Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 completed infected with malware/trojans/virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 colt45

colt45

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 08 March 2014 - 07:29 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Home at 17:20:04 on 2014-03-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7928.5523 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\iCloud\iCloudServices.exe
C:\Program Files\iCloud\ApplePhotoStreams.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutCzz0AzytDyD0B0BtBzyzy0FtD0EtA0DtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=993833969&ir=
mSearch Bar = hxxp://www.tangosearch.com/?useie5=1&q=
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: PrOShoopper: {3E9E1377-F5A5-57A8-563D-E1CE44CE0F56} - C:\ProgramData\PrOShoopper\WwB.dll
BHO: DocaSCConverTer: {550A7B4E-3245-D49E-44D1-9A6AB70F0D0F} - C:\ProgramData\DocaSCConverTer\21VH3.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: savinsihop: {61F37F42-E467-5BD3-AF0A-FFF33047C65D} - C:\ProgramData\savinsihop\LHiMer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: ddEal4real: {D8FEEA02-CD47-D678-F90A-0FD6B78E7966} - C:\ProgramData\ddEal4real\9l0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - 
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - 
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - 
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - 
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Spotify Web Helper] "C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Home\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [iCloudServices] C:\Program Files\iCloud\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files\iCloud\ApplePhotoStreams.exe
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{521E8D85-C6BE-45A4-823A-8E62015D15D2} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutCzz0AzytDyD0B0BtBzyzy0FtD0EtA0DtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=993833969&ir=
x64-BHO: PrOShoopper: {3E9E1377-F5A5-57A8-563D-E1CE44CE0F56} - 
x64-BHO: DocaSCConverTer: {550A7B4E-3245-D49E-44D1-9A6AB70F0D0F} - 
x64-BHO: savinsihop: {61F37F42-E467-5BD3-AF0A-FFF33047C65D} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ddEal4real: {D8FEEA02-CD47-D678-F90A-0FD6B78E7966} - 
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-02-04 20:17; axjigf3io@vliymhmbjhffdt.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org
FF - ExtSQL: 2014-02-18 22:43; u-k@ooiag.org; C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\u-k@ooiag.org
FF - ExtSQL: !HIDDEN! 2010-08-15 19:51; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-12-3 230456]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-3 203264]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-2-20 166352]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-4 4915040]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2014-1-10 290424]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-3 239616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-3 34872]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Util BuzzSearch;Util BuzzSearch;"C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe" --> C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe [?]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-2-19 22704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-24 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-27 1255736]
.
=============== Created Last 30 ================
.
2014-03-07 12:38:32 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1C7FBC6-588F-4191-A9E8-30979D990B56}\offreg.dll
2014-03-07 12:37:53 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1C7FBC6-588F-4191-A9E8-30979D990B56}\mpengine.dll
2014-03-05 04:26:28 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-03-04 10:00:41 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-26 10:01:05 -------- d-----w- C:\Windows\Migration
2014-02-20 13:52:46 14680 ----a-w- C:\Windows\System32\sh4native.exe
2014-02-20 07:16:24 -------- d-----w- C:\Users\Home\AppData\Local\CrashDumps
2014-02-20 05:21:35 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-02-20 05:21:32 110080 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-02-20 05:21:32 110080 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-02-20 05:21:32 110080 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-02-20 05:21:32 -------- d-----w- C:\sh4ldr
2014-02-20 05:21:32 -------- d-----w- C:\Program Files\Enigma Software Group
2014-02-20 05:20:34 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-20 05:20:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-02-20 05:14:53 -------- d-----w- C:\Users\Home\AppData\Roaming\ParetoLogic
2014-02-20 05:14:53 -------- d-----w- C:\Users\Home\AppData\Roaming\DriverCure
2014-02-20 05:14:45 -------- d-----w- C:\ProgramData\ParetoLogic
2014-02-19 14:26:12 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-19 05:52:16 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2014-02-16 01:56:24 -------- d-----w- C:\Users\Home\AppData\Local\Packages
2014-02-16 01:56:17 -------- d-----w- C:\ProgramData\savinsihop
2014-02-13 10:01:29 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 10:01:29 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 07:49:07 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 07:48:59 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2014-02-13 07:48:59 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2014-02-13 07:48:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2014-02-13 07:48:59 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-13 07:48:59 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2014-02-13 07:48:59 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2014-02-13 07:48:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 07:48:57 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 07:48:56 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 07:48:56 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
==================== Find3M  ====================
.
2014-02-22 19:40:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 19:40:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-19 04:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 13:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:20:56.38 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 08 March 2014 - 08:03 PM

