02-28 12:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-02-28 11:47 - 2014-03-05 05:48 - 00000562 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000.job
2014-02-28 11:47 - 2014-02-28 11:47 - 00003590 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000
2014-02-28 11:46 - 2014-02-28 11:47 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Citrix
2014-02-28 09:05 - 2014-02-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 08:50 - 2014-02-28 08:50 - 00847832 _____ (Google Inc.) C:\Users\Jesse\Downloads\GoogleVoiceAndVideoSetup.exe
2014-02-20 22:47 - 2014-02-20 22:47 - 00035929 _____ () C:\Users\Jesse\Downloads\BR0-002-s.zip
2014-02-20 21:51 - 2014-03-05 05:49 - 00417129 _____ () C:\windows\WindowsUpdate.log
2014-02-20 21:48 - 2014-02-28 11:44 - 00000616 _____ () C:\windows\setupact.log
2014-02-20 21:48 - 2014-02-20 21:48 - 00000000 _____ () C:\windows\setuperr.log
2014-02-20 21:05 - 2014-02-20 21:05 - 00142044 _____ () C:\Users\Jesse\Downloads\ICND1_Part1_Mind_Map.xmind
2014-02-20 21:02 - 2014-02-20 21:02 - 00000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-20 21:02 - 2014-02-20 21:02 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Pearson IT Certification Practice Test
2014-02-18 06:39 - 2014-02-18 06:39 - 00014621 _____ () C:\Users\Jesse\Downloads\Engineering Week Q&A_Host_Discussion Questions.xlsx
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamShapes.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamLayout.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000054 _____ () C:\Users\Jesse\AppData\Roaming\Camdata.ini
2014-02-17 12:06 - 2014-02-17 12:09 - 00000000 ____D () C:\Users\Jesse\Documents\My CamStudio Temp Files
2014-02-17 12:06 - 2014-02-17 12:06 - 00000000 ____D () C:\Users\Jesse\Documents\Optimizer Pro
2014-02-17 12:02 - 2014-02-18 06:34 - 00000087 _____ () C:\Users\Jesse\AppData\Roaming\WB.CFG
2014-02-17 12:02 - 2014-02-17 12:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\IsolatedStorage
2014-02-17 12:01 - 2014-03-05 05:01 - 00000292 _____ () C:\windows\Tasks\MySearchDial.job
2014-02-17 12:01 - 2014-02-17 12:09 - 00004535 _____ () C:\Users\Jesse\AppData\Roaming\CamStudio.cfg
2014-02-17 12:01 - 2014-02-17 12:01 - 00003234 _____ () C:\windows\System32\Tasks\MySearchDial
2014-02-17 12:01 - 2014-02-17 12:01 - 00000096 _____ () C:\Users\Jesse\AppData\Roaming\version2.xml
2014-02-17 12:00 - 2014-02-17 12:00 - 00000395 _____ () C:\Users\Jesse\Desktop\MySearchDial.url
2014-02-17 12:00 - 2014-02-17 12:00 - 00000390 _____ () C:\Users\Jesse\Desktop\FREE Games.url
2014-02-17 12:00 - 2014-02-17 12:00 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-02-17 11:54 - 2014-02-17 11:54 - 00664984 _____ ( ) C:\Users\Jesse\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-02-14 09:16 - 2014-02-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 09:16 - 2014-02-14 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 09:10 - 2014-02-14 09:10 - 00000000 ____D () C:\windows\SysWOW64\SearchProtect
2014-02-14 09:06 - 2014-02-17 08:41 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Systweak
2014-02-14 09:06 - 2014-02-17 08:39 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-14 09:06 - 2014-02-14 09:06 - 00003860 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-14 09:06 - 2014-02-14 09:06 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-14 09:06 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox.exe
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox (1).exe
2014-02-14 07:29 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 07:29 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 07:29 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-14 07:29 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 07:29 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 07:29 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-14 07:29 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 07:29 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 07:29 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-14 07:29 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-14 07:29 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-14 07:29 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-14 07:29 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 07:29 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 07:29 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 07:29 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 07:29 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 07:29 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 07:29 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-14 07:29 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 07:29 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 07:29 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 07:29 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 07:29 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-14 07:29 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-14 07:29 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-14 07:29 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-14 07:29 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 07:29 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 07:29 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 07:29 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 07:29 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 07:29 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-14 07:29 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 07:29 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 07:29 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 07:29 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-14 07:29 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 07:29 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-14 07:29 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 07:29 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 22:04 - 2014-02-13 22:04 - 00000044 _____ () C:\Users\Jesse\Downloads\checkout
2014-02-13 20:38 - 2013-12-31 15:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 20:38 - 2013-12-31 15:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 20:38 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 20:38 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 20:38 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 20:38 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 20:38 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 20:38 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 20:38 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 20:38 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 20:38 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 20:38 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 20:38 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 20:38 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 20:38 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VERIZON
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 05:52 - 2014-03-05 05:52 - 00000000 ____D () C:\FRST
2014-03-05 05:49 - 2014-02-20 21:51 - 00417129 _____ () C:\windows\WindowsUpdate.log
2014-03-05 05:48 - 2014-02-28 11:47 - 00000562 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000.job
2014-03-05 05:44 - 2013-12-06 15:02 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 05:32 - 2013-12-10 09:26 - 00000362 _____ () C:\windows\Tasks\WpsUpdateTask_Jesse.job
2014-03-05 05:32 - 2013-12-07 09:42 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\DisplayFusion
2014-03-05 05:11 - 2014-01-19 14:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-05 05:01 - 2014-02-17 12:01 - 00000292 _____ () C:\windows\Tasks\MySearchDial.job
2014-03-05 04:59 - 2013-12-26 11:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 04:58 - 2013-12-09 13:59 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA.job
2014-03-04 23:26 - 2013-12-27 17:20 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-04 21:03 - 2014-03-04 21:03 - 00003158 _____ () C:\windows\System32\Tasks\{DA634D30-0B1A-449C-82B4-A2FD11326028}
2014-03-04 20:39 - 2014-03-04 20:39 - 00029969 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-03-04 20:39 - 2014-03-04 20:39 - 00007288 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-03-04 19:34 - 2014-02-28 12:09 - 00016811 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-03-04 19:01 - 2014-03-04 19:00 - 01389056 _____ () C:\Users\Jesse\Downloads\debt-reduction-calculator.xls
