Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue proxy server keeps recurring


  • Please log in to reply
5 replies to this topic

#1 rpmaps

rpmaps

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 17 March 2014 - 07:44 PM

I have a rogue proxy server and numerous other virus/malware that keeps recurring.   I have used a number of malware fighting tools including malwarebytes, Hitman Pro, Gmer, etc....that tell me they are deleting the offending files and resetting the proxy, but upon reboot, they always return.   The detected items include:  Tuvaro, MyPC Backup, MySearchDial, Conduit, Rocketfish.   I attempted to run ComboxFix but it crashed the computer and never completed.   I am also unable to start the WIndows Defender Service.   Attached is the attach.log file from DDS along with a couple of Hitman Pro logs.  

 

THANK YOU

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Owner at 19:40:02 on 2014-03-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3493.2068 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mobile App Sync\D2MClient.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Mozy Sync\mozysync.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:49168;https=127.0.0.1:49168
uProxyOverride = <-loopback>
mURLSearchHooks: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInte.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInte.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
BHO: Trend Micro DirectPass BHO: {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - c:\program files\trend micro\tmids\PwmIEBHO32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: InternetHelper3.1 Toolbar: {07CBF788-1359-421B-A4E3-5A8D041B90A3} - c:\program files\internethelper3.1\prxtbInte.dll
TB: InternetHelper3.1 Toolbar: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - c:\program files\internethelper3.1\prxtbInte.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Trend Micro DirectPass ToolBar: {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - c:\program files\trend micro\tmids\PwmIEBHO32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileAppSync] "c:\program files\mobile app sync\D2MClient.exe"
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [BrowserSafeguard] c:\program files\browsersafeguard\Browsersafeguard.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [PwmConsole.exe] "c:\program files\trend micro\tmids\PwmConsole.exe" -s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozysy~1.lnk - c:\program files\mozy sync\mozysync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: americangreetings.com
Trusted Zone: americangreetings.com
Trusted Zone: trendmls.com
Trusted Zone: vistaprint.com
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{628126D8-9AB7-4C2B-AC0E-B42363A0CD28} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\p2r1c5ci.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-9-30 265256]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [2014-2-3 40736]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2014-2-3 83352]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2014-2-3 287256]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-3-17 106248]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-10-27 110752]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2014-1-20 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-12-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2014-3-12 47640]
R2 PwmSvc;Trend Micro DirectPass Central Control Service;c:\program files\trend micro\tmids\PwmSvc.exe [2014-3-13 231984]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-10-27 2656280]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-3-17 30976]
R3 kbfilter;kbfilter;c:\windows\system32\drivers\kbfilter.sys [2014-2-4 61728]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-10-27 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-1-23 61824]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-1-23 141568]
R3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
R3 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2014-2-3 85280]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2014-2-3 282272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-12 108032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-27 1343400]
.
=============== Created Last 30 ================
.
2014-03-17 23:39:55    30976    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-03-17 23:32:19    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-03-17 23:19:21    --------    d-----w-    c:\users\owner\appdata\local\CrashDumps
2014-03-17 23:19:07    98816    ----a-w-    c:\windows\sed.exe
2014-03-17 23:19:07    256000    ----a-w-    c:\windows\PEV.exe
2014-03-17 23:19:07    208896    ----a-w-    c:\windows\MBR.exe
2014-03-17 23:19:02    --------    d-s---w-    C:\ComboFix
2014-03-17 23:17:11    21528    ----a-w-    c:\windows\DCEBoot.exe
2014-03-17 23:12:28    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-03-17 22:59:01    331    ----a-w-    c:\users\owner\appdata\local\LMIR0001.tmp_r.bat
2014-03-17 14:11:07    --------    d-s---w-    c:\users\owner\Mozy Sync
2014-03-17 14:08:45    --------    d-----w-    c:\users\owner\appdata\local\mozysync
2014-03-17 14:08:39    --------    d-----w-    c:\program files\Mozy Sync
2014-03-14 23:10:52    55520    ----a-w-    c:\windows\system32\drivers\mozy.sys
2014-03-14 23:10:51    --------    d-----w-    c:\program files\MozyHome
2014-03-13 07:33:31    98    ----a-w-    C:\install.bat
2014-03-13 07:33:31    81    ----a-w-    C:\uninstall.bat
2014-03-13 07:33:31    61728    ----a-w-    C:\kbfilter.sys
2014-03-13 03:15:53    --------    d-----w-    c:\program files\HitmanPro
2014-03-13 03:14:48    --------    d-----w-    c:\programdata\HitmanPro
2014-03-13 03:10:27    --------    d-----w-    C:\btemp
2014-03-13 00:54:39    209432    ----a-w-    c:\windows\RegBootClean.exe
2014-03-13 00:30:20    --------    d-----w-    c:\users\owner\appdata\roaming\Malwarebytes
2014-03-13 00:30:05    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-13 00:30:03    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-13 00:30:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-03-13 00:14:44    --------    d-----w-    c:\users\owner\appdata\local\LogMeIn
2014-03-13 00:14:42    53064    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-03-13 00:14:42    31560    ----a-w-    c:\windows\system32\LMIport.dll
2014-03-13 00:14:41    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-03-13 00:14:41    47640    ----a-w-    c:\windows\system32\drivers\LMIRfsDriver.sys
2014-03-13 00:14:36    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2014-03-13 00:14:34    --------    d-----w-    c:\programdata\LogMeIn
2014-03-13 00:14:23    --------    d-----w-    c:\program files\LogMeIn
2014-03-09 18:48:55    --------    d-----w-    c:\program files\iPod
2014-03-09 18:48:54    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 18:48:54    --------    d-----w-    c:\program files\iTunes
2014-02-26 08:02:24    --------    d-----w-    c:\windows\Migration
2014-02-16 20:23:09    --------    d-----w-    c:\program files\Microsoft Mouse and Keyboard Center
.
==================== Find3M  ====================
.
2014-03-12 21:00:04    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 21:00:03    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-03 02:25:02    61728    ----a-w-    c:\windows\system32\drivers\kbfilter.sys
2014-03-01 04:11:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:22    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-02-03 21:21:02    59    ----a-w-    c:\windows\system32\SupportTool.exe.bat
2014-01-29 02:06:47    381440    ----a-w-    c:\windows\system32\wer.dll
2014-01-28 02:07:07    185344    ----a-w-    c:\windows\system32\wwansvc.dll
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-16 00:40:14    487016    ----a-w-    C:\SecurityScanner.dll
2014-01-06 19:23:36    4558848    ----a-w-    c:\windows\system32\GPhotos.scr
2013-12-24 23:09:41    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-21 08:56:47    454656    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-19 02:10:01    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 19:42:57.47 ===============