Hello and welcome to Bleeping Computer,

please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 08 March 2014 - 08:22 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by Home (administrator) on HOME-PC on 08-03-2014 18:20:05
Running from C:\Users\Home\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AMD) C:\Windows\system32\atieclxx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Spotify Ltd) C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Home\AppData\Roaming\Spotify\spotify.exe
(Apple Inc.) C:\Program Files\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\iCloud\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-04-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime Alternative\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-20] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [Spotify Web Helper] - C:\Users\Home\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [Spotify] - C:\Users\Home\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [iCloudServices] - C:\Program Files\iCloud\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\iCloud\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [ComcastAntispyClient] - "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-4079305424-3108118416-1960695642-1000\...\Run: [PC Health Kit] - C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
AppInit_DLLs: 0 => 0 File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => "c:\progra~2\optimi~1\optpro~1.dll" File Not Found
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll No File
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {37DA6865-C85B-42E9-B8E2-1F6B1F30BE84} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {37DA6865-C85B-42E9-B8E2-1F6B1F30BE84} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {6C38107F-1B3D-8988-66C8-75B75E05FA87} URL = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
SearchScopes: HKCU - DefaultScope {1B977252-65EC-DFCB-E752-794A37822658} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
SearchScopes: HKCU - {1B977252-65EC-DFCB-E752-794A37822658} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
SearchScopes: HKCU - {37DA6865-C85B-42E9-B8E2-1F6B1F30BE84} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {82E252F8-C10D-453C-9BA1-0152720ACC2D} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKCU - {AC9BC124-8482-4A0B-B48F-C41044F8F086} URL = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH
BHO: PrOShoopper - {3E9E1377-F5A5-57A8-563D-E1CE44CE0F56} - C:\ProgramData\PrOShoopper\WwB.x64.dll No File
BHO: DocaSCConverTer - {550A7B4E-3245-D49E-44D1-9A6AB70F0D0F} - C:\ProgramData\DocaSCConverTer\21VH3.x64.dll No File
BHO: savinsihop - {61F37F42-E467-5BD3-AF0A-FFF33047C65D} - C:\ProgramData\savinsihop\LHiMer.x64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ddEal4real - {D8FEEA02-CD47-D678-F90A-0FD6B78E7966} - C:\ProgramData\ddEal4real\9l0.x64.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: PrOShoopper - {3E9E1377-F5A5-57A8-563D-E1CE44CE0F56} - C:\ProgramData\PrOShoopper\WwB.dll ()
BHO-x32: DocaSCConverTer - {550A7B4E-3245-D49E-44D1-9A6AB70F0D0F} - C:\ProgramData\DocaSCConverTer\21VH3.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: savinsihop - {61F37F42-E467-5BD3-AF0A-FFF33047C65D} - C:\ProgramData\savinsihop\LHiMer.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: ddEal4real - {D8FEEA02-CD47-D678-F90A-0FD6B78E7966} - C:\ProgramData\ddEal4real\9l0.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll No File
Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin8.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: DocaSCConverTer - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\axjigf3io@vliymhmbjhffdt.org [2014-02-04]
FF Extension: CrossReader - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com [2014-02-19]
FF Extension: Conduit Engine  - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\engine@conduit.com [2011-02-20]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\LogMeInClient@logmein.com [2013-06-25]
FF Extension: ddEal4real - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\mci7br@ijuicyy.com [2013-12-22]
FF Extension: No Name - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\staged [2014-03-08]
FF Extension: savinsihop - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\u-k@ooiag.org [2014-02-18]
FF Extension: PrOShoopper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\zfr_i@fglvtoue.edu [2013-12-22]
FF Extension: Tinseltown - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\Extensions\{285da7e0-729d-11db-9fe1-0800200c9a66} [2010-12-24]
FF Extension: QuestBrowse - C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} [2013-11-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-15]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Extension: (Ask Toolbar) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2014-02-20]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-20]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-20]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-20]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-20]
CHR Extension: (DocaSCConverTer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgejnjaphkceeljccbaedfmaccbbgagi [2014-02-20]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-20]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-20]
