Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman pro showing proxy errors.


  • Please log in to reply
8 replies to this topic

#1 Sandman72

Sandman72

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 20 May 2014 - 02:54 PM

I got a hold of some nasty software, it loaded like 9 programs on my computer. I have gotten rid of all them and everything seems normal except I get this error message everytime I restart my computer.

 

Repairs _____________________________________________________________________

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118

   Proxy server on this computer (User)
   127.0.0.1:8118



[/code]

 

I could use help badly please. Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by R.Wetzel at 15:46:03 on 2014-05-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.8231 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\vds.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\R.Wetzel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\DFX\DFX.exe
C:\Program Files (x86)\Adblock Pro\abpmain.exe
C:\Program Files (x86)\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HitmanPro\HitmanPro.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1400024506&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427ac946&q={searchTerms}
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1400024506&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427ac946&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [uTorrent] "C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [HP Officejet 7500 E910 (NET)] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY08N1108G05P5:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
uRun: [HP Officejet 7500 E910 (NET) #2] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY089110HG05P5:NW" -scfn "HP Officejet 7500 E910 (NET) #2" -AutoStart 1
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [GoogleChromeAutoLaunch_672C35D5E13CAE70ECD25920523DFD3B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DFX] C:\Program Files (x86)\DFX\DFX.exe -startup
mRun: [adblock pro] C:\Program Files (x86)\Adblock Pro\abpmain.exe -m
mRun: [NUSB3MON] "C:\Program Files (x86)\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
StartupFolder: C:\Users\R8723~1.WET\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\R.Wetzel\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\R8723~1.WET\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: mightytext.net
Trusted Zone: turbotax.com
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BC5D0308-0A67-49B4-9AFF-ECFAC9FB034D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E592E48B-66D0-4526-97C0-8EB5AA906A96} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E592E48B-66D0-4526-97C0-8EB5AA906A96}\14355535 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - C:\Program Files (x86)\Glary Utilities 4\procmgr.exe
x64-mStart Page = hxxp://www.google.com
x64-mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1400024506&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427ac946&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-IFEO: taskmgr.exe - C:\Program Files (x86)\Glary Utilities 4\procmgr.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll
FF - plugin: C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll
FF - plugin: C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll
FF - plugin: C:\Users\R8723~1.WET\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_191.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_101.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2014-5-2 61000]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2014-5-2 48200]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2012-7-6 183144]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-5-11 70296]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-20 49952]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-12-15 30752]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2014-5-2 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2014-5-2 189000]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177648]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2014-5-2 36936]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2014-5-2 23624]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-2-19 127752]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-24 88280]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-24 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-24 857912]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [2014-5-13 18944]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-29 919768]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2013-2-21 33888]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-8-29 28008]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-15 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-24 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-24 63192]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2013-1-21 398816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-11-5 13243608]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2013-6-5 47160]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2013-2-21 33888]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-2-24 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-2-24 9800]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2013-4-5 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-11 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-1-16 31800]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-2-19 13184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-14 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-11 1255736]
S4 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-9-2 87368]
.
=============== Created Last 30 ================
.
2014-05-20 07:06:33    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-20 07:06:33    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-20 02:36:35    --------    d-----w-    C:\Users\R.Wetzel\dwhelper
2014-05-19 22:48:51    --------    d-----w-    C:\Program Files (x86)\trend micro
2014-05-19 10:34:57    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7EE3BC1C-7127-4F0B-920E-0B811BF75633}\gapaengine.dll
2014-05-19 10:34:33    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CFECC34-EA41-4BA9-A529-B92ED158653C}\mpengine.dll
2014-05-19 10:20:16    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-19 03:20:40    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-05-15 21:52:06    --------    d-----w-    C:\Users\R.Wetzel\AppData\Local\uTorrent
2014-05-14 07:38:41    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-13 23:46:59    --------    d-----w-    C:\Program Files (x86)\KeyDownload
2014-05-13 23:46:57    --------    d-----w-    C:\Users\R.Wetzel\AppData\Local\Downloaded Installations
2014-05-13 23:46:35    --------    d-----w-    C:\Program Files (x86)\Optimizer Pro
2014-05-13 23:45:33    --------    d-----w-    C:\Program Files (x86)\SearchProtect
2014-05-13 23:42:48    --------    d-----w-    C:\Users\R.Wetzel\AppData\Roaming\SupTab
2014-05-13 23:42:47    --------    d-----w-    C:\ProgramData\IePluginServices
2014-05-13 23:42:25    --------    d-----w-    C:\Users\R.Wetzel\AppData\Roaming\v9
2014-05-13 23:41:26    --------    d-----w-    C:\Windows\Microsoft
2014-05-13 23:41:15    --------    d-----w-    C:\Program Files (x86)\MSR
2014-05-13 23:09:08    --------    d-----w-    C:\Program Files (x86)\SlySoft
2014-05-12 00:54:10    67224    ----a-w-    C:\Windows\System32\vsocklib.dll
2014-05-12 00:54:10    63128    ----a-w-    C:\Windows\SysWow64\vsocklib.dll
2014-05-12 00:54:09    70296    ----a-w-    C:\Windows\System32\drivers\vsock.sys
2014-05-12 00:54:07    68312    ----a-w-    C:\Windows\System32\drivers\vmx86.sys
2014-05-12 00:53:39    358104    ----a-w-    C:\Windows\SysWow64\vmnetdhcp.exe
2014-05-12 00:53:36    437464    ----a-w-    C:\Windows\SysWow64\vmnat.exe
2014-05-12 00:53:35    31448    ----a-w-    C:\Windows\System32\drivers\vmnetuserif.sys
2014-05-12 00:53:30    934616    ----a-w-    C:\Windows\System32\vnetlib64.dll
2014-05-12 00:53:26    53976    ----a-w-    C:\Windows\System32\drivers\hcmon.sys
2014-05-12 00:53:16    --------    d-----w-    C:\Program Files\Common Files\VMware
2014-05-12 00:52:46    --------    d-----w-    C:\Program Files (x86)\Common Files\VMware
2014-05-12 00:42:09    --------    d-----w-    C:\Users\R.Wetzel\AppData\Local\VMware
2014-05-12 00:36:33    --------    d-----r-    C:\Users\R.Wetzel\Virtual Machines
2014-05-12 00:23:36    3584    ----a-w-    C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
2014-05-11 01:29:06    --------    d-sh--w-    C:\BOOT
2014-05-10 23:31:14    --------    d-----w-    C:\DriveKey
2014-05-10 21:02:20    7155864    ----a-w-    C:\Program Files (x86)\NGhost10.msi
2014-05-10 21:02:20    4588454    ----a-w-    C:\Program Files (x86)\setup.exe
2014-05-10 21:02:17    --------    d-----w-    C:\Program Files (x86)\Support
2014-05-10 21:02:17    --------    d-----w-    C:\Program Files (x86)\Driver Validation
2014-05-10 19:16:55    --------    d-----w-    C:\Users\R.Wetzel\AppData\Roaming\Symantec
2014-05-10 18:19:54    --------    d-----w-    C:\ProgramData\Symantec Shared
2014-05-09 23:37:31    9000    ----a-w-    C:\Windows\System32\elevtmsg.dll
2014-05-07 22:13:01    0    ----a-w-    C:\Windows\SysWow64\FAPE212.tmp
2014-05-07 22:12:51    0    ----a-w-    C:\Windows\SysWow64\FAPBBFA.tmp
2014-05-07 22:12:43    0    ----a-w-    C:\Windows\SysWow64\FAP9BCB.tmp
2014-05-07 22:12:39    0    ----a-w-    C:\Windows\SysWow64\FAP8AA9.tmp
2014-05-07 22:12:37    0    ----a-w-    C:\Windows\SysWow64\FAP852B.tmp
2014-05-07 22:08:13    0    ----a-w-    C:\Windows\SysWow64\FAP7C72.tmp
2014-05-06 07:00:54    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-05-02 21:59:14    189000    ----a-w-    C:\Windows\System32\drivers\EuFdDisk.sys
2014-05-02 21:59:13    18504    ----a-w-    C:\Windows\System32\drivers\eudskacs.sys
2014-05-02 21:59:12    61000    ----a-w-    C:\Windows\System32\drivers\eubakup.sys
2014-05-02 21:59:11    48200    ----a-w-    C:\Windows\System32\drivers\EUBKMON.sys
2014-05-02 21:56:33    24136    ----a-w-    C:\Windows\System32\fbnative.exe
2014-05-01 00:09:48    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2014-04-26 20:12:11    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-21 22:28:43    --------    d-----w-    C:\Program Files (x86)\Element Software
2014-04-21 22:14:04    --------    d-sh--w-    C:\Users\R.Wetzel\AppData\Local\EmieUserList
2014-04-21 22:14:04    --------    d-sh--w-    C:\Users\R.Wetzel\AppData\Local\EmieSiteList
.
==================== Find3M  ====================
.
2014-05-20 19:30:47    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-14 16:59:22    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:59:22    698032    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-03 22:31:55    0    ----a-w-    C:\Windows\SysWow64\FAP922A.tmp
2014-04-03 13:51:16    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-03 13:51:04    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 13:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-02 00:05:52    659440    ----a-w-    C:\Windows\couponprinter_x64.ocx
2014-04-02 00:05:52    444912    ----a-w-    C:\Windows\CouponPrinter.ocx
2014-04-01 08:03:54    118048    ----a-w-    C:\Windows\System32\BootDefrag.exe
2014-04-01 02:46:48    130712    ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 02:46:48    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-25 21:33:20    972432    ----a-w-    C:\Windows\boinc.scr
2014-03-21 03:30:12    49952    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-03-11 13:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01    5550016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20    39936    ----a-w-    C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-03-04 09:44:03    722944    ----a-w-    C:\Windows\System32\objsel.dll
2014-03-04 09:44:03    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56    57344    ----a-w-    C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56    52736    ----a-w-    C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56    44544    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-03-04 09:43:55    56832    ----a-w-    C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55    53760    ----a-w-    C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-20 01:56:09    13184    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
.
============= FINISH: 15:46:58.68 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 23 May 2014 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Sandman72