Attached File  attach.txt   8.62KB   2 downloads

Attached File  HitmanPro_20140312_2327a.log   481.6KB   3 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:32 AM

Posted 21 March 2014 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 rpmaps

rpmaps
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 22 March 2014 - 10:46 PM

Thank you for taking the time to respond.  I have followed the instructions listed above and have pasted the log files below as requested.   Everything seems to be working much better and the rogue proxy server has NOT returned.   However there are some new issues:   Graphics on some webpages (IE and Firefox) are not showing.  For example, the google doodle on google.com is a blank box.  I have verified that java is current as well as flash.

 

LOGS:

# AdwCleaner v3.022 - Report created 20/03/2014 at 23:31:15
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\Owner\AppData\Local\genienext
Folder Deleted : C:\Users\Owner\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Owner\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Owner\AppData\LocalLow\internethelper3.1
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p2r1c5ci.default\user.js
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7588A839-E8DB-4878-986D-A98C939B5D1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7588A839-E8DB-4878-986D-A98C939B5D1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4475245F-7B7A-480C-881F-58325A29D164}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4475245F-7B7A-480C-881F-58325A29D164}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39A21511-B9A0-450A-B60F-509D490B9487}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB314AF9-9412-4BF5-8E1A-6FB066A1BE7F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Deleted : HKLM\Software\InternetHelper3.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p2r1c5ci.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [6493 octets] - [20/03/2014 23:29:25]
AdwCleaner[S0].txt - [5395 octets] - [20/03/2014 23:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5455 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by Owner on Sat 03/22/2014 at 20:21:06.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\p2r1c5ci.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 20:22:52.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Owner (administrator) on OWNER-PC on 22-03-2014 20:25:35
Running from C:\btemp
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Mozy, Inc.) C:\Program Files\Mozy Sync\mozysync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9914984 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-01-23] (Renesas Electronics Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [PwmConsole.exe] - C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [1169968 2014-03-02] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-12-11] (LogMeIn, Inc.)
HKU\S-1-5-21-438400155-4225604506-638079935-1000\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-08] (Google Inc.)
HKU\S-1-5-21-438400155-4225604506-638079935-1000\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozy Sync.lnk
ShortcutTarget: Mozy Sync.lnk -> C:\Program Files\Mozy Sync\mozysync.exe (Mozy, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
BHO: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro DirectPass ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p2r1c5ci.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-30]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension [2014-02-05]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro DirectPass Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-02-04]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-30]