CHR Extension: (PrOShoopper) - C:\ProgramData\hkjndfemkilakgompcajoecgnomhjcjf [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-04-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-20] (APN LLC.)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [290424 2013-07-15] (WinZip Computing, S.L. (WinZip Computing))
S2 Util BuzzSearch; "C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-08 18:20 - 2014-03-08 18:20 - 00025919 _____ () C:\Users\Home\Desktop\FRST.txt
2014-03-08 18:19 - 2014-03-08 18:20 - 00000000 ____D () C:\FRST
2014-03-08 18:18 - 2014-03-08 18:18 - 02156544 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2014-03-08 17:28 - 2014-03-08 17:28 - 00003236 _____ () C:\Users\Home\Desktop\attach.zip
2014-03-08 17:21 - 2014-03-08 17:21 - 00009277 _____ () C:\Users\Home\Desktop\attach.txt
2014-03-08 17:21 - 2014-03-08 17:20 - 00023784 _____ () C:\Users\Home\Desktop\dds.txt
2014-03-08 17:19 - 2014-03-08 17:19 - 00688992 ____R (Swearware) C:\Users\Home\Downloads\dds (1).com
2014-03-08 17:17 - 2014-03-08 17:17 - 00688992 _____ (Swearware) C:\Users\Home\Downloads\dds.com
2014-03-04 21:26 - 2014-03-04 21:26 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-04 21:26 - 2014-03-04 21:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-04 21:25 - 2014-03-04 21:25 - 05814000 _____ (TeamViewer GmbH) C:\Users\Home\Downloads\TeamViewer_Setup_en.exe
2014-03-04 21:25 - 2014-03-04 21:25 - 00221480 _____ (Fusion Install ) C:\Users\Home\Downloads\Player-Chrome.exe
2014-03-04 03:00 - 2014-03-04 03:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-20 06:54 - 2014-02-26 07:05 - 00059300 _____ () C:\sh4_service.log
2014-02-20 06:52 - 2010-08-05 17:01 - 00014680 _____ () C:\Windows\system32\sh4native.exe
2014-02-20 00:21 - 2014-02-20 00:21 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 00:16 - 2014-03-06 23:05 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
2014-02-20 00:06 - 2014-02-20 00:06 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-19 22:46 - 2014-02-19 22:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer (1).exe
2014-02-19 22:21 - 2014-02-19 23:58 - 00003254 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-02-19 22:21 - 2014-02-19 22:21 - 00002258 _____ () C:\Users\Home\Desktop\SpyHunter.lnk
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\sh4ldr
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 _____ () C:\autoexec.bat
2014-02-19 22:21 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-02-19 22:20 - 2014-02-19 22:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-19 22:20 - 2014-02-19 22:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2014-02-19 22:14 - 2014-02-19 23:21 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-19 22:14 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\ParetoLogic
2014-02-19 22:14 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DriverCure
2014-02-19 22:12 - 2014-02-19 22:12 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Home\Downloads\RegCureProSetup.exe
2014-02-19 22:09 - 2014-02-19 22:10 - 03420288 _____ (CompuClever Systems Inc.) C:\Users\Home\Downloads\pctuneupmaestro_installer_42_.exe
2014-02-19 07:06 - 2014-02-19 07:06 - 00003090 _____ () C:\Windows\System32\Tasks\{303BABB7-1880-4FBA-94C5-89B15D94B687}
2014-02-18 22:52 - 2014-02-19 07:10 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-02-18 22:50 - 2014-02-18 22:50 - 00000000 ____D () C:\Users\Home\Documents\Symantec
2014-02-18 22:47 - 2014-02-19 08:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-18 22:46 - 2014-02-18 22:46 - 01021632 _____ (Symantec Corporation) C:\Users\Home\Downloads\Norton_Download_Manager(1).exe
2014-02-18 22:45 - 2014-02-18 22:45 - 01021632 _____ (Symantec Corporation) C:\Users\Home\Downloads\Norton_Download_Manager.exe
2014-02-15 18:56 - 2014-02-20 06:53 - 00000000 ____D () C:\ProgramData\savinsihop
2014-02-15 18:56 - 2014-02-15 18:56 - 00000000 ____D () C:\Users\Home\AppData\Local\Packages
2014-02-13 03:01 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 00:49 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 00:49 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 00:49 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 00:49 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 00:49 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 00:49 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 00:49 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 00:49 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 00:49 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 00:49 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 00:49 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 00:49 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 00:49 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 00:49 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 00:49 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 00:49 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 00:49 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 00:49 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 00:48 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 00:48 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:48 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 00:48 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 00:48 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 00:48 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 00:48 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 00:48 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 00:48 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 00:48 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 21:55 - 2014-02-12 21:55 - 00966464 _____ () C:\Users\Home\Downloads\flv_installer.exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-08 18:20 - 2014-03-08 18:20 - 00025919 _____ () C:\Users\Home\Desktop\FRST.txt