Sandman72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 23 May 2014 - 05:24 PM

Hello and Thanks for the Reply:

 

I ran the first tool as instructed and after reboot hitman pro is still showing that proxy error. Here are the other reports.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-05-2014
Ran by R.Wetzel (administrator) on RWETZEL-DESKTOP on 23-05-2014 18:18:53
Running from C:\Users\R.Wetzel\Desktop\Help
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(BitTorrent Inc.) C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Dropbox, Inc.) C:\Users\R.Wetzel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Adblock Pro Team) C:\Program Files (x86)\Adblock Pro\abpmain.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\dfxItunesSong.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-12-24] (Broadcom Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1131880 2013-01-10] ()
HKLM-x32\...\Run: [adblock pro] => C:\Program Files (x86)\Adblock Pro\abpmain.exe [372736 2010-06-28] (Adblock Pro Team)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-02-03] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [105176 2013-11-05] (VMware, Inc.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [uTorrent] => C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-08] (BitTorrent Inc.)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [HP Officejet 7500 E910 (NET) #2] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-04-13] (Siber Systems)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [GoogleChromeAutoLaunch_672C35D5E13CAE70ECD25920523DFD3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-05-14] (Glarysoft Ltd)
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {7081b626-a278-11e2-bebc-005056c00008} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {90f910da-3e8c-11e3-a95d-005056c00008} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {d7919c92-9b40-11e2-baf0-005056c00008} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {d7919e19-9b40-11e2-baf0-005056c00008} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {d7919e39-9b40-11e2-baf0-005056c00008} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {f1a7b5cb-9f1d-11e2-9523-005056c00008} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\MountPoints2: {f1a7b679-9f1d-11e2-9523-005056c00008} - J:\HTC_Sync_Manager_PC.exe
IFEO\taskmgr.exe: [Debugger] C:\Program Files (x86)\Glary Utilities 4\procmgr.exe
Startup: C:\Users\R.Wetzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\R.Wetzel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\R.Wetzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DBA94993BF0CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {AB591BD7-0870-4C58-968F-36D806E99268} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {B3A9036A-6803-467D-82CD-82EEB60C2C05} URL = https://www.google.com/search?q={searchTerms}
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_111.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_111.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @siber.com/RoboForm - C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\R8723~1.WET\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\Extensions\fvdmedia@gmail.com [2014-05-17]
FF Extension: OpenDownload² - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2014-05-13]
FF Extension: DownloadHelper - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-13]
FF Extension: Super Hide IP - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\Extensions\support@superhideip.com.xpi [2014-05-15]
FF Extension: Adblock Plus - C:\Users\R.Wetzel\AppData\Roaming\Mozilla\Firefox\Profiles\0nkm5ge9.default-1400028006179\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-09-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.v9.com/?type=hppp&ts=1400024578&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427acc15"
CHR Extension: (Entanglement Web App) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-05-19]
CHR Extension: (Bejeweled) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-05-23]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-19]
CHR Extension: (Angry Birds) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-05-19]
CHR Extension: (Google Drive) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Turn Off the Lights) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-05-19]
CHR Extension: (YouTube) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Bypass Surveys) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg [2014-05-19]
CHR Extension: (Google Search) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19]
CHR Extension: (Email this page (by Google)) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-05-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-05-19]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-05-19]
CHR Extension: (Email Links to AOL) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcadifkpdbijeglmohgekenjebegnnkn [2014-05-19]
CHR Extension: (Google Finance) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2014-05-19]
CHR Extension: (Full Screen Weather) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-05-19]
CHR Extension: (Planetarium) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-05-19]
CHR Extension: (Save to Google Drive) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-05-19]
CHR Extension: (Unblock Sites (Ad Free Proxy)) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohbopcmfdjomkmighlcflfjoleafmgj [2014-05-19]
CHR Extension: (Fast Search for eBay) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdilejbabibpfcgmpeflocbnkeckdfn [2014-05-19]
CHR Extension: (Tabs to the Front) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2014-05-19]
CHR Extension: (SuperSorter) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2014-05-19]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-05-19]
CHR Extension: (Social Fixer for Facebook) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-05-19]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-05-19]
CHR Extension: (Dropbox) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-05-19]
CHR Extension: (Hide My IP) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnmpocejjlgiphmihpepbbfpfohgpgo [2014-05-19]
CHR Extension: (Speed Dial 2) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-05-19]
CHR Extension: (Facebook Fast Delete Messages) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmpnhheahecaojonebajllddfhpilan [2014-05-19]
CHR Extension: (I hate your favicon) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laggbmpbikikiablknnppgglelkncemk [2014-05-19]
CHR Extension: (Beautify FB) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldngjhkgckijklngngononnejmadojce [2014-05-19]
CHR Extension: (Clickable Links) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-05-19]
CHR Extension: (Poppit) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-05-19]
CHR Extension: (Download Master) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-05-19]
CHR Extension: (Google Wallet) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14]
CHR Extension: (Hover Zoom) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-05-19]
CHR Extension: (Adblock Pro) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-05-19]
CHR Extension: (Gmail) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19]
CHR Extension: (RoboForm) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-14]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\R8723~1.WET\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-11]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-02-19] (SurfRight B.V.)
S2 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [403536 2010-10-26] (Logitech, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13243608 2013-11-05] ()
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5836800 2013-12-24] (Broadcom Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S3 AmdTools64; C:\Windows\System32\DRIVERS\AmdTools64.sys [47160 2008-04-28] (AMD, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [142424 2013-05-19] (SlySoft, Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-14] (Glarysoft Ltd)