2014-03-04 08:58 - 2013-12-09 13:59 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core.job
2014-03-04 08:44 - 2013-12-06 15:02 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 18:30 - 2014-03-03 18:30 - 00000000 ____D () C:\Program Files\SavingsBull
2014-02-28 19:01 - 2013-12-27 17:42 - 00013206 _____ () C:\Users\Jesse\AppData\Local\installer.log
2014-02-28 17:37 - 2014-02-28 17:04 - 00002363 _____ () C:\Users\Jesse\Desktop\CabSRV - Chrome.lnk
2014-02-28 14:46 - 2014-02-28 14:46 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-28 12:09 - 2014-02-28 12:09 - 00003130 _____ () C:\windows\System32\Tasks\{8868FD29-3CFF-4C0C-9BEB-CC2986622A64}
2014-02-28 12:08 - 2013-12-06 14:55 - 00000000 ____D () C:\Users\Jesse\AppData\Local\VirtualStore
2014-02-28 12:07 - 2014-02-28 12:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-02-28 11:53 - 2014-02-14 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-28 11:51 - 2009-07-13 20:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 11:51 - 2009-07-13 20:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 11:50 - 2009-07-13 21:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-28 11:47 - 2014-02-28 11:47 - 00003590 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000
2014-02-28 11:47 - 2014-02-28 11:46 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Citrix
2014-02-28 11:45 - 2013-12-07 09:40 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-02-28 11:44 - 2014-02-20 21:48 - 00000616 _____ () C:\windows\setupact.log
2014-02-28 11:44 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-28 09:05 - 2014-02-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 08:51 - 2013-12-06 15:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Google
2014-02-28 08:50 - 2014-02-28 08:50 - 00847832 _____ (Google Inc.) C:\Users\Jesse\Downloads\GoogleVoiceAndVideoSetup.exe
2014-02-21 03:02 - 2013-12-07 00:40 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 03:00 - 2013-12-07 00:40 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-20 22:47 - 2014-02-20 22:47 - 00035929 _____ () C:\Users\Jesse\Downloads\BR0-002-s.zip
2014-02-20 21:48 - 2014-02-20 21:48 - 00000000 _____ () C:\windows\setuperr.log
2014-02-20 21:48 - 2010-11-20 19:47 - 00212232 _____ () C:\windows\PFRO.log
2014-02-20 21:48 - 2009-07-13 21:08 - 00001866 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-20 21:05 - 2014-02-20 21:05 - 00142044 _____ () C:\Users\Jesse\Downloads\ICND1_Part1_Mind_Map.xmind
2014-02-20 21:02 - 2014-02-20 21:02 - 00000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-20 21:02 - 2014-02-20 21:02 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Pearson IT Certification Practice Test
2014-02-20 20:59 - 2013-12-26 11:27 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:59 - 2013-12-26 11:27 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:59 - 2013-12-26 11:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-18 06:39 - 2014-02-18 06:39 - 00014621 _____ () C:\Users\Jesse\Downloads\Engineering Week Q&A_Host_Discussion Questions.xlsx
2014-02-18 06:34 - 2014-02-17 12:02 - 00000087 _____ () C:\Users\Jesse\AppData\Roaming\WB.CFG
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamShapes.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamLayout.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000054 _____ () C:\Users\Jesse\AppData\Roaming\Camdata.ini
2014-02-17 12:09 - 2014-02-17 12:06 - 00000000 ____D () C:\Users\Jesse\Documents\My CamStudio Temp Files
2014-02-17 12:09 - 2014-02-17 12:01 - 00004535 _____ () C:\Users\Jesse\AppData\Roaming\CamStudio.cfg
2014-02-17 12:06 - 2014-02-17 12:06 - 00000000 ____D () C:\Users\Jesse\Documents\Optimizer Pro
2014-02-17 12:02 - 2014-02-17 12:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\IsolatedStorage
2014-02-17 12:01 - 2014-02-17 12:01 - 00003234 _____ () C:\windows\System32\Tasks\MySearchDial
2014-02-17 12:01 - 2014-02-17 12:01 - 00000096 _____ () C:\Users\Jesse\AppData\Roaming\version2.xml
2014-02-17 12:00 - 2014-02-17 12:00 - 00000395 _____ () C:\Users\Jesse\Desktop\MySearchDial.url
2014-02-17 12:00 - 2014-02-17 12:00 - 00000390 _____ () C:\Users\Jesse\Desktop\FREE Games.url
2014-02-17 12:00 - 2014-02-17 12:00 - 00000000 ____D () C:\Program Files (x86)\Mysearchdial
2014-02-17 11:54 - 2014-02-17 11:54 - 00664984 _____ ( ) C:\Users\Jesse\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-02-17 09:58 - 2013-12-09 13:52 - 00002012 ____H () C:\Users\Jesse\Documents\Default.rdp
2014-02-17 08:45 - 2013-12-30 11:51 - 00000000 ____D () C:\windows\Minidump
2014-02-17 08:41 - 2014-02-14 09:06 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Systweak
2014-02-17 08:41 - 2013-12-06 14:57 - 00000000 ___RD () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 08:39 - 2014-02-14 09:06 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-17 08:39 - 2013-12-06 15:02 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 08:39 - 2013-12-06 15:02 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 09:16 - 2014-02-14 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 09:10 - 2014-02-14 09:10 - 00000000 ____D () C:\windows\SysWOW64\SearchProtect
2014-02-14 09:06 - 2014-02-14 09:06 - 00003860 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-14 09:06 - 2014-02-14 09:06 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox.exe
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox (1).exe
2014-02-14 08:53 - 2013-12-09 13:59 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA
2014-02-14 08:53 - 2013-12-09 13:59 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core
2014-02-14 08:26 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2014-02-14 07:31 - 2013-12-06 22:45 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-13 22:04 - 2014-02-13 22:04 - 00000044 _____ () C:\Users\Jesse\Downloads\checkout
2014-02-06 04:16 - 2014-02-14 07:29 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 07:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 07:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 07:29 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 07:29 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 07:29 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 07:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 07:29 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 07:29 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 07:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 07:29 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 07:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 07:29 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 07:29 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 07:29 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 07:29 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 07:29 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 07:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 07:29 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 07:29 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 07:29 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 07:29 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 07:29 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 07:29 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 07:29 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 07:29 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 07:29 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 07:29 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 07:29 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 07:29 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 07:29 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 07:29 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 07:29 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 07:29 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 07:29 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 07:29 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 07:29 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 07:29 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 07:29 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-03 13:54 - 2014-01-10 13:09 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VMware
2014-02-03 10:53 - 2013-12-14 08:43 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\HpUpdate
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VERIZON
 