2014-03-08 18:20 - 2014-03-08 18:19 - 00000000 ____D () C:\FRST
2014-03-08 18:18 - 2014-03-08 18:18 - 02156544 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2014-03-08 17:56 - 2013-11-14 06:56 - 00000288 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-03-08 17:48 - 2011-04-04 23:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 17:40 - 2012-07-29 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 17:28 - 2014-03-08 17:28 - 00003236 _____ () C:\Users\Home\Desktop\attach.zip
2014-03-08 17:21 - 2014-03-08 17:21 - 00009277 _____ () C:\Users\Home\Desktop\attach.txt
2014-03-08 17:20 - 2014-03-08 17:21 - 00023784 _____ () C:\Users\Home\Desktop\dds.txt
2014-03-08 17:19 - 2014-03-08 17:19 - 00688992 ____R (Swearware) C:\Users\Home\Downloads\dds (1).com
2014-03-08 17:19 - 2012-10-10 22:19 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Spotify
2014-03-08 17:17 - 2014-03-08 17:17 - 00688992 _____ (Swearware) C:\Users\Home\Downloads\dds.com
2014-03-08 16:09 - 2011-04-04 23:26 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 16:09 - 2010-07-27 18:07 - 00118128 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-08 09:27 - 2009-12-25 16:21 - 01483789 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 22:20 - 2014-01-10 22:20 - 00000508 _____ () C:\Windows\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2014-03-06 23:05 - 2014-02-20 00:16 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
2014-03-06 22:21 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 21:26 - 2014-03-04 21:26 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-04 21:26 - 2014-03-04 21:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-04 21:25 - 2014-03-04 21:25 - 05814000 _____ (TeamViewer GmbH) C:\Users\Home\Downloads\TeamViewer_Setup_en.exe
2014-03-04 21:25 - 2014-03-04 21:25 - 00221480 _____ (Fusion Install ) C:\Users\Home\Downloads\Player-Chrome.exe
2014-03-04 03:00 - 2014-03-04 03:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 03:00 - 2011-03-23 13:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-04 03:00 - 2011-03-23 13:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 07:05 - 2012-11-13 18:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Spotify
2014-03-01 09:27 - 2010-07-27 20:55 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-02-27 22:44 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 22:44 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 03:01 - 2011-04-23 22:24 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 07:05 - 2014-02-20 06:54 - 00059300 _____ () C:\sh4_service.log
2014-02-26 07:05 - 2011-08-05 15:33 - 00019383 _____ () C:\Windows\setupact.log
2014-02-26 07:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 07:03 - 2013-11-14 06:57 - 00023290 _____ () C:\Users\Home\daemonprocess.txt
2014-02-26 03:20 - 2011-08-05 15:32 - 00279130 _____ () C:\Windows\PFRO.log
2014-02-26 03:19 - 2014-01-10 22:20 - 00000470 _____ () C:\Windows\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2014-02-22 12:40 - 2012-07-29 17:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 12:40 - 2012-07-29 17:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 12:40 - 2011-06-19 19:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 06:53 - 2014-02-15 18:56 - 00000000 ____D () C:\ProgramData\savinsihop
2014-02-20 06:53 - 2014-01-31 23:42 - 00000000 ____D () C:\ProgramData\DocaSCConverTer
2014-02-20 06:53 - 2014-01-29 21:54 - 00000000 ____D () C:\Users\Home\AppData\Local\StormAlerts
2014-02-20 06:53 - 2014-01-29 21:53 - 00000000 ____D () C:\Program Files (x86)\Software Updater
2014-02-20 06:53 - 2013-12-22 15:40 - 00000000 ____D () C:\ProgramData\PrOShoopper
2014-02-20 06:53 - 2013-12-22 15:40 - 00000000 ____D () C:\ProgramData\ddEal4real
2014-02-20 06:53 - 2011-11-15 17:11 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
2014-02-20 06:53 - 2011-02-20 12:35 - 00000000 ____D () C:\Program Files (x86)\uTorrentBar
2014-02-20 06:53 - 2010-07-27 18:09 - 00000000 ___RD () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-20 00:21 - 2014-02-20 00:21 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-20 00:20 - 2011-04-04 23:26 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-20 00:06 - 2014-02-20 00:06 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-20 00:06 - 2010-12-24 14:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-20 00:06 - 2010-07-28 20:33 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-20 00:06 - 2010-07-28 20:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2014-02-20 00:05 - 2010-07-27 22:07 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2014-02-19 23:58 - 2014-02-19 22:21 - 00003254 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-02-19 23:47 - 2011-04-04 23:27 - 00003336 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4079305424-3108118416-1960695642-1000
2014-02-19 23:47 - 2011-04-04 23:27 - 00003200 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4079305424-3108118416-1960695642-1000