R0 BootDefragDriver; C:\Windows\SysWOW64\drivers\BootDefragDriver.sys [16640 2013-04-24] (<Glarysoft Ltd>)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-08-29] (Windows ® Win 7 DDK provider)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-20] (Glarysoft Ltd)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [183144 2012-05-23] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 Si3114r5; C:\Windows\System32\DRIVERS\Si3114r5.sys [329256 2008-11-24] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2008-11-24] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2008-11-24] (Silicon Image, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13184 2014-02-19] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 18:02 - 2014-05-23 18:02 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-23 18:01 - 2014-05-23 18:01 - 00000306 _____ () C:\Windows\PFRO.log
2014-05-23 17:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 17:55 - 2014-05-23 17:58 - 00000000 ____D () C:\AdwCleaner
2014-05-23 17:54 - 2014-05-23 18:18 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Help
2014-05-22 01:02 - 2014-05-22 01:02 - 00276640 _____ () C:\Windows\Minidump\052214-35646-01.dmp
2014-05-21 20:40 - 2014-05-21 20:40 - 00000000 ____D () C:\Users\R.Wetzel\Documents\TurboTax
2014-05-21 20:25 - 2014-05-21 20:26 - 218453357 _____ () C:\Users\R.Wetzel\Downloads\cm-11-20140520-NIGHTLY-evita.zip
2014-05-21 20:24 - 2014-05-21 20:28 - 664514155 _____ (Acresso Software Inc.) C:\Users\R.Wetzel\Downloads\RUU_EVITA_UL_JB_45_S_Cingular_US_3.18.502.6_Radio_0.24p.32.09.06_10.130.32.34_release_signed_With_Partial.exe
2014-05-21 20:17 - 2014-05-21 20:19 - 207408276 _____ () C:\Users\R.Wetzel\Downloads\pac_evita-nightly-20140519.zip
2014-05-21 15:19 - 2014-05-21 15:19 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\dvdcss
2014-05-21 04:07 - 2014-05-21 04:07 - 00272568 _____ () C:\Windows\Minidump\052114-59420-01.dmp
2014-05-21 02:39 - 2014-05-21 02:39 - 00272568 _____ () C:\Windows\Minidump\052114-25178-01.dmp
2014-05-21 02:19 - 2014-05-21 02:19 - 00439744 _____ () C:\Windows\Minidump\052114-32448-01.dmp
2014-05-21 02:10 - 2014-05-21 02:10 - 00276696 _____ () C:\Windows\Minidump\052114-26551-01.dmp
2014-05-21 01:11 - 2014-05-21 01:11 - 00276696 _____ () C:\Windows\Minidump\052114-26832-01.dmp
2014-05-21 00:32 - 2014-05-21 00:32 - 00276696 _____ () C:\Windows\Minidump\052114-28782-01.dmp
2014-05-20 23:38 - 2014-05-20 23:38 - 00276696 _____ () C:\Windows\Minidump\052014-36395-01.dmp
2014-05-20 23:13 - 2014-05-20 23:13 - 00276696 _____ () C:\Windows\Minidump\052014-36956-01.dmp
2014-05-20 22:48 - 2014-05-20 22:48 - 00276696 _____ () C:\Windows\Minidump\052014-36348-01.dmp
2014-05-20 22:23 - 2014-05-23 18:01 - 00001536 _____ () C:\Windows\setupact.log
2014-05-20 22:23 - 2014-05-20 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 22:22 - 2014-05-20 22:23 - 00276696 _____ () C:\Windows\Minidump\052014-35771-01.dmp
2014-05-20 21:52 - 2014-05-20 21:52 - 00001052 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-20 21:52 - 2014-05-20 21:52 - 00001040 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-20 21:52 - 2014-05-20 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-20 21:51 - 2014-05-23 18:03 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-20 21:51 - 2014-05-20 21:52 - 00002992 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-05-20 21:51 - 2014-05-20 21:52 - 00002654 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-20 21:51 - 2014-05-20 21:51 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-20 21:51 - 2014-05-14 03:02 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-05-20 20:32 - 2014-05-20 20:32 - 00035574 _____ () C:\Users\R.Wetzel\Downloads\240ED5CC0D9A3789B64F30F8BE4E9D3348C8792C.torrent
2014-05-20 20:04 - 2014-05-20 20:04 - 00531991 _____ () C:\Users\R.Wetzel\Downloads\quot; P90X2 Deluxe 2011 DVDRip with Docs [13 Disks] quot; [2261626].torrent
2014-05-20 16:00 - 2014-05-20 16:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 15:59 - 2014-05-20 15:59 - 01016261 _____ (Thisisu) C:\Users\R.Wetzel\Downloads\Junkware Removal Tool.exe
2014-05-20 15:58 - 2014-05-23 18:18 - 00000000 ____D () C:\FRST
2014-05-20 15:48 - 2014-05-20 15:48 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Bleeping Help
2014-05-20 15:47 - 2014-05-20 15:47 - 00001549 _____ () C:\Users\R.Wetzel\Desktop\attach.txt
2014-05-20 15:47 - 2014-05-20 15:46 - 00033826 _____ () C:\Users\R.Wetzel\Desktop\dds.txt
2014-05-20 15:45 - 2014-05-20 15:45 - 00688992 ____R (Swearware) C:\Users\R.Wetzel\Downloads\dds.com
2014-05-20 03:06 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-20 03:06 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-20 03:06 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-20 03:06 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-20 03:06 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-20 03:06 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 22:36 - 2014-05-19 22:38 - 00000000 ____D () C:\Users\R.Wetzel\dwhelper
2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Users\R.Wetzel\Documents\AnyDVDHD
2014-05-19 18:48 - 2014-05-19 18:48 - 00000000 ____D () C:\rsit
2014-05-19 18:48 - 2014-05-19 18:48 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-05-19 18:42 - 2014-05-19 18:48 - 00000000 ____D () C:\Users\R.Wetzel\Downloads\hijackthis_sfx
2014-05-19 18:32 - 2014-05-19 18:33 - 00000000 ____D () C:\Users\R.Wetzel\Downloads\HelpAsst_mebroot_fix
2014-05-19 18:24 - 2014-05-19 18:24 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 18:24 - 2014-05-19 18:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-19 18:23 - 2014-05-19 18:23 - 00282928 _____ (Mozilla) C:\Users\R.Wetzel\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-19 06:32 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 06:32 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 06:32 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 06:32 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 06:32 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 06:32 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 06:32 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 06:32 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 06:32 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 06:32 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 06:32 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 06:32 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 06:32 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 06:32 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 06:32 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 06:32 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 06:32 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 06:32 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 06:32 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 06:32 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 06:32 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 06:32 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 06:32 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-18 23:30 - 2014-05-18 23:30 - 00032768 _____ () C:\Windows\system32\config\sam.gu
2014-05-18 23:29 - 2014-05-18 23:29 - 00024576 _____ () C:\Windows\system32\config\security.gu
2014-05-18 23:20 - 2014-05-23 18:03 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-18 22:30 - 2014-05-18 22:33 - 182517518 _____ () C:\Users\R.Wetzel\Downloads\KarbonKat-v1.0-11-20140517-1751-evita.zip
2014-05-18 15:03 - 2014-05-18 15:03 - 14190726 _____ () C:\Users\R.Wetzel\Downloads\Asian Crisis Hotline Prank Call HILARIOUS! - OwnagePranks.mp4
2014-05-17 14:28 - 2014-05-17 14:32 - 198317890 _____ () C:\Users\R.Wetzel\Downloads\cm-10.2.1-evita.zip
2014-05-17 14:27 - 2014-05-17 14:32 - 218447754 _____ () C:\Users\R.Wetzel\Downloads\cm-11-20140517-NIGHTLY-evita.zip
2014-05-17 14:23 - 2014-05-17 14:25 - 207486251 _____ () C:\Users\R.Wetzel\Downloads\pac_evita-nightly-20140517.zip
2014-05-16 22:26 - 2014-05-22 21:21 - 00000000 ____D () C:\Users\R.Wetzel\Documents\ConvertXtoDVD
2014-05-16 20:38 - 2014-05-19 10:05 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\driver
2014-05-15 21:56 - 2014-05-22 18:59 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\vlc
2014-05-15 17:52 - 2014-05-15 17:52 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\uTorrent
2014-05-14 22:10 - 2014-05-21 04:20 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 22:10 - 2014-05-19 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 21:43 - 2014-05-19 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-05-14 03:38 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 22:18 - 2014-05-13 22:18 - 02077392 _____ (Microsoft Corporation) C:\Users\R.Wetzel\Downloads\IE11-Windows6.1.exe