Files to move or delete:
====================
C:\Users\Jesse\AppData\Roaming\CamLayout.ini
C:\Users\Jesse\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\96239uninstall.exe
C:\Users\Jesse\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite16295.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite44357.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite61201.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite69973.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite75854.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite94513.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite95112.dll
C:\Users\Jesse\AppData\Local\Temp\upd.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 15:16
 
==================== End Of Log ============================


#5 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 05 March 2014 - 08:57 AM

And here is the addition.txt log

 

I'm off to work in a few and will follow up afterward w/ any instructions.. Thank you!!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by Jesse at 2014-03-05 05:53:26
Running from D:\Software\Utilities
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.20.100.31129 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7BABFA2A-D3AB-DC68-2A69-A8E8C1C43BCB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81129.1203 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-254 - House of Life)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1129.1143.20969 - Advanced Micro Devices, Inc.) Hidden
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.)
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayFusion 5.1.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.1.1.0 - Binary Fortress Software)
DisplayLink Core Software (HKLM\...\{EDCF5C19-B08F-4661-95AB-88ABF88318F0}) (Version: 7.5.52874.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{6E443FA1-0FF5-4F82-B937-CE47A9F2BAF0}) (Version: 7.5.52889.0 - DisplayLink Corp.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
ETDWare PS/2-X64 10.7.9.1_WHQL (HKLM\...\Elantech) (Version: 10.7.9.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNS3 0.8.6 (HKLM-x32\...\GNS3) (Version: 0.8.6 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 6.1.0.1312 (HKCU\...\GoToMeeting) (Version: 6.1.0.1312 - CitrixOnline)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.2 - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Kingsoft Office 2013 (9.1.0.4246) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Pearson IT Certification Practice Test (HKLM-x32\...\Pearson IT Certification Practice Test_is1) (Version: 1.0.0.21 - Pearson IT Certification)
PL-2303 USB-to-Serial (HKLM-x32\...\{A9111573-EF12-4D80-A5B9-55F620D5BCA1}) (Version: 1.00.000 - Prolific Technology INC)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.2 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.2 - The Wireshark developer community, http://www.wireshark.org)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
04-03-2014 06:26:13 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {076C56C0-F7BB-495D-B866-AA321964DA8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {295473F6-D187-49A5-863D-7102F622F5D5} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {2B668D45-6ADD-4882-8D25-B5D765251568} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-12-06] (Samsung Electronics CO., LTD.)
Task: {2DF855DF-30A1-4C6C-B462-2AB3A6D36D28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {2FC9D4CB-4C27-4C50-B7DF-98940CD8936D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {37D3DB90-80AB-4532-BFE4-BF79EDA0F3A7} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {3DE337A0-A729-4E17-B782-4B0D8C3E99F1} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {6504CD06-0309-46BF-A297-38075D25CCFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {67454718-860E-431F-9174-3342D50A3A90} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {78F52835-B936-4DF7-BA19-ED60D4A8D186} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-16] (CyberLink)
Task: {7BB191C7-0F9A-41EC-9C24-3FE90F76EF81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {A19D4FCA-8CAC-4B84-8318-91D2C6015BF1} - System32\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000 => C:\Users\Jesse\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-02-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A8B6A7FC-FF5F-4606-B4AA-846B08F48846} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {CA3DB3A9-9189-4551-8DA4-E21469193FE7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {CED9987C-99A1-48BF-8F92-9520C6AD0DBE} - System32\Tasks\MySearchDial => C:\Users\Jesse\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D2EE7FC0-257F-4F57-BF15-06A59FE90F97} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {D812EFF2-FC45-4F2E-BFA4-7B8AC2B1C57A} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E929FD3D-30F0-4930-8BAE-118755315D13} - System32\Tasks\WpsUpdateTask_Jesse => D:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-08-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F7311D70-9DB3-4A05-9B1F-3434BB0A36E8} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {FD6B839D-F7DE-4184-AC4A-CEB8CAA920ED} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000.job => C:\Users\Jesse\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core.job => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA.job => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MySearchDial.job => C:\Users\Jesse\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\WpsUpdateTask_Jesse.job => D:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-27 12:45 - 2014-01-27 12:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2013-12-06 23:10 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () D:\Program Files\Notepad++\NppShell_05.dll
2011-04-04 14:18 - 2011-04-04 14:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-19 18:06 - 2009-11-30 23:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-12-06 23:10 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2013-12-06 23:10 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2009-11-01 21:20 - 2009-11-01 21:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-01 21:23 - 2009-11-01 21:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-12-06 22:14 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-02-20 21:01 - 2014-02-19 17:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-20 21:01 - 2014-02-19 17:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-20 21:01 - 2014-02-19 17:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-20 21:01 - 2014-02-19 17:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-20 21:01 - 2014-02-19 17:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-20 21:01 - 2014-02-19 17:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2014 00:38:35 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/03/2014 06:40:51 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/03/2014 06:27:48 PM) (Source: Microsoft-Windows-RestartManager) (User: BCS-LT-01)
Description: Application or service 'Google Chrome' could not be shut down.
 