2014-02-19 23:25 - 2009-12-03 16:54 - 00000000 ____D () C:\ProgramData\Norton
2014-02-19 23:21 - 2014-02-19 22:14 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-19 23:07 - 2011-05-16 15:11 - 00001783 _____ () C:\Users\Public\Desktop\Streaming Music - MediaPass.lnk
2014-02-19 22:59 - 2014-01-09 16:54 - 00000000 ____D () C:\Users\Home\AppData\Local\ID Vault
2014-02-19 22:59 - 2014-01-09 16:53 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-02-19 22:58 - 2014-01-09 16:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\ID Vault
2014-02-19 22:46 - 2014-02-19 22:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer (1).exe
2014-02-19 22:21 - 2014-02-19 22:21 - 00002258 _____ () C:\Users\Home\Desktop\SpyHunter.lnk
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\sh4ldr
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-19 22:21 - 2014-02-19 22:21 - 00000000 _____ () C:\autoexec.bat
2014-02-19 22:21 - 2014-02-19 22:20 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-19 22:20 - 2014-02-19 22:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Home\Downloads\SpyHunter-Installer.exe
2014-02-19 22:14 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\ParetoLogic
2014-02-19 22:14 - 2014-02-19 22:14 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DriverCure
2014-02-19 22:12 - 2014-02-19 22:12 - 07535352 _____ (ParetoLogic, Inc.) C:\Users\Home\Downloads\RegCureProSetup.exe
2014-02-19 22:10 - 2014-02-19 22:09 - 03420288 _____ (CompuClever Systems Inc.) C:\Users\Home\Downloads\pctuneupmaestro_installer_42_.exe
2014-02-19 12:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-02-19 08:19 - 2014-02-18 22:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-02-19 08:14 - 2010-09-21 18:12 - 00000000 ____D () C:\ProgramData\Recovery
2014-02-19 07:10 - 2014-02-18 22:52 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-02-19 07:06 - 2014-02-19 07:06 - 00003090 _____ () C:\Windows\System32\Tasks\{303BABB7-1880-4FBA-94C5-89B15D94B687}
2014-02-19 00:56 - 2013-12-19 07:56 - 00000130 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2014-02-18 22:51 - 2011-04-23 22:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-18 22:50 - 2014-02-18 22:50 - 00000000 ____D () C:\Users\Home\Documents\Symantec
2014-02-18 22:47 - 2011-08-19 06:05 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-02-18 22:46 - 2014-02-18 22:46 - 01021632 _____ (Symantec Corporation) C:\Users\Home\Downloads\Norton_Download_Manager(1).exe
2014-02-18 22:45 - 2014-02-18 22:45 - 01021632 _____ (Symantec Corporation) C:\Users\Home\Downloads\Norton_Download_Manager.exe
2014-02-16 03:03 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2010-07-27 20:47 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 18:56 - 2014-02-15 18:56 - 00000000 ____D () C:\Users\Home\AppData\Local\Packages
2014-02-15 18:56 - 2013-12-22 15:40 - 00000000 ____D () C:\ProgramData\8ff788d61715975c
2014-02-15 12:05 - 2014-01-29 21:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-02-15 12:05 - 2014-01-29 21:54 - 00000000 ____D () C:\Users\Home\AppData\Local\Weather_Warnings_LLC
2014-02-15 12:05 - 2014-01-09 16:54 - 00000000 ____D () C:\Users\Home\AppData\Local\White_Sky,_Inc
2014-02-15 12:05 - 2012-07-29 17:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-15 12:05 - 2010-08-15 18:48 - 00000000 ____D () C:\ProgramData\HP
2014-02-15 12:05 - 2010-07-27 18:04 - 00000000 ____D () C:\Users\Home
2014-02-15 12:05 - 2009-07-14 00:45 - 00000000 ____D () C:\Windows\ShellNew
2014-02-15 12:05 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-15 12:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-02-14 00:56 - 2013-11-14 06:56 - 00003224 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-02-13 03:12 - 2010-08-21 10:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:02 - 2009-07-13 19:34 - 00000513 _____ () C:\Windows\win.ini
2014-02-12 21:55 - 2014-02-12 21:55 - 00966464 _____ () C:\Users\Home\Downloads\flv_installer.exe
2014-02-06 05:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 04:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 03:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 03:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 03:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 02:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 02:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 02:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 02:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 02:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 02:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 02:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 02:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 02:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 02:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 02:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 02:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 01:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 01:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 01:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 01:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 01:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\SetupA2.exe
C:\Users\ADMINI~1\AppData\Local\Temp\SetupAC.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 00:07
 