Chrome:
=======
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2014-02-03]
CHR Extension: (Trend Micro NSC Chrome Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj [2014-02-03]
CHR Extension: (KeyBar 1.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe [2013-10-17]
CHR Extension: (Trend Micro DirectPass) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkknaphebegndgimgdpfnconcickdfn [2014-02-04]
CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-10-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx [2014-02-05]
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - C:\Program Files\Trend Micro\AMSP\module\20004\ChromeExt\chromeextension\TmNSCChromeExt.crx [2014-02-03]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-02-14] (Intel Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-03-17] (SurfRight B.V.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54600 2013-12-11] (Mozy, Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [231984 2014-03-02] (Trend Micro Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2011-01-04] (Intel Corporation)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [61728 2014-03-02] (Trend Micro Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-01-23] (Intel Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [55520 2013-12-11] (Mozy, Inc.)
R0 mv91xx; C:\Windows\System32\DRIVERS\mv91xx.sys [265256 2010-09-30] (Marvell Semiconductor, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [61824 2011-01-23] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2011-01-23] (Renesas Electronics Corporation)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [102904 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [288840 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83352 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 20:25 - 2014-03-22 20:25 - 00000000 ____D () C:\FRST
2014-03-22 20:22 - 2014-03-22 20:22 - 00001141 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-22 20:21 - 2014-03-22 20:21 - 00000000 ____D () C:\Windows\ERUNT
2014-03-20 23:40 - 2014-03-21 19:03 - 00000635 _____ () C:\Windows\system32\Drivers\etc\tmsshf.bin
2014-03-20 23:29 - 2014-03-20 23:42 - 00000000 ____D () C:\AdwCleaner
2014-03-20 23:16 - 2013-12-18 22:10 - 00877480 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-03-20 23:16 - 2013-12-18 22:10 - 00800168 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-03-17 20:12 - 2014-03-17 20:12 - 00001893 _____ () C:\Users\Owner\Desktop\HitmanPro.lnk
2014-03-17 19:43 - 2014-03-17 19:43 - 00008827 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-17 19:43 - 2014-03-17 19:42 - 00019291 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-17 19:31 - 2014-03-17 19:32 - 00146328 _____ () C:\Windows\Minidump\031714-25474-01.dmp
2014-03-17 19:31 - 2014-03-17 19:31 - 372009786 _____ () C:\Windows\MEMORY.DMP
2014-03-17 19:31 - 2014-03-17 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 19:31 - 2014-03-17 19:31 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-03-17 19:30 - 2014-03-17 19:30 - 00000452 _____ () C:\Users\Owner\Desktop\catchme.log
2014-03-17 19:19 - 2014-03-17 19:30 - 00000000 ___SD () C:\ComboFix
2014-03-17 19:19 - 2014-03-17 19:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-03-17 19:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-17 19:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-17 19:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-17 19:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-17 19:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-17 19:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-17 19:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-17 19:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-17 19:18 - 2014-03-17 19:30 - 00000000 ____D () C:\Windows\erdnt
2014-03-17 19:18 - 2014-03-17 19:19 - 00000000 ____D () C:\Qoobox
2014-03-17 19:17 - 2014-03-17 19:17 - 05190594 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-03-17 19:17 - 2014-03-17 19:17 - 00021528 _____ () C:\Windows\DCEBoot.exe
2014-03-17 19:12 - 2014-03-17 19:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-17 19:02 - 2014-03-20 23:49 - 00002446 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-03-17 19:02 - 2014-03-17 19:02 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-03-17 13:20 - 2014-03-17 13:20 - 08775704 _____ () C:\Users\Owner\Downloads\mozy-sync.exe
2014-03-17 10:11 - 2014-03-17 10:11 - 00000000 ___SD () C:\Users\Owner\Mozy Sync
2014-03-17 10:08 - 2014-03-22 19:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\mozysync
2014-03-17 10:08 - 2014-03-17 10:08 - 00000000 ____D () C:\Program Files\Mozy Sync
2014-03-14 19:10 - 2014-03-14 19:10 - 00000000 ____D () C:\Program Files\MozyHome
2014-03-14 19:10 - 2013-12-11 13:14 - 00055520 _____ (Mozy, Inc.) C:\Windows\system32\Drivers\mozy.sys