Error: (03/02/2014 11:38:40 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/02/2014 03:25:16 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (03/01/2014 02:06:58 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/28/2014 02:46:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003469c
Faulting process id: 0x2880
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3
 
Error: (02/28/2014 01:11:27 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (02/28/2014 11:45:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3347, time stamp: 0x5272a0d1
Faulting module name: igfxext.exe, version: 8.15.10.3347, time stamp: 0x5272a0d1
Exception code: 0xc0000005
Fault offset: 0x000000000001fd83
Faulting process id: 0x1e44
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report Id: igfxext.exe3
 
Error: (02/28/2014 11:45:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3347, time stamp: 0x5272a0d1
Faulting module name: igfxext.exe, version: 8.15.10.3347, time stamp: 0x5272a0d1
Exception code: 0xc0000005
Fault offset: 0x000000000001fd83
Faulting process id: 0x1df8
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report Id: igfxext.exe3
 
 
System errors:
=============
Error: (03/04/2014 09:04:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/04/2014 09:04:00 PM) (Source: Application Popup) (User: )
Description: \??\C:\windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/28/2014 11:45:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/28/2014 07:46:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/27/2014 09:53:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/26/2014 09:13:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/25/2014 02:12:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/24/2014 09:42:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/20/2014 11:18:02 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/20/2014 09:49:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2014 00:38:35 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (03/03/2014 06:40:51 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (03/03/2014 06:27:48 PM) (Source: Microsoft-Windows-RestartManager)(User: BCS-LT-01)
Description: 1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeGoogle Chrome02117370560
 
Error: (03/02/2014 11:38:40 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (03/02/2014 03:25:16 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (03/01/2014 02:06:58 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (02/28/2014 02:46:46 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7601.175144ce792c4ntdll.dll6.1.7601.18247521ea8e7c00000050003469c288001cf34d6f4497428c:\Windows\syswow64\MsiExec.exeC:\windows\SysWOW64\ntdll.dll3355030c-a0ca-11e3-8292-e8039a24f3fd
 
Error: (02/28/2014 01:11:27 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (02/28/2014 11:45:58 AM) (Source: Application Error)(User: )
Description: igfxext.exe8.15.10.33475272a0d1igfxext.exe8.15.10.33475272a0d1c0000005000000000001fd831e4401cf34bdb2be66ddC:\windows\system32\igfxext.exeC:\windows\system32\igfxext.exef1a0c6cf-a0b0-11e3-8292-e8039a24f3fd
 
Error: (02/28/2014 11:45:58 AM) (Source: Application Error)(User: )
Description: igfxext.exe8.15.10.33475272a0d1igfxext.exe8.15.10.33475272a0d1c0000005000000000001fd831df801cf34bdb273a125C:\windows\system32\igfxext.exeC:\windows\system32\igfxext.exef17e4a2e-a0b0-11e3-8292-e8039a24f3fd
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-05 00:31:29.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 00:31:29.056
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 00:31:29.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 00:31:29.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 00:31:29.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-05 00:31:29.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 00:30:43.880
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 00:30:43.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 00:30:43.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-04 00:30:43.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 8105.55 MB
Available physical RAM: 4337.3 MB
Total Pagefile: 16209.27 MB
Available Pagefile: 11217.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:201 GB) (Free:127.83 GB) NTFS
Drive d: () (Fixed) (Total:708.09 GB) (Free:527.91 GB) NTFS
Drive e: (9781587143854) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 0D7D62F5)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7 GB) - (Type=73)
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 05 March 2014 - 09:25 AM

Hello,

there are a few remnants. Let's address these:


Step 1

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    SavingsBull

  • Reboot your computer.

