Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Executable Files Won't Function


  • Please log in to reply
37 replies to this topic

#1 patsfan

patsfan

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 July 2014 - 09:14 AM

My husband accidently clicked on an ad on a newspaper site. It downloaded Arcade Parlor and  Norton Security Scan. Since that time none of his executable files on his laptop will function. I have tried to use system restore and am prompted  with a message "Windows can't open this file. It needs to know what program you want to open it

." I have tried running Malwarebytes from a removable drive and it will not function either. Also tried booting computer in Safe Mode and it will not fully load the desktop.  Any ideas? 


Edited by hamluis, 06 July 2014 - 10:26 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 06 July 2014 - 09:34 AM

Hi,

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
  • Link 3
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Please post the log generated by the tool.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 July 2014 - 05:22 PM

Tried to run rkill but was not successfull using any of the above links. Can't access internet from infected laptop. When I loaded it onto separate drive comes back with a message that windows can't open file. rkill.exe. To open file windows needs to know what program you want to use to open it. Wndows can go online to look it up automatically, or you can manually select from a list of progrmas that are installed on computer. Looks like all associations are lost.



#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 06 July 2014 - 05:49 PM

Hi,

 

Now that we have this topic on the Malware Removal section we can use other tools to look into your system. You will need access to another computer and a flash drive.

 

Step 1 - Farbar Recovery Scan

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you don't know which version matches your system, download both only one will run.

Plug the flashdrive into the infected PC.

Enter System Recovery Options using one of those options:

 

Option 1: Enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

Option 2: Enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter (take note of it) and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Things I would like to see in your next reply:

  • The Farbar Recovery Scan log (FRST.txt)

Edited by SleepyDude, 06 July 2014 - 05:49 PM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 July 2014 - 07:01 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by SYSTEM on MININT-U9PTM55 on 06-07-2014 19:31:04
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Log file listed above
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-23] (IDT, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-24] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\BradfordC\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\BradfordC\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\BradfordC\...\Run: [GoogleChromeAutoLaunch_E705B56914F1459D6A44922EDBC115DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\BradfordC\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-03-01] ()
HKU\BradfordC\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\BradfordC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\BradfordC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
 