2014-03-13 23:36 - 2014-03-13 23:36 - 00000412 _____ () C:\Windows\system32\.crusader
2014-03-13 23:24 - 2014-03-13 23:24 - 00000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-03-13 03:33 - 2014-03-02 22:25 - 00061728 _____ (Trend Micro Inc.) C:\kbfilter.sys
2014-03-13 03:33 - 2014-03-02 22:25 - 00007707 _____ () C:\kbfilter.cat
2014-03-13 03:33 - 2014-03-02 22:24 - 00000098 _____ () C:\install.bat
2014-03-13 03:33 - 2014-03-02 22:24 - 00000081 _____ () C:\uninstall.bat
2014-03-12 23:15 - 2014-03-17 19:04 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-12 23:14 - 2014-03-12 23:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-12 20:54 - 2014-03-20 23:40 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-12 20:30 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 20:29 - 2014-03-12 20:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 20:28 - 2014-02-14 18:17 - 00000426 _____ () C:\AVScanner.ini
2014-03-12 20:18 - 2014-03-12 20:18 - 00000020 ___SH () C:\Users\LogMeInRemoteUser\ntuser.ini
2014-03-12 20:18 - 2014-02-20 08:09 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Local\Google
2014-03-12 20:18 - 2012-06-28 03:02 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft Help
2014-03-12 20:18 - 2011-10-30 15:29 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Roaming\Macromedia
2014-03-12 20:18 - 2009-07-14 00:42 - 00000000 ___RD () C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-12 20:18 - 2009-07-14 00:37 - 00000000 ___RD () C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-12 20:14 - 2014-03-22 07:45 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-12 20:14 - 2014-03-12 20:14 - 00001024 _____ () C:\.rnd
2014-03-12 20:14 - 2014-03-12 20:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn
2014-03-12 20:14 - 2014-03-12 20:14 - 00000000 ____D () C:\Program Files\LogMeIn
2014-03-12 20:14 - 2014-01-20 13:34 - 00086888 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-03-12 20:14 - 2014-01-20 13:34 - 00085832 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-03-12 20:14 - 2014-01-20 13:34 - 00031560 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-03-12 20:14 - 2013-12-11 17:11 - 00047640 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-03-12 07:08 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 07:08 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 07:08 - 2014-03-01 00:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 07:08 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 07:08 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 07:08 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 07:08 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 07:08 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 07:08 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 07:08 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 07:08 - 2014-02-28 23:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 07:08 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 07:08 - 2014-02-28 23:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 07:08 - 2014-02-28 23:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 07:08 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 07:08 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 07:08 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 07:08 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 07:08 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 07:08 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 07:08 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 07:08 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 07:08 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 07:08 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 07:08 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:08 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:08 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-09 14:49 - 2014-03-09 14:49 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 14:48 - 2014-03-09 14:49 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 14:48 - 2014-03-09 14:49 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 14:48 - 2014-03-09 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-03-07 19:07 - 2014-03-07 19:07 - 00847808 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync(1).exe
2014-02-22 19:06 - 2014-02-22 19:06 - 00000000 ____D () C:\Users\Owner\Desktop\804 S 19th St
2014-02-21 18:03 - 2014-02-21 18:03 - 12745746 _____ () C:\Users\Owner\Documents\804 S 19th St.zip
2014-02-20 14:11 - 2014-02-20 14:11 - 144475266 _____ () C:\Users\Owner\Desktop\615 Fitzwater.mp4
2014-02-20 08:09 - 2014-02-20 08:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-20 08:09 - 2014-02-20 08:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