 

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 05 March 2014 - 11:47 PM

AdwCleaner Log

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 19:50:56
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jesse - BCS-LT-01
# Running from : D:\Software\Utilities\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Level Quality Watcher
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Jesse\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Jesse\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\Jesse\Documents\BitLord
Folder Deleted : C:\Users\Jesse\Documents\Optimizer Pro
Folder Deleted : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Jesse\Desktop\MySearchDial.url
File Deleted : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\user.js
File Deleted : C:\windows\Tasks\MySearchDial.job
File Deleted : C:\windows\System32\Tasks\MySearchDial
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\caphyon
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0202ch");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtByE0FtA0F0DyB0EtDyBtN0D0Tzu0CyByBzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1977850121");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtByE0FtA0F0DyB0EtDyBtN0D0Tzu0CyByBzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "E8039A24F3FD7E07");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16118");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtByE0FtA0F0DyB0EtDyBtN0D0Tzu0CyByBzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AtByE0FtA0F0DyB0EtDyBtN0D0Tzu0CyByBzytN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.012:0:11");
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7894 octets] - [05/03/2014 19:47:57]
AdwCleaner[S0].txt - [7347 octets] - [05/03/2014 19:50:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7407 octets] ##########


#8 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 05 March 2014 - 11:49 PM

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by Jesse (administrator) on BCS-LT-01 on 05-03-2014 20:48:21
Running from D:\Software\Utilities
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\windows\system32\atieclxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [BrowserSafeguard] - "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [Google Update] - C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-09] (Google Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Jesse\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\Run: [GoogleChromeAutoLaunch_D00CAFF0F2A117FBD45ECFDF63767572] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464 2014-03-01] (Google Inc.)
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {45c0c924-2bdb-11e1-84b7-806e6f6e6963} - E:\start_win.exe
HKU\S-1-5-21-3481708340-1069080033-2213103319-1000\...\MountPoints2: {e91b789c-6101-11e3-a45b-e8039a24f3fd} - F:\VZW_Software_upgrade_assistant.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Jesse\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jesse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\staged [2014-02-28]
FF Extension: LastPass - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\irfkqxw8.default\Extensions\support@lastpass.com [2013-12-27]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-01-19]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Entanglement Web App) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-06]
CHR Extension: (No Name) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-02-20]
CHR Extension: (Google Docs) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (WiBit) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejaaogemoligmkbmeafkhnaegkggihf [2013-12-06]
CHR Extension: (The Google Chromebook Forum) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbfdponfijhgaiohjnbnbhoeccaidbk [2013-12-06]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google Cast) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-23]
CHR Extension: (Chrome RDP) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2014-01-12]
CHR Extension: (Google Search) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-26]
CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2013-12-06]
CHR Extension: (UberConference Bookmark) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlhdbjgofnajhpiakdjklonjlpbbonnc [2014-01-02]
CHR Extension: (The Godfather: Five Families) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2013-12-06]
CHR Extension: (Podio Notifications) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaafmmmpabgogfimjhfakfcemahdbaf [2013-12-06]
CHR Extension: (Google Calendar) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-06]
CHR Extension: (CloudRDP by Ericom) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgdcndfiodbbfendajnjbkihbhkmakm [2013-12-06]
CHR Extension: (Springpad) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla [2013-12-06]
CHR Extension: (Games) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobcpibfeplaikcclojfdhfdmbbeofai [2013-12-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-12]
CHR Extension: (Safe Money) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-26]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-12-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-12-09]
CHR Extension: (Music) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgakehlldcacnfhjampnkihibmkgclhk [2013-12-06]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-26]
CHR Extension: (Cloud Reader) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-12-06]
CHR Extension: (Google Talk Launcher) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icjglmbkgdgdgdigllcokdabceikdppi [2013-12-06]
CHR Extension: (Google Play Music) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-12-06]
CHR Extension: (Podio) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb [2013-12-06]
CHR Extension: (2X Client for RDP/Remote Desktop) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbefefbcoggageojgcmipnfgjlekmpjp [2014-02-20]
CHR Extension: (Google Voice (by Google)) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2013-12-06]
CHR Extension: (Google Play) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-12-06]
CHR Extension: (DSL speedtest) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2013-12-06]
CHR Extension: (Google Play Books) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-12-06]
CHR Extension: (No Name) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-02-20]
CHR Extension: (LastPass Vault) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2013-12-06]
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (LogMeIn) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-12-18]
CHR Extension: (Picasa) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-12-06]
CHR Extension: (ThinRDP) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\philkmdomdibmijhncdoncldgkmnjhbg [2013-12-06]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR Extension: (Anti-Banner) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-26]
CHR Extension: (BeeBole) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pninkgekpdnecobeoajaanajdponegep [2013-12-06]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) =================
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9936176 2013-11-29] (DisplayLink Corp.)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-22] (Diskeeper Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.5.52277.0.sys [46384 2013-12-09] ()
S3 dlcdcncm6_x64; C:\Windows\System32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-11-29] (DisplayLink Corp.)
S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [203568 2013-11-29] (DisplayLink Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-22] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-22] (Diskeeper Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 19:47 - 2014-03-05 19:51 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:41 - 2014-03-05 19:41 - 00000023 _____ () C:\Users\Jesse\Documents\dmvcosts.txt
2014-03-05 05:52 - 2014-03-05 20:48 - 00000000 ____D () C:\FRST
2014-03-04 21:03 - 2014-03-04 21:03 - 00003158 _____ () C:\windows\System32\Tasks\{DA634D30-0B1A-449C-82B4-A2FD11326028}
2014-03-04 20:39 - 2014-03-04 20:39 - 00029969 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-03-04 20:39 - 2014-03-04 20:39 - 00007288 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-03-04 19:00 - 2014-03-04 19:01 - 01389056 _____ () C:\Users\Jesse\Downloads\debt-reduction-calculator.xls