2014-05-13 21:11 - 2014-05-13 21:11 - 00662016 _____ () C:\Users\R.Wetzel\Downloads\MicrosoftFixit50566.msi
2014-05-13 19:46 - 2014-05-13 20:28 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\Downloaded Installations
2014-05-13 19:46 - 2014-05-13 19:48 - 00030060 _____ () C:\KDLogMsg.out
2014-05-13 19:09 - 2014-05-13 19:09 - 00001073 _____ () C:\Users\Public\Desktop\CloneCD.lnk
2014-05-13 19:09 - 2014-05-13 19:09 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-05-13 18:00 - 2014-05-22 01:02 - 867313958 _____ () C:\Windows\MEMORY.DMP
2014-05-13 06:12 - 2014-05-13 06:15 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\FlashDrive Files 2
2014-05-11 20:54 - 2013-11-05 22:05 - 00068312 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-05-11 20:54 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-05-11 20:54 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-05-11 20:54 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-05-11 20:53 - 2014-05-11 20:53 - 00002087 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2014-05-11 20:53 - 2014-05-11 20:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-11 20:53 - 2013-11-05 22:06 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-05-11 20:53 - 2013-11-05 22:05 - 00934616 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-05-11 20:53 - 2013-11-05 22:05 - 00437464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-05-11 20:53 - 2013-11-05 22:05 - 00358104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-05-11 20:53 - 2013-10-29 11:18 - 00053976 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-05-11 20:52 - 2014-05-11 20:52 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-05-11 20:42 - 2014-05-12 15:33 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\VMware
2014-05-11 20:36 - 2014-05-20 03:28 - 00000000 ___RD () C:\Users\R.Wetzel\Virtual Machines
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\tr-TR
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\th-TH
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\ro-RO
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL
2014-05-11 20:26 - 2014-05-13 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Program Files (x86)\Windows Virtual PC
2014-05-11 20:23 - 2010-11-20 09:34 - 00360832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys
2014-05-11 20:23 - 2010-11-20 09:34 - 00194944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys
2014-05-11 20:23 - 2010-11-20 09:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vpchbuspipe.dll
2014-05-11 20:23 - 2010-11-20 09:25 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\vpc.exe
2014-05-11 20:23 - 2010-11-20 09:25 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\VPCWizard.exe
2014-05-11 20:23 - 2010-11-20 09:25 - 01369600 _____ (Microsoft Corporation) C:\Windows\system32\VPCSettings.exe
2014-05-11 20:23 - 2010-11-20 07:37 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\VMWindow.exe
2014-05-11 20:23 - 2010-11-20 07:37 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\vmsal.exe
2014-05-11 20:23 - 2010-11-20 07:35 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\VMCPropertyHandler.dll
2014-05-11 20:23 - 2010-11-20 07:35 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys
2014-05-11 20:23 - 2010-11-20 07:35 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys
2014-05-11 20:23 - 2010-11-20 06:52 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
2014-05-11 19:25 - 2013-09-25 04:25 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Format USB
2014-05-11 19:24 - 2014-05-13 20:28 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Usboot Norton Ghost
2014-05-11 18:03 - 2014-05-11 18:08 - 621283886 _____ () C:\Users\R.Wetzel\Downloads\Hirens.BootCD.15.2.zip
2014-05-11 17:41 - 2014-05-11 17:41 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\M.A.Ford SSDrive
2014-05-11 16:55 - 2014-05-11 16:57 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-05-11 16:55 - 2014-05-11 16:55 - 00606120 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\R.Wetzel\Downloads\rufus-1.4.7.exe
2014-05-10 21:19 - 2014-05-10 21:19 - 00036727 _____ () C:\Users\R.Wetzel\GHOSTERR.TXT
2014-05-10 21:19 - 2014-05-10 21:19 - 00026076 _____ () C:\Users\R.Wetzel\ghost32.dmp
2014-05-10 19:31 - 2014-05-13 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
2014-05-10 19:31 - 2014-05-13 20:28 - 00000000 ____D () C:\DriveKey
2014-05-10 19:31 - 2014-05-10 19:31 - 00685454 _____ () C:\Users\R.Wetzel\Downloads\win98boot.zip
2014-05-10 19:31 - 2014-05-10 19:31 - 00000409 _____ () C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
2014-05-10 19:29 - 2014-05-10 19:29 - 06065786 _____ (DOS之家) C:\Users\R.Wetzel\Downloads\Ghost.exe
2014-05-10 17:02 - 2014-05-13 20:28 - 00000000 ____D () C:\Program Files (x86)\Support
2014-05-10 17:02 - 2014-05-13 20:28 - 00000000 ____D () C:\Program Files (x86)\Driver Validation
2014-05-10 17:02 - 2005-09-09 19:55 - 37766164 _____ () C:\Program Files (x86)\Data1.cab
2014-05-10 17:02 - 2005-09-09 19:55 - 07155864 _____ () C:\Program Files (x86)\NGhost10.msi
2014-05-10 17:02 - 2005-09-09 19:55 - 04588454 _____ (Symantec ) C:\Program Files (x86)\setup.exe
2014-05-10 17:02 - 2005-09-09 19:55 - 00000035 _____ () C:\Program Files (x86)\SCSSDist.ini
2014-05-10 15:16 - 2014-05-10 15:16 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Symantec
2014-05-10 14:20 - 2006-10-31 10:32 - 00466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capicom.dll
2014-05-10 14:19 - 2014-05-10 14:19 - 00000000 ____D () C:\ProgramData\Symantec Shared
2014-05-09 23:10 - 2014-05-09 23:10 - 00497548 _____ () C:\Users\R.Wetzel\Downloads\adb_fb_files.zip
2014-05-09 22:48 - 2014-05-09 22:48 - 18095576 _____ (VSO Software ) C:\Users\R.Wetzel\Downloads\VSO Downloader v3.2.0.6.exe
2014-05-09 22:47 - 2014-05-09 22:48 - 31830344 _____ (VSO Software ) C:\Users\R.Wetzel\Downloads\ConvertXtoDVD v5.1.0.12.exe
2014-05-09 19:37 - 2013-11-25 13:14 - 00009000 _____ (EldoS Corporation) C:\Windows\system32\elevtmsg.dll
2014-05-07 18:13 - 2014-05-07 18:13 - 00000000 _____ () C:\Windows\SysWOW64\FAPE212.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPBBFA.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP9BCB.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP8AA9.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP852B.tmp
2014-05-07 18:08 - 2014-05-07 18:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP7C72.tmp
2014-05-06 03:00 - 2014-05-20 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 19:42 - 2014-05-03 19:47 - 584895250 _____ () C:\Users\R.Wetzel\Downloads\Pizzuto_ClawsVX_v1.3.0.zip
2014-05-02 17:59 - 2014-05-02 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Workstation 6.5
2014-05-02 17:59 - 2014-05-02 17:59 - 00002085 _____ () C:\Users\Public\Desktop\EaseUS Todo Backup Workstation 6.5.lnk
2014-05-02 17:59 - 2013-09-04 11:24 - 00189000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2014-05-02 17:59 - 2013-09-04 11:24 - 00061000 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2014-05-02 17:59 - 2013-09-04 11:24 - 00048200 _____ () C:\Windows\system32\Drivers\EUBKMON.sys
2014-05-02 17:59 - 2013-09-04 11:24 - 00018504 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2014-05-02 17:56 - 2013-09-04 11:32 - 00024136 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-30 20:09 - 2014-04-30 20:09 - 00001067 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-04-30 20:09 - 2014-04-30 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-04-30 20:09 - 2014-04-30 20:09 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-04-28 21:27 - 2014-04-29 19:44 - 00000000 ____D () C:\Users\R.Wetzel\Documents\Dad
2014-04-26 17:42 - 2014-05-23 18:01 - 00000348 _____ () C:\Windows\Tasks\ProcessManager.job
2014-04-26 17:42 - 2014-04-26 17:42 - 00002724 _____ () C:\Windows\System32\Tasks\ProcessManager
2014-04-26 16:12 - 2014-04-26 16:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-26 16:12 - 2014-04-26 16:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-26 16:00 - 2014-05-03 13:21 - 00000000 ____D () C:\ProgramData\Intel
2014-04-26 15:27 - 2014-04-26 15:27 - 00000000 ____D () C:\Users\Public\Recorded TV
2014-04-24 22:21 - 2014-04-09 17:58 - 727076864 _____ () C:\Users\R.Wetzel\Desktop\George Carlin - Personal Favorites [2001].avi