2014-03-22 20:25 - 2014-03-22 20:25 - 00000000 ____D () C:\FRST
2014-03-22 20:22 - 2014-03-22 20:22 - 00001141 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-03-22 20:21 - 2014-03-22 20:21 - 00000000 ____D () C:\Windows\ERUNT
2014-03-22 20:19 - 2012-06-27 19:23 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-03-22 20:05 - 2011-11-08 21:27 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-22 20:00 - 2012-04-14 09:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 19:55 - 2014-03-17 10:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\mozysync
2014-03-22 17:19 - 2011-10-27 17:13 - 01883180 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 13:05 - 2011-11-08 21:26 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-22 08:24 - 2013-12-11 13:14 - 00005440 _____ () C:\Windows\mozy.blk
2014-03-22 08:24 - 2013-12-11 13:14 - 00003170 _____ () C:\Windows\mozy.flt
2014-03-22 07:45 - 2014-03-12 20:14 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-21 22:29 - 2012-01-11 19:40 - 00000452 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2014-03-21 19:03 - 2014-03-20 23:40 - 00000635 _____ () C:\Windows\system32\Drivers\etc\tmsshf.bin
2014-03-21 06:32 - 2009-07-14 00:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 06:32 - 2009-07-14 00:34 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 06:23 - 2014-02-03 19:41 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-03-21 06:22 - 2014-02-03 13:26 - 00003890 _____ () C:\Windows\setupact.log
2014-03-21 06:22 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 23:49 - 2014-03-17 19:02 - 00002446 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-03-20 23:42 - 2014-03-20 23:29 - 00000000 ____D () C:\AdwCleaner
2014-03-20 23:40 - 2014-03-12 20:54 - 00209432 _____ () C:\Windows\RegBootClean.exe
2014-03-20 23:16 - 2014-02-14 22:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-20 23:16 - 2012-10-16 10:03 - 00000000 ____D () C:\Program Files\Java
2014-03-20 07:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-19 21:50 - 2014-02-10 17:48 - 00000000 ____D () C:\Users\Owner\Desktop\Maryellen - 615 Fitzwater
2014-03-19 03:03 - 2013-08-14 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2011-10-27 15:36 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 03:00 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-03-17 20:12 - 2014-03-17 20:12 - 00001893 _____ () C:\Users\Owner\Desktop\HitmanPro.lnk
2014-03-17 19:52 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-17 19:43 - 2014-03-17 19:43 - 00008827 _____ () C:\Users\Owner\Desktop\attach.txt
2014-03-17 19:42 - 2014-03-17 19:43 - 00019291 _____ () C:\Users\Owner\Desktop\dds.txt
2014-03-17 19:32 - 2014-03-17 19:31 - 00146328 _____ () C:\Windows\Minidump\031714-25474-01.dmp
2014-03-17 19:31 - 2014-03-17 19:31 - 372009786 _____ () C:\Windows\MEMORY.DMP
2014-03-17 19:31 - 2014-03-17 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-03-17 19:31 - 2014-03-17 19:31 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-03-17 19:31 - 2014-02-03 14:46 - 03372278 _____ () C:\Windows\PFRO.log
2014-03-17 19:30 - 2014-03-17 19:30 - 00000452 _____ () C:\Users\Owner\Desktop\catchme.log
2014-03-17 19:30 - 2014-03-17 19:19 - 00000000 ___SD () C:\ComboFix
2014-03-17 19:30 - 2014-03-17 19:19 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-03-17 19:30 - 2014-03-17 19:18 - 00000000 ____D () C:\Windows\erdnt
2014-03-17 19:29 - 2011-10-27 14:15 - 00000000 ____D () C:\Users\Owner
2014-03-17 19:19 - 2014-03-17 19:18 - 00000000 ____D () C:\Qoobox
2014-03-17 19:17 - 2014-03-17 19:17 - 05190594 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2014-03-17 19:17 - 2014-03-17 19:17 - 00021528 _____ () C:\Windows\DCEBoot.exe
2014-03-17 19:12 - 2014-03-17 19:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-17 19:04 - 2014-03-12 23:15 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-17 19:02 - 2014-03-17 19:02 - 00000000 ____D () C:\Users\Owner\Desktop\rkill
2014-03-17 13:20 - 2014-03-17 13:20 - 08775704 _____ () C:\Users\Owner\Downloads\mozy-sync.exe
2014-03-17 10:11 - 2014-03-17 10:11 - 00000000 ___SD () C:\Users\Owner\Mozy Sync
2014-03-17 10:08 - 2014-03-17 10:08 - 00000000 ____D () C:\Program Files\Mozy Sync
2014-03-17 07:36 - 2010-11-20 17:01 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 16:56 - 2011-10-29 08:52 - 00072704 _____ () C:\Users\Owner\Documents\Expenses for Mom.xls
2014-03-14 19:10 - 2014-03-14 19:10 - 00000000 ____D () C:\Program Files\MozyHome
2014-03-13 23:36 - 2014-03-13 23:36 - 00000412 _____ () C:\Windows\system32\.crusader
2014-03-13 23:24 - 2014-03-13 23:24 - 00000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-03-13 19:16 - 2014-02-03 17:20 - 00000718 __RSH () C:\ProgramData\ntuser.pol