2014-02-28 17:04 - 2014-02-28 17:37 - 00002363 _____ () C:\Users\Jesse\Desktop\CabSRV - Chrome.lnk
2014-02-28 12:09 - 2014-03-04 19:34 - 00016811 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-02-28 12:09 - 2014-02-28 12:09 - 00003130 _____ () C:\windows\System32\Tasks\{8868FD29-3CFF-4C0C-9BEB-CC2986622A64}
2014-02-28 12:07 - 2014-02-28 12:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-02-28 11:47 - 2014-03-05 20:48 - 00000562 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000.job
2014-02-28 11:47 - 2014-02-28 11:47 - 00003590 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000
2014-02-28 11:46 - 2014-02-28 11:47 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Citrix
2014-02-28 09:05 - 2014-02-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 08:50 - 2014-02-28 08:50 - 00847832 _____ (Google Inc.) C:\Users\Jesse\Downloads\GoogleVoiceAndVideoSetup.exe
2014-02-20 22:47 - 2014-02-20 22:47 - 00035929 _____ () C:\Users\Jesse\Downloads\BR0-002-s.zip
2014-02-20 21:51 - 2014-03-05 19:52 - 00467243 _____ () C:\windows\WindowsUpdate.log
2014-02-20 21:48 - 2014-03-05 19:53 - 00000728 _____ () C:\windows\setupact.log
2014-02-20 21:48 - 2014-02-20 21:48 - 00000000 _____ () C:\windows\setuperr.log
2014-02-20 21:05 - 2014-02-20 21:05 - 00142044 _____ () C:\Users\Jesse\Downloads\ICND1_Part1_Mind_Map.xmind
2014-02-20 21:02 - 2014-02-20 21:02 - 00000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-20 21:02 - 2014-02-20 21:02 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Pearson IT Certification Practice Test
2014-02-18 06:39 - 2014-02-18 06:39 - 00014621 _____ () C:\Users\Jesse\Downloads\Engineering Week Q&A_Host_Discussion Questions.xlsx
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamShapes.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamLayout.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000054 _____ () C:\Users\Jesse\AppData\Roaming\Camdata.ini
2014-02-17 12:06 - 2014-02-17 12:09 - 00000000 ____D () C:\Users\Jesse\Documents\My CamStudio Temp Files
2014-02-17 12:02 - 2014-02-18 06:34 - 00000087 _____ () C:\Users\Jesse\AppData\Roaming\WB.CFG
2014-02-17 12:02 - 2014-02-17 12:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\IsolatedStorage
2014-02-17 12:01 - 2014-02-17 12:09 - 00004535 _____ () C:\Users\Jesse\AppData\Roaming\CamStudio.cfg
2014-02-17 12:01 - 2014-02-17 12:01 - 00000096 _____ () C:\Users\Jesse\AppData\Roaming\version2.xml
2014-02-17 12:00 - 2014-02-17 12:00 - 00000390 _____ () C:\Users\Jesse\Desktop\FREE Games.url
2014-02-17 11:54 - 2014-02-17 11:54 - 00664984 _____ ( ) C:\Users\Jesse\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-02-14 09:16 - 2014-03-05 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 09:16 - 2014-02-14 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 09:06 - 2014-02-17 08:39 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-14 09:06 - 2014-02-14 09:06 - 00003860 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox.exe
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox (1).exe
2014-02-14 07:29 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 07:29 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 07:29 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-14 07:29 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 07:29 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 07:29 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-14 07:29 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 07:29 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 07:29 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-14 07:29 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-14 07:29 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-14 07:29 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-14 07:29 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 07:29 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 07:29 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 07:29 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 07:29 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 07:29 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 07:29 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-14 07:29 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 07:29 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 07:29 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 07:29 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 07:29 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-14 07:29 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-14 07:29 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-14 07:29 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-14 07:29 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 07:29 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 07:29 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 07:29 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 07:29 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 07:29 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-14 07:29 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 07:29 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 07:29 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 07:29 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-14 07:29 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 07:29 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-14 07:29 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 07:29 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-13 22:04 - 2014-02-13 22:04 - 00000044 _____ () C:\Users\Jesse\Downloads\checkout
2014-02-13 20:38 - 2013-12-31 15:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-13 20:38 - 2013-12-31 15:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-13 20:38 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-13 20:38 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-13 20:38 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-13 20:38 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-13 20:38 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-13 20:38 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-13 20:38 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-13 20:38 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-13 20:38 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-13 20:38 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 20:38 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 20:38 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-13 20:38 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-13 20:38 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 20:38 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 20:38 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 20:38 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VERIZON
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 20:48 - 2014-03-05 05:52 - 00000000 ____D () C:\FRST
2014-03-05 20:48 - 2014-02-28 11:47 - 00000562 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000.job
2014-03-05 20:44 - 2013-12-06 15:02 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 20:37 - 2013-12-07 09:42 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\DisplayFusion
2014-03-05 20:32 - 2013-12-10 09:26 - 00000362 _____ () C:\windows\Tasks\WpsUpdateTask_Jesse.job
2014-03-05 20:00 - 2009-07-13 20:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 20:00 - 2009-07-13 20:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 19:59 - 2013-12-26 11:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 19:58 - 2013-12-09 13:59 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA.job
2014-03-05 19:57 - 2009-07-13 21:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-05 19:56 - 2014-02-20 21:51 - 00467243 _____ () C:\windows\WindowsUpdate.log
2014-03-05 19:54 - 2014-01-19 14:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-05 19:54 - 2013-12-07 09:40 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-03-05 19:54 - 2013-12-06 15:02 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 19:53 - 2014-02-20 21:48 - 00000728 _____ () C:\windows\setupact.log