==================== One Month Modified Files and Folders =======

2014-05-23 18:18 - 2014-05-23 17:54 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Help
2014-05-23 18:18 - 2014-05-20 15:58 - 00000000 ____D () C:\FRST
2014-05-23 18:18 - 2013-05-30 21:35 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 18:18 - 2013-01-13 00:56 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\uTorrent
2014-05-23 18:11 - 2009-07-14 00:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 18:11 - 2009-07-14 00:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 18:08 - 2013-10-26 18:20 - 01587496 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 18:08 - 2009-07-14 01:13 - 00786702 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 18:05 - 2014-03-24 21:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-23 18:05 - 2013-07-11 20:50 - 00000000 ___RD () C:\Users\R.Wetzel\Google Drive
2014-05-23 18:04 - 2013-04-02 18:28 - 00000000 ___RD () C:\Users\R.Wetzel\Dropbox
2014-05-23 18:04 - 2013-04-02 18:25 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Dropbox
2014-05-23 18:03 - 2014-05-20 21:51 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-23 18:03 - 2014-05-18 23:20 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-23 18:02 - 2014-05-23 18:02 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-23 18:02 - 2013-05-30 21:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 18:02 - 2013-03-16 18:42 - 00000000 ____D () C:\ProgramData\VMware
2014-05-23 18:01 - 2014-05-23 18:01 - 00000306 _____ () C:\Windows\PFRO.log
2014-05-23 18:01 - 2014-05-20 22:23 - 00001536 _____ () C:\Windows\setupact.log
2014-05-23 18:01 - 2014-04-26 17:42 - 00000348 _____ () C:\Windows\Tasks\ProcessManager.job
2014-05-23 18:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 17:59 - 2013-01-16 21:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-23 17:58 - 2014-05-23 17:55 - 00000000 ____D () C:\AdwCleaner
2014-05-22 21:21 - 2014-05-16 22:26 - 00000000 ____D () C:\Users\R.Wetzel\Documents\ConvertXtoDVD
2014-05-22 18:59 - 2014-05-15 21:56 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\vlc
2014-05-22 10:59 - 2013-01-16 21:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 10:59 - 2013-01-16 21:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 10:59 - 2013-01-16 21:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 01:02 - 2014-05-22 01:02 - 00276640 _____ () C:\Windows\Minidump\052214-35646-01.dmp
2014-05-22 01:02 - 2014-05-13 18:00 - 867313958 _____ () C:\Windows\MEMORY.DMP
2014-05-22 01:02 - 2013-08-19 17:03 - 00000000 ____D () C:\Windows\Minidump
2014-05-21 20:40 - 2014-05-21 20:40 - 00000000 ____D () C:\Users\R.Wetzel\Documents\TurboTax
2014-05-21 20:28 - 2014-05-21 20:24 - 664514155 _____ (Acresso Software Inc.) C:\Users\R.Wetzel\Downloads\RUU_EVITA_UL_JB_45_S_Cingular_US_3.18.502.6_Radio_0.24p.32.09.06_10.130.32.34_release_signed_With_Partial.exe
2014-05-21 20:26 - 2014-05-21 20:25 - 218453357 _____ () C:\Users\R.Wetzel\Downloads\cm-11-20140520-NIGHTLY-evita.zip
2014-05-21 20:19 - 2014-05-21 20:17 - 207408276 _____ () C:\Users\R.Wetzel\Downloads\pac_evita-nightly-20140519.zip
2014-05-21 15:19 - 2014-05-21 15:19 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\dvdcss
2014-05-21 04:20 - 2014-05-14 22:10 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 04:07 - 2014-05-21 04:07 - 00272568 _____ () C:\Windows\Minidump\052114-59420-01.dmp
2014-05-21 02:39 - 2014-05-21 02:39 - 00272568 _____ () C:\Windows\Minidump\052114-25178-01.dmp
2014-05-21 02:19 - 2014-05-21 02:19 - 00439744 _____ () C:\Windows\Minidump\052114-32448-01.dmp
2014-05-21 02:10 - 2014-05-21 02:10 - 00276696 _____ () C:\Windows\Minidump\052114-26551-01.dmp
2014-05-21 01:11 - 2014-05-21 01:11 - 00276696 _____ () C:\Windows\Minidump\052114-26832-01.dmp
2014-05-21 00:32 - 2014-05-21 00:32 - 00276696 _____ () C:\Windows\Minidump\052114-28782-01.dmp
2014-05-20 23:38 - 2014-05-20 23:38 - 00276696 _____ () C:\Windows\Minidump\052014-36395-01.dmp
2014-05-20 23:13 - 2014-05-20 23:13 - 00276696 _____ () C:\Windows\Minidump\052014-36956-01.dmp
2014-05-20 22:48 - 2014-05-20 22:48 - 00276696 _____ () C:\Windows\Minidump\052014-36348-01.dmp
2014-05-20 22:29 - 2013-09-05 20:27 - 00000000 ____D () C:\Users\R.Wetzel\Downloads\uTorrent
2014-05-20 22:23 - 2014-05-20 22:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 22:23 - 2014-05-20 22:22 - 00276696 _____ () C:\Windows\Minidump\052014-35771-01.dmp
2014-05-20 21:52 - 2014-05-20 21:52 - 00001052 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-20 21:52 - 2014-05-20 21:52 - 00001040 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-20 21:52 - 2014-05-20 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-20 21:52 - 2014-05-20 21:51 - 00002992 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-05-20 21:52 - 2014-05-20 21:51 - 00002654 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-20 21:52 - 2013-04-28 21:49 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\GlarySoft
2014-05-20 21:51 - 2014-05-20 21:51 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-20 20:32 - 2014-05-20 20:32 - 00035574 _____ () C:\Users\R.Wetzel\Downloads\240ED5CC0D9A3789B64F30F8BE4E9D3348C8792C.torrent
2014-05-20 20:04 - 2014-05-20 20:04 - 00531991 _____ () C:\Users\R.Wetzel\Downloads\quot; P90X2 Deluxe 2011 DVDRip with Docs [13 Disks] quot; [2261626].torrent
2014-05-20 16:00 - 2014-05-20 16:00 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 15:59 - 2014-05-20 15:59 - 01016261 _____ (Thisisu) C:\Users\R.Wetzel\Downloads\Junkware Removal Tool.exe
2014-05-20 15:48 - 2014-05-20 15:48 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Bleeping Help
2014-05-20 15:47 - 2014-05-20 15:47 - 00001549 _____ () C:\Users\R.Wetzel\Desktop\attach.txt
2014-05-20 15:46 - 2014-05-20 15:47 - 00033826 _____ () C:\Users\R.Wetzel\Desktop\dds.txt
2014-05-20 15:45 - 2014-05-20 15:45 - 00688992 ____R (Swearware) C:\Users\R.Wetzel\Downloads\dds.com
2014-05-20 03:28 - 2014-05-11 20:36 - 00000000 ___RD () C:\Users\R.Wetzel\Virtual Machines
2014-05-20 03:28 - 2013-01-10 21:43 - 00000000 ___RD () C:\Users\R.Wetzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 03:28 - 2013-01-10 21:43 - 00000000 ___RD () C:\Users\R.Wetzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 03:25 - 2013-09-06 22:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 03:23 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-20 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-20 03:06 - 2013-02-15 23:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-20 03:04 - 2013-08-17 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-20 03:02 - 2013-01-11 04:37 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-19 22:38 - 2014-05-19 22:36 - 00000000 ____D () C:\Users\R.Wetzel\dwhelper