2014-03-13 03:20 - 2014-02-03 14:46 - 00411584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:19 - 2012-04-14 09:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:03 - 2012-06-27 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 23:27 - 2014-03-12 23:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-12 23:04 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\PLA
2014-03-12 23:02 - 2014-01-10 18:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\1H1Q
2014-03-12 20:54 - 2014-02-03 17:20 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-03-12 20:54 - 2013-10-17 06:29 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_52331
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 20:30 - 2014-03-12 20:30 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-12 20:29 - 2014-03-12 20:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 20:18 - 2014-03-12 20:18 - 00000020 ___SH () C:\Users\LogMeInRemoteUser\ntuser.ini
2014-03-12 20:14 - 2014-03-12 20:14 - 00001024 _____ () C:\.rnd
2014-03-12 20:14 - 2014-03-12 20:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn
2014-03-12 20:14 - 2014-03-12 20:14 - 00000000 ____D () C:\Program Files\LogMeIn
2014-03-12 17:00 - 2012-04-14 09:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 17:00 - 2012-04-14 09:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 08:17 - 2011-10-29 08:52 - 00000000 ____D () C:\Users\Owner\Documents\My Scans
2014-03-09 14:49 - 2014-03-09 14:49 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-09 14:49 - 2014-03-09 14:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-09 14:49 - 2014-03-09 14:48 - 00000000 ____D () C:\Program Files\iTunes
2014-03-09 14:48 - 2014-03-09 14:48 - 00000000 ____D () C:\Program Files\iPod
2014-03-09 14:48 - 2011-10-29 21:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-07 19:07 - 2014-03-07 19:07 - 00847808 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync(1).exe
2014-03-04 22:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-02 22:25 - 2014-03-13 03:33 - 00061728 _____ (Trend Micro Inc.) C:\kbfilter.sys
2014-03-02 22:25 - 2014-03-13 03:33 - 00007707 _____ () C:\kbfilter.cat
2014-03-02 22:25 - 2014-02-04 18:56 - 00061728 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\kbfilter.sys
2014-03-02 22:24 - 2014-03-13 03:33 - 00000098 _____ () C:\install.bat
2014-03-02 22:24 - 2014-03-13 03:33 - 00000081 _____ () C:\uninstall.bat
2014-03-01 00:30 - 2014-03-12 07:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:11 - 2014-03-12 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:10 - 2014-03-12 07:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:52 - 2014-03-12 07:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 07:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 07:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:43 - 2014-03-12 07:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 07:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:40 - 2014-03-12 07:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:38 - 2014-03-12 07:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:38 - 2014-03-12 07:08 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:37 - 2014-03-12 07:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:31 - 2014-03-12 07:08 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:25 - 2014-03-12 07:08 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:16 - 2014-03-12 07:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:14 - 2014-03-12 07:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:03 - 2014-03-12 07:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 07:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 07:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:32 - 2014-03-12 07:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:27 - 2014-03-12 07:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:25 - 2014-03-12 07:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-22 19:06 - 2014-02-22 19:06 - 00000000 ____D () C:\Users\Owner\Desktop\804 S 19th St
2014-02-21 18:03 - 2014-02-21 18:03 - 12745746 _____ () C:\Users\Owner\Documents\804 S 19th St.zip
2014-02-20 14:11 - 2014-02-20 14:11 - 144475266 _____ () C:\Users\Owner\Desktop\615 Fitzwater.mp4
2014-02-20 08:09 - 2014-03-12 20:18 - 00000000 ____D () C:\Users\LogMeInRemoteUser\AppData\Local\Google
2014-02-20 08:09 - 2014-02-20 08:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-20 08:09 - 2014-02-20 08:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\catchme.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 07:44