2014-03-05 19:53 - 2013-12-27 17:20 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-05 19:53 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-05 19:51 - 2014-03-05 19:47 - 00000000 ____D () C:\AdwCleaner
2014-03-05 19:43 - 2014-02-14 09:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-05 19:41 - 2014-03-05 19:41 - 00000023 _____ () C:\Users\Jesse\Documents\dmvcosts.txt
2014-03-05 08:58 - 2013-12-09 13:59 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core.job
2014-03-04 21:03 - 2014-03-04 21:03 - 00003158 _____ () C:\windows\System32\Tasks\{DA634D30-0B1A-449C-82B4-A2FD11326028}
2014-03-04 20:39 - 2014-03-04 20:39 - 00029969 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-03-04 20:39 - 2014-03-04 20:39 - 00007288 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-03-04 20:38 - 2014-03-04 20:38 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-03-04 19:34 - 2014-02-28 12:09 - 00016811 _____ () C:\Users\Jesse\Downloads\hijackthis.log
2014-03-04 19:01 - 2014-03-04 19:00 - 01389056 _____ () C:\Users\Jesse\Downloads\debt-reduction-calculator.xls
2014-02-28 19:01 - 2013-12-27 17:42 - 00013206 _____ () C:\Users\Jesse\AppData\Local\installer.log
2014-02-28 17:37 - 2014-02-28 17:04 - 00002363 _____ () C:\Users\Jesse\Desktop\CabSRV - Chrome.lnk
2014-02-28 12:09 - 2014-02-28 12:09 - 00003130 _____ () C:\windows\System32\Tasks\{8868FD29-3CFF-4C0C-9BEB-CC2986622A64}
2014-02-28 12:08 - 2013-12-06 14:55 - 00000000 ____D () C:\Users\Jesse\AppData\Local\VirtualStore
2014-02-28 12:07 - 2014-02-28 12:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jesse\Downloads\HijackThis.exe
2014-02-28 11:47 - 2014-02-28 11:47 - 00003590 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3481708340-1069080033-2213103319-1000
2014-02-28 11:47 - 2014-02-28 11:46 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Citrix
2014-02-28 09:05 - 2014-02-28 09:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-28 08:51 - 2013-12-06 15:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Google
2014-02-28 08:50 - 2014-02-28 08:50 - 00847832 _____ (Google Inc.) C:\Users\Jesse\Downloads\GoogleVoiceAndVideoSetup.exe
2014-02-21 03:02 - 2013-12-07 00:40 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 03:00 - 2013-12-07 00:40 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-20 22:47 - 2014-02-20 22:47 - 00035929 _____ () C:\Users\Jesse\Downloads\BR0-002-s.zip
2014-02-20 21:48 - 2014-02-20 21:48 - 00000000 _____ () C:\windows\setuperr.log
2014-02-20 21:48 - 2010-11-20 19:47 - 00212232 _____ () C:\windows\PFRO.log
2014-02-20 21:48 - 2009-07-13 21:08 - 00002362 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-20 21:05 - 2014-02-20 21:05 - 00142044 _____ () C:\Users\Jesse\Downloads\ICND1_Part1_Mind_Map.xmind
2014-02-20 21:02 - 2014-02-20 21:02 - 00000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-02-20 21:02 - 2014-02-20 21:02 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Pearson IT Certification Practice Test
2014-02-20 20:59 - 2013-12-26 11:27 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:59 - 2013-12-26 11:27 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:59 - 2013-12-26 11:27 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-18 06:39 - 2014-02-18 06:39 - 00014621 _____ () C:\Users\Jesse\Downloads\Engineering Week Q&A_Host_Discussion Questions.xlsx
2014-02-18 06:34 - 2014-02-17 12:02 - 00000087 _____ () C:\Users\Jesse\AppData\Roaming\WB.CFG
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamShapes.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000408 _____ () C:\Users\Jesse\AppData\Roaming\CamLayout.ini
2014-02-17 12:09 - 2014-02-17 12:09 - 00000054 _____ () C:\Users\Jesse\AppData\Roaming\Camdata.ini
2014-02-17 12:09 - 2014-02-17 12:06 - 00000000 ____D () C:\Users\Jesse\Documents\My CamStudio Temp Files
2014-02-17 12:09 - 2014-02-17 12:01 - 00004535 _____ () C:\Users\Jesse\AppData\Roaming\CamStudio.cfg
2014-02-17 12:02 - 2014-02-17 12:02 - 00000000 ____D () C:\Users\Jesse\AppData\Local\IsolatedStorage
2014-02-17 12:01 - 2014-02-17 12:01 - 00000096 _____ () C:\Users\Jesse\AppData\Roaming\version2.xml
2014-02-17 12:00 - 2014-02-17 12:00 - 00000390 _____ () C:\Users\Jesse\Desktop\FREE Games.url
2014-02-17 11:54 - 2014-02-17 11:54 - 00664984 _____ ( ) C:\Users\Jesse\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-02-17 09:58 - 2013-12-09 13:52 - 00002012 ____H () C:\Users\Jesse\Documents\Default.rdp
2014-02-17 08:45 - 2013-12-30 11:51 - 00000000 ____D () C:\windows\Minidump
2014-02-17 08:41 - 2013-12-06 14:57 - 00000000 ___RD () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 08:39 - 2014-02-14 09:06 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-17 08:39 - 2013-12-06 15:02 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 08:39 - 2013-12-06 15:02 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 09:16 - 2014-02-14 09:16 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-14 09:06 - 2014-02-14 09:06 - 00003860 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox.exe
2014-02-14 09:02 - 2014-02-14 09:02 - 00110720 _____ () C:\Users\Jesse\Downloads\Firefox (1).exe
2014-02-14 08:53 - 2013-12-09 13:59 - 00003878 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000UA
2014-02-14 08:53 - 2013-12-09 13:59 - 00003482 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3481708340-1069080033-2213103319-1000Core
2014-02-14 08:26 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2014-02-14 07:31 - 2013-12-06 22:45 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-13 22:04 - 2014-02-13 22:04 - 00000044 _____ () C:\Users\Jesse\Downloads\checkout
2014-02-06 04:16 - 2014-02-14 07:29 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-14 07:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-14 07:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-14 07:29 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-14 07:29 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-14 07:29 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-14 07:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-14 07:29 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-14 07:29 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-14 07:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-14 07:29 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-14 07:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-14 07:29 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-14 07:29 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-14 07:29 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-14 07:29 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-14 07:29 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-14 07:29 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-14 07:29 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-14 07:29 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-14 07:29 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-14 07:29 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-14 07:29 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-14 07:29 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-14 07:29 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-14 07:29 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-14 07:29 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-14 07:29 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-14 07:29 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-14 07:29 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-14 07:29 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-14 07:29 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-14 07:29 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-14 07:29 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-14 07:29 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-14 07:29 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-14 07:29 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-14 07:29 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-14 07:29 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-03 13:54 - 2014-01-10 13:09 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VMware
2014-02-03 10:53 - 2013-12-14 08:43 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\HpUpdate
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-03 09:50 - 2014-02-03 09:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\VERIZON
 