==================== Services (Whitelisted) =================
 
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S2 sKEjhLDk; C:\ProgramData\IQRnIJ\sKEjhLDk.exe [2318720 2014-07-06] (Acute Angle Solutions)
S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-06] (Symantec Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-06] ()
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; C:\Windows\System32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [61104 2014-06-05] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-06 19:30 - 2014-07-06 19:31 - 00000000 ____D () C:\FRST
2014-07-06 04:21 - 2014-07-06 04:21 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\Blasteroids
2014-07-06 04:04 - 2014-07-06 04:36 - 00000288 _____ () C:\Windows\Tasks\ArcadeParlor.job
2014-07-06 04:04 - 2014-07-06 04:04 - 00003184 _____ () C:\Windows\System32\Tasks\ArcadeParlor
2014-07-06 04:04 - 2014-07-06 04:04 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\ArcadeParlor
2014-07-06 04:03 - 2014-07-06 04:37 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-07-06 04:03 - 2014-07-06 04:17 - 00000460 ____H () C:\Windows\Tasks\Norton Security Scan for BradfordC.job
2014-07-06 04:03 - 2014-07-06 04:03 - 00003634 _____ () C:\Windows\System32\Tasks\Norton Security Scan for BradfordC
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\ProgramData\IQRnIJ
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-06 04:02 - 2014-07-06 04:17 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-07-06 04:02 - 2014-02-18 21:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\System32\ATL90.dll
2014-07-06 04:01 - 2014-07-06 04:01 - 01990520 _____ (SafeInstall, LLC) C:\Users\BradfordC\Downloads\pidgin_installer.exe
2014-06-25 13:41 - 2014-06-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-25 13:41 - 2014-06-25 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 13:41 - 2014-05-12 03:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-06-25 13:41 - 2014-05-12 03:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-06-24 02:16 - 2014-06-24 02:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-14 03:40 - 2014-06-14 03:37 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 03:37 - 2014-06-14 03:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:36 - 2014-06-14 03:36 - 00918952 _____ (Oracle Corporation) C:\Users\BradfordC\Downloads\JavaSetup7u60.com
2014-06-11 02:29 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-11 02:29 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-11 02:29 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-11 02:29 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-11 02:29 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-11 02:29 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-11 02:29 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-11 02:29 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-11 02:29 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-11 02:29 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-11 02:29 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-11 02:29 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-11 02:29 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-11 02:29 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 02:29 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-11 02:29 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-11 02:29 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-11 02:29 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 02:29 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-11 02:29 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-11 02:29 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-11 02:29 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 02:29 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-11 02:29 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 02:29 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 02:29 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 02:29 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-11 02:29 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 02:29 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 02:29 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 02:29 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-11 02:29 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 02:29 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 02:29 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-11 02:29 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-11 02:29 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 02:29 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 02:29 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 02:29 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 02:29 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 02:29 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 02:29 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-11 02:29 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 02:29 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 02:29 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 02:29 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-11 02:29 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 02:29 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-11 02:29 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 02:29 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 02:29 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-11 02:29 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 02:29 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-11 02:29 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 02:29 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-11 02:29 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-11 02:29 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-11 02:29 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-11 02:29 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-11 02:29 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-11 02:29 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 02:29 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 02:29 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 02:29 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 02:28 - 2014-06-08 01:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-11 02:28 - 2014-06-08 01:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\BradfordC\Documents\Smart PC Cleaner