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Owner at 2014-03-22 20:25:52
Running from C:\btemp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C7200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C7200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon PowerShot S110 Camera User Guide (HKLM\...\CameraUserGuide-PSS110) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.10.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel® Network Connections 15.7.176.0 (Version: 15.7.176.0 - Intel) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn (HKLM\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
marvell 91xx driver (HKLM\...\MagniDriver) (Version: 1.0.0.1047 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozy Sync (HKLM\...\{1996E34F-8A17-49D9-8735-FE80AEED58A4}) (Version: 1.1.0.3720 - Mozy, Inc)
MozyHome (HKLM\...\{78008C07-1C52-CA58-B449-6DE9ACF8B873}) (Version: 2.24.2.360 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Quicken 2012 (HKLM\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trend Micro DirectPass (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.8.0.1074 - Trend Micro Inc.)
Trend Micro DirectPass (Version: 1.8.0.1059 - Trend Micro Inc.) Hidden
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
TSR Watermark Image software version 2.4.2.2 (HKLM\...\TSR Watermark Image_is1) (Version:  - )
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VCRT for DirectPass x86 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Restore Points  =========================

13-03-2014 03:25:52 Pre Hitman Pro Clean
13-03-2014 07:00:23 Windows Update
14-03-2014 13:15:09 Windows Backup
14-03-2014 23:10:25 Installed MozyHome
17-03-2014 10:44:50 Windows Backup
17-03-2014 14:08:21 Installed Mozy Sync
19-03-2014 07:00:24 Windows Update
21-03-2014 03:15:56 Removed Java™ 6 Update 37

==================== Hosts content: ==========================

2009-07-13 22:04 - 2014-03-17 19:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
                           