==================== End Of Log ============================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 09 March 2014 - 11:19 AM

Please do the following:

Download the attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   7.55KB   5 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 10 March 2014 - 07:44 PM

Thank you.

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 11 March 2014 - 09:58 AM

looks better, please do the following,

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 11 March 2014 - 12:14 PM

I have been doing all this remotely via team viewer on my parents computer. After I ran fix list last night I installed Microsoft security essentials and used revo uninstaller on a lot of programs. Most that looked fishy couldn't find the uninstall file so looks like everything is working. I did remove several registry entries and leftover files that revo found as well. Thanks for the help. When I get off work I'll complete the next step.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 11 March 2014 - 03:27 PM

ok good.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 11 March 2014 - 09:10 PM

ComboFix 14-03-10.01 - Home 03/11/2014  19:07:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7928.5920 [GMT -6:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js
c:\program files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf
c:\program files (x86)\MPAccess
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org\bootstrap.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org\chrome.manifest
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org\content\bg.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org\install.rdf
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome.manifest
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\asyncDB.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\background.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\browserAction.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\contextMenu.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\dbManager.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\dom_bg.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\fileManager.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\firefox.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\firefoxNotifications.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\firefoxOmnibox.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\message.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\pageAction.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\request.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\tabs.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\webRequest.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\background.html
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\baseObject.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\browser.xul
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\console.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\consts.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\delegate.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\extensionDataStore.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\folderIOWrapper.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\httpObserver.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\IDBWrapper.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\installer.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\logFile.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\prefs.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\progressListenerObserver.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\registry.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\reloadObserver.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\reports.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\requestObject.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\searchSettings.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\uninstallObserver.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\updateManager.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\utils.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\core\xhr.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\dialog.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\main.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\options.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\options.xul
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\platformVersion.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\chrome\content\search_dialog.xul
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\defaults\preferences\prefs.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\manifest.xml
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins.json
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\1_base.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\17_jQuery.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\182_openUrl.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\207_dbWrapper.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\21_debug.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\22_resources.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\28_initializer.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\47_resources_background.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\64_appApiMessage.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\72_appApiValidation.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\plugins\98_omniCommands.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\userCode\background.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\extensionData\userCode\extension.js
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\install.rdf
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\locale\en-US\translations.dtd