2014-06-08 14:56 - 2014-07-06 05:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-08 14:01 - 2014-06-05 10:21 - 00061104 _____ (StdLib) C:\Windows\System32\Drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys
2014-06-08 13:17 - 2014-06-13 02:10 - 00122880 _____ () C:\Users\BradfordC\AppData\Local\ChromeHitoryDB
2014-06-08 13:00 - 2014-06-25 08:11 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-06-08 12:57 - 2014-07-06 15:17 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-06-08 12:57 - 2014-06-16 16:24 - 00000000 ____D () C:\Program Files\V-bates
2014-06-08 12:57 - 2014-06-08 12:57 - 01350935 _____ (Tailorsoft ) C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe
2014-06-08 12:57 - 2014-06-08 12:57 - 00003258 _____ () C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}
2014-06-08 12:57 - 2014-06-08 12:57 - 00000045 _____ () C:\user.js
2014-06-08 12:56 - 2014-06-08 16:35 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 12:56 - 2014-06-08 12:56 - 00004024 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-06-08 12:55 - 2014-06-08 12:55 - 00000000 _____ () C:\END
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Intel Corporation
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\QSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\DSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\AtStart.txt
2014-06-08 11:40 - 2014-06-08 11:40 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_01009.Wdf
2014-06-08 11:39 - 2014-06-08 11:39 - 00001400 _____ () C:\Windows\Synaptics.log
2014-06-08 11:35 - 2014-06-08 11:37 - 00000000 ____D () C:\Program Files\IDT
2014-06-08 11:35 - 2014-06-08 11:35 - 00000000 ____D () C:\SP57966
2014-06-08 11:35 - 2012-07-23 22:59 - 01988096 _____ (IDT, Inc.) C:\Windows\System32\stapo64.dll
2014-06-08 11:35 - 2012-07-23 22:59 - 00656896 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2014-06-08 11:35 - 2012-07-23 22:59 - 00540160 _____ (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2014-06-08 11:35 - 2012-07-23 22:59 - 00450048 _____ (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2014-06-08 11:34 - 2014-06-08 11:34 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\ProgramData\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-08 11:29 - 2010-02-25 13:51 - 01863680 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\BttnCmn.dll
2014-06-08 11:29 - 2010-02-25 11:20 - 01885488 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\BttnCmns.dll
2014-06-08 11:29 - 2010-02-25 11:18 - 01919968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01005.dll
2014-06-08 11:29 - 2010-02-25 11:18 - 00018432 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\System32\Drivers\HpqKbFiltr.sys
2014-06-08 11:27 - 2014-06-08 11:27 - 00000000 ____D () C:\SP56163
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-06-08 11:25 - 2014-06-08 11:27 - 00000554 _____ () C:\Windows\LkmdfCoInst.log
2014-06-08 11:25 - 2014-06-08 11:27 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-08 11:25 - 2014-06-08 11:26 - 00000000 ____D () C:\ProgramData\Logishrd
2014-06-08 11:25 - 2014-06-08 11:25 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-06-08 11:25 - 2014-06-08 11:25 - 00006519 _____ () C:\Windows\LDPINST.LOG
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Leadertech
2014-06-08 11:24 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logitech
2014-06-08 11:24 - 2014-06-08 11:25 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logishrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-06-08 10:50 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\LogMeIn Rescue Applet
2014-06-08 10:50 - 2014-06-08 10:50 - 01527104 _____ (LogMeIn, Inc.) C:\Users\BradfordC\Downloads\Support-LogMeInRescue.exe
2014-06-08 10:44 - 2014-06-12 11:58 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-07-06 19:31 - 2014-07-06 19:30 - 00000000 ____D () C:\FRST
2014-07-06 15:19 - 2013-11-27 15:29 - 00000426 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-07-06 15:19 - 2010-12-01 00:34 - 02051207 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 15:19 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 15:19 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 15:18 - 2013-11-27 15:29 - 00002860 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-07-06 15:17 - 2014-06-08 12:57 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-07-06 15:17 - 2013-11-27 15:29 - 00016152 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2014-07-06 15:17 - 2012-02-22 17:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 15:17 - 2010-12-09 19:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-06 15:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 15:17 - 2009-07-13 20:51 - 00099235 _____ () C:\Windows\setupact.log
2014-07-06 14:39 - 2012-02-22 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 14:34 - 2012-10-30 12:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 14:29 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-06 13:57 - 2011-07-01 15:50 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E82ED17-C171-4C85-ADD5-C7A6E28F815F}
2014-07-06 05:28 - 2014-06-08 14:56 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-06 05:00 - 2010-12-01 00:38 - 00636550 _____ () C:\Windows\PFRO.log
2014-07-06 04:56 - 2010-12-10 12:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 04:37 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-07-06 04:36 - 2014-07-06 04:04 - 00000288 _____ () C:\Windows\Tasks\ArcadeParlor.job
2014-07-06 04:21 - 2014-07-06 04:21 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\Blasteroids
2014-07-06 04:17 - 2014-07-06 04:03 - 00000460 ____H () C:\Windows\Tasks\Norton Security Scan for BradfordC.job
2014-07-06 04:17 - 2014-07-06 04:02 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-07-06 04:17 - 2011-02-25 11:02 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForBradfordC.job