Files to move or delete:
====================
C:\Users\Jesse\AppData\Roaming\CamLayout.ini
C:\Users\Jesse\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\96239uninstall.exe
C:\Users\Jesse\AppData\Local\Temp\Quarantine.exe
C:\Users\Jesse\AppData\Local\Temp\Sqlite3.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite16295.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite44357.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite61201.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite69973.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite75854.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite94513.dll
C:\Users\Jesse\AppData\Local\Temp\System.Data.SQLite95112.dll
C:\Users\Jesse\AppData\Local\Temp\upd.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 15:16
 
==================== End Of Log ============================


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 06 March 2014 - 03:04 AM

Hello,

it's looking good. How is your computer running?


Step 1

Please download this attached Attached File  fixlist.txt   1.17KB   1 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#10 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 06 March 2014 - 09:49 AM

Things appear to be much better..haven't seen the ads :)
 
fixlog.txt log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
Ran by Jesse at 2014-03-06 06:47:38 Run:1
Running from D:\Software\Utilities
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
 
HKLM-x32\...\Run: [BrowserSafeguard] - "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
C:\Program Files (x86)\Browsersafeguard
2014-02-14 09:06 - 2014-02-17 08:39 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-14 09:06 - 2014-02-14 09:06 - 00003860 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => Value deleted successfully.
"C:\Program Files (x86)\Browsersafeguard" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Program Files\SavingsbullFilter => Moved successfully.
C:\windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
running ESET Online Scanner now

Edited by jjones312, 06 March 2014 - 09:51 AM.


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 06 March 2014 - 10:03 AM

All right. :)



#12 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 06 March 2014 - 09:38 PM

ESET Online SCanner Log

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=95636cfca2be564e9bfad22981bcc0bf
# engine=17340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-06 05:38:40
# local_time=2014-03-06 09:38:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 145670970 0 0
# scanned=268339
# found=4
# cleaned=0
# scan_time=9748
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"
sh=250DB9E37C980365FF38EBBCA5715B356B672C76 ft=1 fh=1917a6c4a5ce2960 vn="a variant of Win32/Kryptik.BWAM trojan" ac=I fn="C:\Users\Jesse\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 07 March 2014 - 03:37 AM

Great, no more active malware has been found.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#14 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 07 March 2014 - 09:34 PM

Thanks again.. Check your paypal :)



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 08 March 2014 - 02:47 PM

Thank you very much for your donation!

All the best.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users