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\button1.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\button2.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\button3.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\button4.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\button5.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\crossrider_statusbar.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\icon128.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\icon16.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\icon24.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\icon48.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\panelarrow-up.png
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\popup.html
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\skin.css
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\d97261de-a64c-4758-bc89-6d104d1c040c@a4bb72fa-00d9-47d7-b6e4-3fdf0f261f92.com\skin\update.css
c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\searchplugins\bing-zugo.xml
c:\windows\COUPon~1.ocx
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-12 to 2014-03-12  )))))))))))))))))))))))))))))))
.
.
2014-03-12 01:25 . 2014-03-12 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-12 01:25 . 2014-03-12 01:25 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2014-03-11 03:29 . 2014-03-11 03:29 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF8FFD85-6767-4BB2-A43E-821370B8C4EC}\offreg.dll
2014-03-11 02:39 . 2014-02-06 07:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF8FFD85-6767-4BB2-A43E-821370B8C4EC}\mpengine.dll
2014-03-11 01:21 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-03-11 01:21 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-11 01:21 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-11 01:21 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-03-11 01:21 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-03-11 01:21 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-11 01:20 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-11 01:20 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-11 01:19 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-03-11 01:19 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-03-11 01:05 . 2014-03-11 01:05 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{229BC559-2237-45E9-874F-08D28CA1CEF6}\gapaengine.dll
2014-03-11 01:05 . 2014-02-06 07:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-11 01:04 . 2014-03-11 01:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-03-11 01:03 . 2014-03-11 01:04 -------- d-----w- c:\program files\Microsoft Security Client
2014-03-09 01:19 . 2014-03-11 00:38 -------- d-----w- C:\FRST
2014-03-07 12:37 . 2014-02-17 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1C7FBC6-588F-4191-A9E8-30979D990B56}\mpengine.dll
2014-03-05 04:26 . 2014-03-05 04:26 -------- d-----w- c:\program files (x86)\TeamViewer
2014-03-04 10:00 . 2014-03-04 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-04 10:00 . 2014-03-04 10:00 -------- d-----r- c:\program files (x86)\Skype
2014-02-26 10:01 . 2014-02-26 10:01 -------- d-----w- c:\windows\Migration
2014-02-20 13:52 . 2010-08-06 00:01 14680 ----a-w- c:\windows\system32\sh4native.exe
2014-02-20 07:16 . 2014-03-11 02:23 -------- d-----w- c:\users\Home\AppData\Local\CrashDumps
2014-02-20 07:06 . 2014-02-20 07:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-02-20 05:21 . 2014-02-20 05:21 -------- d-----w- c:\program files\Enigma Software Group
2014-02-20 05:20 . 2014-03-11 00:57 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-20 05:20 . 2014-02-20 05:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-02-20 05:14 . 2014-02-20 05:14 -------- d-----w- c:\users\Home\AppData\Roaming\ParetoLogic
2014-02-20 05:14 . 2014-02-20 05:14 -------- d-----w- c:\users\Home\AppData\Roaming\DriverCure
2014-02-20 05:14 . 2014-02-20 06:21 -------- d-----w- c:\programdata\ParetoLogic
2014-02-19 05:52 . 2014-02-19 14:10 -------- d-----w- c:\program files (x86)\Norton Security Suite
2014-02-16 01:56 . 2014-02-16 01:56 -------- d-----w- c:\users\Home\AppData\Local\Packages
2014-02-13 10:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 10:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 07:49 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 07:48 . 2013-12-04 02:27 123392 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-13 07:48 . 2013-12-04 02:27 123392 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-13 07:48 . 2013-12-04 02:03 87040 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2014-02-13 07:48 . 2013-12-04 02:03 87040 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2014-02-13 07:48 . 2013-12-04 02:03 428032 ----a-w- c:\windows\SysWow64\secproc.dll
2014-02-13 07:48 . 2013-12-04 02:02 390144 ----a-w- c:\windows\SysWow64\msdrm.dll
2014-02-13 07:48 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 07:48 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 07:48 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 07:48 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 00:40 . 2012-07-30 00:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 00:40 . 2011-06-20 02:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 10:00 . 2010-07-28 03:47 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-19 04:09 . 2014-01-30 04:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 13:13 . 2010-07-28 02:21 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-11 00:48 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 00:40]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:26]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 06:26]
.
2014-03-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\
FF - ExtSQL: 2014-02-04 20:17; axjigf3io@vliymhmbjhffdt.org; c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\pqgcjuqg.default\extensions\axjigf3io@vliymhmbjhffdt.org
FF - ExtSQL: !HIDDEN! 2010-08-15 19:51; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{550A7B4E-3245-D49E-44D1-9A6AB70F0D0F} - c:\programdata\DocaSCConverTer\21VH3.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EB0033B6-A734-7BFF-72E7-A3910B2566B5} - c:\programdata\DocaSCConverTer\21VH3.exe
AddRemove-Gas Properties - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-11  19:43:52
ComboFix-quarantined-files.txt  2014-03-12 01:43
.
Pre-Run: 623,883,268,096 bytes free
Post-Run: 623,508,582,400 bytes free
.
- - End Of File - - 5DB2EC7766ECDD472EC35ADE24BA7899