2014-05-19 22:36 - 2013-01-10 21:43 - 00000000 ____D () C:\Users\R.Wetzel
2014-05-19 21:40 - 2013-01-20 19:16 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Users\R.Wetzel\Documents\AnyDVDHD
2014-05-19 21:23 - 2013-01-22 20:41 - 00000166 ___SH () C:\ProgramData\.zreglib
2014-05-19 21:19 - 2013-01-20 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-19 19:57 - 2014-04-13 21:48 - 00001161 _____ () C:\Users\R.Wetzel\Desktop\Active@ KillDisk 64-bit.lnk
2014-05-19 19:57 - 2013-01-29 22:16 - 00001746 _____ () C:\Users\R.Wetzel\Desktop\MPC-HC x64.lnk
2014-05-19 18:48 - 2014-05-19 18:48 - 00000000 ____D () C:\rsit
2014-05-19 18:48 - 2014-05-19 18:48 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-05-19 18:48 - 2014-05-19 18:42 - 00000000 ____D () C:\Users\R.Wetzel\Downloads\hijackthis_sfx
2014-05-19 18:42 - 2013-01-10 21:43 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\VirtualStore
2014-05-19 18:33 - 2014-05-19 18:32 - 00000000 ____D () C:\Users\R.Wetzel\Downloads\HelpAsst_mebroot_fix
2014-05-19 18:24 - 2014-05-19 18:24 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-19 18:24 - 2014-05-19 18:24 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-19 18:24 - 2014-04-11 15:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-19 18:23 - 2014-05-19 18:23 - 00282928 _____ (Mozilla) C:\Users\R.Wetzel\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-19 16:50 - 2013-01-15 22:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 16:41 - 2014-05-14 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-19 16:41 - 2014-05-14 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-05-19 16:41 - 2014-03-30 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Magician
2014-05-19 16:41 - 2014-03-30 21:15 - 00000000 ____D () C:\Program Files (x86)\Driver Magician
2014-05-19 16:41 - 2014-02-19 07:22 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-19 16:41 - 2014-01-23 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Hide IP
2014-05-19 16:41 - 2014-01-23 22:08 - 00000000 ____D () C:\Program Files (x86)\SuperHideIP
2014-05-19 16:41 - 2013-02-09 12:28 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\PowerISO
2014-05-19 16:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-19 10:05 - 2014-05-16 20:38 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\driver
2014-05-19 10:03 - 2013-02-15 23:26 - 00000000 __RHD () C:\MSOCache
2014-05-18 23:30 - 2014-05-18 23:30 - 00032768 _____ () C:\Windows\system32\config\sam.gu
2014-05-18 23:30 - 2009-07-13 22:34 - 84934656 _____ () C:\Windows\system32\config\software.gu.bak
2014-05-18 23:30 - 2009-07-13 22:34 - 29622272 _____ () C:\Windows\system32\config\system.gu.bak
2014-05-18 23:29 - 2014-05-18 23:29 - 00024576 _____ () C:\Windows\system32\config\security.gu
2014-05-18 23:28 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\default.gu.bak
2014-05-18 23:20 - 2013-05-18 15:57 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-18 22:33 - 2014-05-18 22:30 - 182517518 _____ () C:\Users\R.Wetzel\Downloads\KarbonKat-v1.0-11-20140517-1751-evita.zip
2014-05-18 15:03 - 2014-05-18 15:03 - 14190726 _____ () C:\Users\R.Wetzel\Downloads\Asian Crisis Hotline Prank Call HILARIOUS! - OwnagePranks.mp4
2014-05-17 14:32 - 2014-05-17 14:28 - 198317890 _____ () C:\Users\R.Wetzel\Downloads\cm-10.2.1-evita.zip
2014-05-17 14:32 - 2014-05-17 14:27 - 218447754 _____ () C:\Users\R.Wetzel\Downloads\cm-11-20140517-NIGHTLY-evita.zip
2014-05-17 14:25 - 2014-05-17 14:23 - 207486251 _____ () C:\Users\R.Wetzel\Downloads\pac_evita-nightly-20140517.zip
2014-05-16 20:32 - 2014-03-30 21:15 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Driver Magician
2014-05-15 17:52 - 2014-05-15 17:52 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\uTorrent
2014-05-14 22:11 - 2013-01-13 02:02 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\Google
2014-05-14 22:10 - 2013-03-13 12:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-14 04:39 - 2013-07-14 21:04 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-05-14 03:02 - 2014-05-20 21:51 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-05-13 22:18 - 2014-05-13 22:18 - 02077392 _____ (Microsoft Corporation) C:\Users\R.Wetzel\Downloads\IE11-Windows6.1.exe
2014-05-13 21:11 - 2014-05-13 21:11 - 00662016 _____ () C:\Users\R.Wetzel\Downloads\MicrosoftFixit50566.msi
2014-05-13 21:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-13 20:28 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\Downloaded Installations
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ____D () C:\Windows\system32\Drivers\tr-TR
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ____D () C:\Windows\system32\Drivers\th-TH
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ____D () C:\Windows\system32\Drivers\ro-RO
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL
2014-05-13 20:28 - 2014-05-11 20:26 - 00000000 ____D () C:\Windows\system32\Drivers\ar-SA
2014-05-13 20:28 - 2014-05-11 19:24 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\Usboot Norton Ghost
2014-05-13 20:28 - 2014-05-10 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
2014-05-13 20:28 - 2014-05-10 19:31 - 00000000 ____D () C:\DriveKey
2014-05-13 20:28 - 2014-05-10 17:02 - 00000000 ____D () C:\Program Files (x86)\Support
2014-05-13 20:28 - 2014-05-10 17:02 - 00000000 ____D () C:\Program Files (x86)\Driver Validation
2014-05-13 20:28 - 2013-05-21 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2014-05-13 20:28 - 2013-04-02 18:26 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-13 20:28 - 2013-03-16 21:27 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\VMware
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-05-13 20:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-05-13 20:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-05-13 20:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-05-13 20:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-05-13 20:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-05-13 20:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-13 20:16 - 2009-07-14 00:45 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-13 20:04 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-13 19:48 - 2014-05-13 19:46 - 00030060 _____ () C:\KDLogMsg.out
2014-05-13 19:40 - 2013-10-26 17:44 - 00112224 _____ () C:\Users\R.Wetzel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-13 19:09 - 2014-05-13 19:09 - 00001073 _____ () C:\Users\Public\Desktop\CloneCD.lnk
2014-05-13 19:09 - 2014-05-13 19:09 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-05-13 19:09 - 2013-05-21 16:36 - 00000000 ____D () C:\ProgramData\SlySoft