==================== Scheduled Tasks (whitelisted) =============

Task: {0898221C-8928-4CF4-9F13-7A10132A6764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-08] (Google Inc.)
Task: {2A91B2EC-7DFC-41C5-9D33-6B903CF92E95} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CA8DCA-2F80-42B1-91CB-1C9F9ABFACDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5C4163D0-3FF0-439F-827D-BD4299F38E83} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {668ACEDD-0AD8-440D-91AC-C67AE40C1EE8} - System32\Tasks\Total Domination => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=9372&amp;adPixel=iron-source&amp;publisherId=1_-1_1053_1054&amp;ClickId=0EtDyCzyzyyD0FyEtCyC0A0E0FtA0DyD --app-window-size=1280,1024
Task: {7A8DECA2-2BE9-4160-B011-AE75BB798DC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-08] (Google Inc.)
Task: {A19477D7-CA14-42A5-995F-831F6B662FC1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {AA813BDC-273F-4619-8C6A-C848B824F6AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {BC6E2282-9CA6-4A1F-A51E-5F0F89C488DB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BE9602D0-4F41-4AD5-B00C-0B7C3BE7A07F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E31C3FED-49A2-4191-BCD3-0E419D7CC2A6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {EAB5DABD-F0AD-4864-83F0-C0DCE6857FFF} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-08-27] (Trend Micro Inc.)
Task: {FA881BE5-D13A-470D-901F-319E4458C211} - System32\Tasks\Total Domination t => Chrome.exe --app=http://totaldomination.com/en/landing/lp5_1?adCampaign=9372&amp;adPixel=iron-source&amp;publisherId=1_-1_1053_1054&amp;ClickId=0EtDyCzyzyyD0FyEtCyC0A0E0FtA0DyD --app-window-size=1280,1024
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-03 17:20 - 2013-01-15 21:50 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-02-03 17:20 - 2013-04-02 00:25 - 00543744 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-02-03 17:20 - 2013-01-15 21:55 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-02-03 17:20 - 2012-12-18 16:04 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-02-03 17:20 - 2013-01-15 21:50 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-02-03 16:43 - 2013-07-23 11:28 - 00179872 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-27 14:19 - 2011-01-23 23:05 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-02-03 17:33 - 2013-12-18 09:33 - 00047784 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2014-03-21 06:23 - 2014-03-21 06:23 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32api.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\pywintypes27.dll
2014-03-21 06:23 - 2014-03-21 06:23 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\pythoncom27.dll
2014-03-21 06:23 - 2014-03-21 06:23 - 00044032 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_socket.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 01157120 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_ssl.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32com.shell.shell.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00712192 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_hashlib.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._core_.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._gdi_.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._windows_.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._controls_.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._misc_.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_elementtree.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\pyexpat.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\pysqlite2._sqlite.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00087040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_ctypes.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32file.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32security.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32event.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32inet.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._wizard.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\wx._html2.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00026624 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\_multiprocessing.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\select.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32pipe.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\unicodedata.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32pdh.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\windows._lib_cacheinvalidation.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32crypt.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32process.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32profile.pyd
2014-03-21 06:23 - 2014-03-21 06:23 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI18562\win32ts.pyd
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-02-03 16:43 - 2013-07-23 11:28 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2014-02-03 16:43 - 2013-07-23 11:28 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: MobileAppSync => "C:\Program Files\Mobile App Sync\D2MClient.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 3493.38 MB
Available physical RAM: 2211.08 MB
Total Pagefile: 6985.04 MB
Available Pagefile: 5229.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:408.19 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:188.55 GB) NTFS
Drive h: () (Fixed) (Total:298.09 GB) (Free:58.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 96AA96AA)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA81A203)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 92F38987)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:32 AM

Posted 23 March 2014 - 08:16 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\...\Run: [] - [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchProvider: Mysearchdial
CHR Extension: (KeyBar 1.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe [2013-10-17]
CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U2 TMAgent

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally.
====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know of any remaining problems.

#5 rpmaps

rpmaps
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 23 March 2014 - 07:41 PM

So far...so good.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Owner at 2014-03-23 20:31:24 Run:1
Running from C:\btemp\fix
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

HKLM\...\Run: [] - [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchProvider: Mysearchdial
CHR Extension: (KeyBar 1.12) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe [2013-10-17]
CHR Extension: (InternetHelper3.1) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-10-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U2 TMAgent

end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe => Moved successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
RimUsb => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Titanium Maximum Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro TMIDS PwmSvc.exe  
 Trend Micro TMIDS PwmConsole.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:32 AM

Posted 24 March 2014 - 07:18 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>



CHR DefaultSearchProvider: Mysearchdial ==> The Chrome "Settings" can be used to fix the entry.


Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users