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 11 March 2014 - 09:38 PM

there are still some signs of adware in the log, so please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 11 March 2014 - 11:00 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Home on Tue 03/11/2014 at 20:45:02.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311671120}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\5aSkPlay_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_frostwire_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Home\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\comcasttb"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\pqgcjuqg.default\prefs.js
 
user_pref("extensions.2K7W3jN.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if (window.self.location.protocol.indexOf('hxxp') > -1 
user_pref("extensions.ZjmL0.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"
user_pref("extensions.ad97261dea64c4758bc896d104d1c040ca4bb72fa00d947d7b6e43fdf0f261f92com36720.36720.internaldb.Resources_meta.value", "%7B%22CrossReader_16x16.png%22%3A%7B%2
user_pref("extensions.crossrider.bic", "144aeace4ff0021b576d90859172c9de");
user_pref("extensions.fpfFq.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"
user_pref("extensions.mK98Efbq.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf
Emptied folder: C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\pqgcjuqg.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 20:50:52.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

closed out of log on boot the first time, didn't know where it was saved,  but then found it after i ran Adwcleaner again.  Attached both logs.

Attached Files



#12 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 11 March 2014 - 11:03 PM

Also, computer is running fine. I'm using it remotely but you can tell it's way better and clean.  Parents say it's running fine as well.



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 11 March 2014 - 11:16 PM

lets do a sweep for leftovers,

please run the following:

Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 colt45

colt45
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 March 2014 - 12:04 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.12.13
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Home :: HOME-PC [administrator]
 
3/12/2014 7:46:23 PM
mbam-log-2014-03-12 (19-46-23).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245808
Time elapsed: 6 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790471B5765C5A32AD98 (Malware.Trace) -> Data:  -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 3
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_4quxwfsr3plqaxkkh45nrgvbjsjtw24m (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_4quxwfsr3plqaxkkh45nrgvbjsjtw24m\1.4.0.0 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
 
Files Detected: 12
C:\Users\Home\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\Chrome_Setup (1).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\Chrome_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\Player-Chrome.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\Setup (1).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Home\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_4quxwfsr3plqaxkkh45nrgvbjsjtw24m\1.4.0.0\user.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
 
(end)
 

Attached Files



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:04 PM

Posted 14 March 2014 - 11:21 AM

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\hkjndfemkilakgompcajoecgnomhjcjf\ly1Se.js
C:\Users\All Users\hkjndfemkilakgompcajoecgnomhjcjf\ly1Se.js	
C:\Users\Home\Downloads\ccsetup411.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z	
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z	
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[3].7z	
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z	
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[5].7z	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[3].7z	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z	
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[5].7z

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users