2014-05-13 18:05 - 2013-04-02 18:28 - 00001033 _____ () C:\Users\R.Wetzel\Desktop\Dropbox.lnk
2014-05-13 18:03 - 2012-09-30 18:35 - 00000000 ____D () C:\Android
2014-05-13 06:15 - 2014-05-13 06:12 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\FlashDrive Files 2
2014-05-12 15:33 - 2014-05-11 20:42 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\VMware
2014-05-11 20:53 - 2014-05-11 20:53 - 00002087 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2014-05-11 20:53 - 2014-05-11 20:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-05-11 20:53 - 2013-03-16 18:42 - 00804314 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-11 20:52 - 2014-05-11 20:52 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-05-11 20:52 - 2013-03-16 18:42 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-05-11 20:44 - 2013-11-11 16:51 - 00000000 ____D () C:\Users\R.Wetzel\Documents\Virtual Machines
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Program Files (x86)\Windows Virtual PC
2014-05-11 19:19 - 2013-11-18 18:58 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Notepad++
2014-05-11 18:08 - 2014-05-11 18:03 - 621283886 _____ () C:\Users\R.Wetzel\Downloads\Hirens.BootCD.15.2.zip
2014-05-11 17:41 - 2014-05-11 17:41 - 00000000 ____D () C:\Users\R.Wetzel\Desktop\M.A.Ford SSDrive
2014-05-11 16:57 - 2014-05-11 16:55 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2014-05-11 16:55 - 2014-05-11 16:55 - 00606120 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\R.Wetzel\Downloads\rufus-1.4.7.exe
2014-05-10 21:19 - 2014-05-10 21:19 - 00036727 _____ () C:\Users\R.Wetzel\GHOSTERR.TXT
2014-05-10 21:19 - 2014-05-10 21:19 - 00026076 _____ () C:\Users\R.Wetzel\ghost32.dmp
2014-05-10 19:31 - 2014-05-10 19:31 - 00685454 _____ () C:\Users\R.Wetzel\Downloads\win98boot.zip
2014-05-10 19:31 - 2014-05-10 19:31 - 00000409 _____ () C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk
2014-05-10 19:29 - 2014-05-10 19:29 - 06065786 _____ (DOS之家) C:\Users\R.Wetzel\Downloads\Ghost.exe
2014-05-10 15:16 - 2014-05-10 15:16 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Roaming\Symantec
2014-05-10 14:19 - 2014-05-10 14:19 - 00000000 ____D () C:\ProgramData\Symantec Shared
2014-05-10 13:55 - 2014-02-20 23:31 - 00000000 ____D () C:\Users\R.Wetzel\AppData\Local\CutePDF Writer
2014-05-09 23:19 - 2013-04-05 23:14 - 00000000 ____D () C:\Users\R.Wetzel\.android
2014-05-09 23:10 - 2014-05-09 23:10 - 00497548 _____ () C:\Users\R.Wetzel\Downloads\adb_fb_files.zip
2014-05-09 22:48 - 2014-05-09 22:48 - 18095576 _____ (VSO Software ) C:\Users\R.Wetzel\Downloads\VSO Downloader v3.2.0.6.exe
2014-05-09 22:48 - 2014-05-09 22:47 - 31830344 _____ (VSO Software ) C:\Users\R.Wetzel\Downloads\ConvertXtoDVD v5.1.0.12.exe
2014-05-09 02:14 - 2014-05-19 06:32 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:11 - 2014-05-19 06:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 19:38 - 2013-01-15 21:49 - 00000000 ____D () C:\ProgramData\VSO
2014-05-07 18:13 - 2014-05-07 18:13 - 00000000 _____ () C:\Windows\SysWOW64\FAPE212.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAPBBFA.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP9BCB.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP8AA9.tmp
2014-05-07 18:12 - 2014-05-07 18:12 - 00000000 _____ () C:\Windows\SysWOW64\FAP852B.tmp
2014-05-07 18:08 - 2014-05-07 18:08 - 00000000 _____ () C:\Windows\SysWOW64\FAP7C72.tmp
2014-05-07 17:58 - 2013-01-16 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-07 17:58 - 2013-01-16 21:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-07 02:13 - 2013-05-30 21:35 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 02:13 - 2013-05-30 21:35 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 16:15 - 2013-07-11 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 00:40 - 2014-05-20 03:06 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:17 - 2014-05-20 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 23:25 - 2014-05-20 03:06 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 23:07 - 2014-05-20 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 23:00 - 2014-05-20 03:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-20 03:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 19:47 - 2014-05-03 19:42 - 584895250 _____ () C:\Users\R.Wetzel\Downloads\Pizzuto_ClawsVX_v1.3.0.zip
2014-05-03 13:21 - 2014-04-26 16:00 - 00000000 ____D () C:\ProgramData\Intel
2014-05-03 13:21 - 2014-03-15 11:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-03 13:21 - 2013-01-13 02:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-02 18:35 - 2014-05-02 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Workstation 6.5
2014-05-02 17:59 - 2014-05-02 17:59 - 00002085 _____ () C:\Users\Public\Desktop\EaseUS Todo Backup Workstation 6.5.lnk
2014-05-02 17:56 - 2013-02-24 22:05 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-04-30 21:53 - 2014-04-30 21:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-04-30 20:09 - 2014-04-30 20:09 - 00001067 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-04-30 20:09 - 2014-04-30 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-04-30 20:09 - 2014-04-30 20:09 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-04-29 19:44 - 2014-04-28 21:27 - 00000000 ____D () C:\Users\R.Wetzel\Documents\Dad
2014-04-27 18:18 - 2013-04-10 20:03 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-26 22:20 - 2013-01-29 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-04-26 22:20 - 2013-01-29 22:16 - 00000000 ____D () C:\Program Files\MPC-HC
2014-04-26 17:42 - 2014-04-26 17:42 - 00002724 _____ () C:\Windows\System32\Tasks\ProcessManager
2014-04-26 16:12 - 2014-04-26 16:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-26 16:12 - 2014-04-26 16:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-26 16:12 - 2014-04-26 16:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-26 16:12 - 2014-04-13 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-26 16:02 - 2014-01-24 23:00 - 00002992 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-04-26 15:52 - 2014-04-20 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-26 15:52 - 2014-03-17 21:18 - 00000000 ____D () C:\Program Files (x86)\Print@Home
2014-04-26 15:52 - 2013-04-26 22:21 - 00000000 __SHD () C:\AI_RecycleBin
2014-04-26 15:52 - 2013-02-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax Home & Business 2007
2014-04-26 15:52 - 2013-01-18 18:41 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-04-26 15:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-26 15:27 - 2014-04-26 15:27 - 00000000 ____D () C:\Users\Public\Recorded TV

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\R.Wetzel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkh9_fm.dll
C:\Users\R.Wetzel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 00:23

==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 24 May 2014 - 07:59 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(BitTorrent Inc.) C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [uTorrent] => C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-08] (BitTorrent Inc.)
IFEO\taskmgr.exe: [Debugger] C:\Program Files (x86)\Glary Utilities 4\procmgr.exe
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\R8723~1.WET\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.v9.com/?type=hppp&ts=1400024578&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427acc15"
CHR Extension: (Poppit) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-05-19]
CHR Extension: (Hover Zoom) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-05-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
R3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {4C4A4D08-C5AA-45F0-80E8-76E5AC5AB28C} - \TuneUpUtilities_Task_BkGndMaintenance2013 No Task File <==== ATTENTION
Task: {8D3944EB-607C-45B8-A7E2-326F6CF54F60} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {BE9BF047-AC83-408D-A549-9475A9F94B9C} - \Wise Care 365 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:635FFD7D
AlternateDataStreams: C:\ProgramData\TEMP:9638A27E
C:\Users\R.Wetzel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkh9_fm.dll
2014-05-21 02:39 - 2014-05-21 02:39 - 00272568 _____ () C:\Windows\Minidump\052114-25178-01.dmp
2014-05-21 02:19 - 2014-05-21 02:19 - 00439744 _____ () C:\Windows\Minidump\052114-32448-01.dmp
2014-05-21 02:10 - 2014-05-21 02:10 - 00276696 _____ () C:\Windows\Minidump\052114-26551-01.dmp
2014-05-21 01:11 - 2014-05-21 01:11 - 00276696 _____ () C:\Windows\Minidump\052114-26832-01.dmp
2014-05-21 00:32 - 2014-05-21 00:32 - 00276696 _____ () C:\Windows\Minidump\052114-28782-01.dmp
2014-05-20 23:38 - 2014-05-20 23:38 - 00276696 _____ () C:\Windows\Minidump\052014-36395-01.dmp
2014-05-20 23:13 - 2014-05-20 23:13 - 00276696 _____ () C:\Windows\Minidump\052014-36956-01.dmp
2014-05-20 22:48 - 2014-05-20 22:48 - 00276696 _____ () C:\Windows\Minidump\052014-36348-01.dmp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#5 Sandman72

Sandman72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 24 May 2014 - 04:33 PM

Here is the fixlog. I tried to run Security Check Normal and as Admin and when it gets to Preparing it comes up with a lot of Internal command errors and shuts off. I don't get any log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-05-2014 1
Ran by R.Wetzel at 2014-05-24 16:55:49 Run:1
Running from C:\Users\R.Wetzel\Desktop\Bleeping Help
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(BitTorrent Inc.) C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [uTorrent] =>
C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-08] (BitTorrent Inc.)
IFEO\taskmgr.exe: [Debugger] C:\Program Files (x86)\Glary Utilities 4\procmgr.exe
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\R8723~1.WET\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: hopster.com/CouponPrinterPlugin - C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll (Hopster)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.v9.com/?type=hppp&ts=1400024578&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427acc15"
CHR Extension: (Poppit) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-05-19]
CHR Extension: (Hover Zoom) - C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-05-19]
CHR HKLM\SOFTWARE\Policies\Google:
Policy restriction <======= ATTENTION
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
R3 WinHttpAutoProxySvc; winhttp.dll [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {4C4A4D08-C5AA-45F0-80E8-76E5AC5AB28C} - \TuneUpUtilities_Task_BkGndMaintenance2013 No Task File <==== ATTENTION
Task: {8D3944EB-607C-45B8-A7E2-326F6CF54F60} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {BE9BF047-AC83-408D-A549-9475A9F94B9C} - \Wise Care 365 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:635FFD7D
AlternateDataStreams:
C:\ProgramData\TEMP:9638A27E
C:\Users\R.Wetzel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkh9_fm.dll
2014-05-21 02:39 - 2014-05-21 02:39 - 00272568 _____ () C:\Windows\Minidump\052114-25178-01.dmp
2014-05-21 02:19 - 2014-05-21 02:19 - 00439744 _____ () C:\Windows\Minidump\052114-32448-01.dmp
2014-05-21 02:10 - 2014-05-21 02:10 - 00276696 _____ () C:\Windows\Minidump\052114-26551-01.dmp
2014-05-21 01:11 - 2014-05-21 01:11 - 00276696 _____ () C:\Windows\Minidump\052114-26832-01.dmp
2014-05-21 00:32 - 2014-05-21 00:32 - 00276696 _____ () C:\Windows\Minidump\052114-28782-01.dmp
2014-05-20 23:38 - 2014-05-20 23:38 - 00276696 _____ () C:\Windows\Minidump\052014-36395-01.dmp
2014-05-20 23:13 - 2014-05-20 23:13 - 00276696 _____ () C:\Windows\Minidump\052014-36956-01.dmp
2014-05-20 22:48 - 2014-05-20 22:48 - 00276696 _____ () C:\Windows\Minidump\052014-36348-01.dmp

End

*****************

[5292] C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe => Process closed successfully.
[3508] C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe => Process closed successfully.
HKU\S-1-5-21-630083757-574426453-2579935401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-630083757-574426453-2579935401-1001\...\Run: [uTorrent] => => Value not found.
"C:\Users\R.Wetzel\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-08] (BitTorrent Inc.)" => File/Directory not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCR\PROTOCOLS\Filter\application/octet-stream => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key deleted successfully.
HKCR\PROTOCOLS\Filter\application/x-complus => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-msdownload => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/octet-stream => Key not found.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-complus => Key not found.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-msdownload => Key not found.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8 => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1 => Key deleted successfully.
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files not found.
HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => Key deleted successfully.
C:\Users\R8723~1.WET\AppData\Roaming\CATALI~2\NPBCSK~1.DLL => Moved successfully.
HKCU\Software\MozillaPlugins\hopster.com/CouponPrinterPlugin => Key deleted successfully.
C:\Users\R.Wetzel\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll => Moved successfully.
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.v9.com/?type=hppp&ts=1400024578&from=amt&uid=ST31000524AS_6VPH0CDQXXXX6VPH0CDQ&i=psd&t=3427acc15" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => Moved successfully.
C:\Users\R.Wetzel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl => Moved successfully.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
SystemUpdatekb70007 => Service deleted successfully.
WinHttpAutoProxySvc => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C4A4D08-C5AA-45F0-80E8-76E5AC5AB28C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C4A4D08-C5AA-45F0-80E8-76E5AC5AB28C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3944EB-607C-45B8-A7E2-326F6CF54F60} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3944EB-607C-45B8-A7E2-326F6CF54F60} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE9BF047-AC83-408D-A549-9475A9F94B9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE9BF047-AC83-408D-A549-9475A9F94B9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wise Care 365 => Key deleted successfully.
C:\ProgramData\TEMP => ":635FFD7D" ADS removed successfully.
Could not move "C:\ProgramData\TEMP:9638A27E" => Scheduled to move on reboot.
"C:\Users\R.Wetzel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkh9_fm.dll" => File/Directory not found.
C:\Windows\Minidump\052114-25178-01.dmp => Moved successfully.
C:\Windows\Minidump\052114-32448-01.dmp => Moved successfully.
C:\Windows\Minidump\052114-26551-01.dmp => Moved successfully.
C:\Windows\Minidump\052114-26832-01.dmp => Moved successfully.
C:\Windows\Minidump\052114-28782-01.dmp => Moved successfully.
C:\Windows\Minidump\052014-36395-01.dmp => Moved successfully.
C:\Windows\Minidump\052014-36956-01.dmp => Moved successfully.
C:\Windows\Minidump\052014-36348-01.dmp => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-24 16:59:48)<=

"C:\ProgramData\TEMP:9638A27E" => File could not move.

==== End of Fixlog ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 25 May 2014 - 07:21 AM

Security Check tool should run after a restart of the computer.

 

Please try again.

 

Let me know what problem persists now that the FRST tool cleaned the bad items.



#7 Sandman72

Sandman72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:57 AM

Posted 25 May 2014 - 07:43 AM

Hello, No luck I managed to pause it and get some of the error ,messages. I even redownloaded and restarted with no luck.,

 

 ``Preparing Done!``

'sc' is not recognized as an internal or external command,
operable program or batch file.
'find' is not recognized as an internal or external command,
operable program or batch file.
'netsh' is not recognized as an internal or external command,
operable program or batch file.
^C'find' is not recognized as an internal or external command,
operable program or batch file.
'find' is not recognized as an internal or external command,
operable program or batch file.
'find' is not recognized as an internal or external command,
operable program or batch file.
Terminate batch job (Y/N)?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 25 May 2014 - 07:54 AM


In the absence of a SecurityCheck log make sure you have the latest version of these programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u55.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,184 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 31 May 2014 - 07:31 AM

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users