2014-07-06 04:16 - 2014-05-01 11:41 - 00000000 ___RD () C:\Users\BradfordC\Dropbox
2014-07-06 04:16 - 2010-12-10 19:03 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\ZumoDrive
2014-07-06 04:04 - 2014-07-06 04:04 - 00003184 _____ () C:\Windows\System32\Tasks\ArcadeParlor
2014-07-06 04:04 - 2014-07-06 04:04 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\ArcadeParlor
2014-07-06 04:03 - 2014-07-06 04:03 - 00003634 _____ () C:\Windows\System32\Tasks\Norton Security Scan for BradfordC
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\ProgramData\IQRnIJ
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-06 04:03 - 2010-12-01 00:57 - 00000000 ____D () C:\ProgramData\Norton
2014-07-06 04:01 - 2014-07-06 04:01 - 01990520 _____ (SafeInstall, LLC) C:\Users\BradfordC\Downloads\pidgin_installer.exe
2014-07-04 16:05 - 2010-12-10 18:32 - 00000000 ____D () C:\Users\BradfordC\Documents\Outlook Files
2014-07-04 08:02 - 2011-02-25 11:02 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBradfordC
2014-07-04 08:02 - 2010-12-24 05:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-04 08:01 - 2011-10-28 11:26 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-28 12:44 - 2013-03-03 11:21 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-06-28 06:22 - 2010-12-15 17:10 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\CrashDumps
2014-06-27 02:24 - 2011-01-14 11:37 - 00003226 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBRADFORDC-HP$
2014-06-27 02:24 - 2011-01-14 11:37 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForBRADFORDC-HP$.job
2014-06-25 13:41 - 2014-06-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-25 13:41 - 2014-06-25 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 13:41 - 2013-06-14 02:39 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 13:41 - 2011-10-10 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 13:41 - 2011-10-10 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 13:41 - 2011-03-21 18:10 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Malwarebytes
2014-06-25 08:14 - 2014-05-01 11:40 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\DropboxMaster
2014-06-25 08:14 - 2014-05-01 11:39 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Dropbox
2014-06-25 08:11 - 2014-06-08 13:00 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-06-24 02:16 - 2014-06-24 02:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-24 02:16 - 2013-12-03 03:19 - 00050464 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2014-06-24 02:16 - 2013-12-03 03:19 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-23 02:38 - 2010-12-01 00:58 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-23 02:38 - 2010-12-01 00:58 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-18 16:34 - 2012-02-22 17:00 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 16:34 - 2012-02-22 17:00 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 13:59 - 2010-10-16 07:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-17 13:59 - 2010-10-16 07:22 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-17 13:59 - 2010-10-16 07:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-16 16:24 - 2014-06-08 12:57 - 00000000 ____D () C:\Program Files\V-bates
2014-06-16 16:21 - 2013-06-13 13:12 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-06-14 03:40 - 2013-10-18 11:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 03:37 - 2014-06-14 03:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 03:37 - 2014-06-14 03:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:36 - 2014-06-14 03:36 - 00918952 _____ (Oracle Corporation) C:\Users\BradfordC\Downloads\JavaSetup7u60.com
2014-06-13 02:10 - 2014-06-08 13:17 - 00122880 _____ () C:\Users\BradfordC\AppData\Local\ChromeHitoryDB
2014-06-12 11:58 - 2014-06-08 10:44 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 02:25 - 2013-07-22 04:24 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-12 02:21 - 2011-01-06 13:21 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-12 02:18 - 2014-05-07 02:20 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-08 16:36 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2014-06-08 16:35 - 2014-06-08 12:56 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 15:02 - 2014-05-01 13:23 - 00000000 ____D () C:\ProgramData\Fighters
2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\BradfordC\Documents\Smart PC Cleaner
2014-06-08 14:09 - 2010-12-09 19:07 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\VirtualStore
2014-06-08 12:57 - 2014-06-08 12:57 - 01350935 _____ (Tailorsoft ) C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe
2014-06-08 12:57 - 2014-06-08 12:57 - 00003258 _____ () C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}
2014-06-08 12:57 - 2014-06-08 12:57 - 00000045 _____ () C:\user.js
2014-06-08 12:56 - 2014-06-08 12:56 - 00004024 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-06-08 12:55 - 2014-06-08 12:55 - 00000000 _____ () C:\END
2014-06-08 12:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-06-08 12:46 - 2014-05-01 11:41 - 00001033 _____ () C:\Users\BradfordC\Desktop\Dropbox.lnk
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Intel Corporation
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\QSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\DSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\AtStart.txt
2014-06-08 12:43 - 2014-06-08 10:50 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\LogMeIn Rescue Applet
2014-06-08 11:49 - 2010-10-16 07:16 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-06-08 11:49 - 2010-10-16 07:12 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-08 11:49 - 2010-10-16 07:12 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-08 11:48 - 2009-09-06 16:40 - 00000000 ____D () C:\SwSetup
2014-06-08 11:43 - 2010-12-01 00:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-08 11:40 - 2014-06-08 11:40 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_01009.Wdf
2014-06-08 11:40 - 2010-12-01 00:32 - 00240642 _____ () C:\Windows\DPINST.LOG
2014-06-08 11:39 - 2014-06-08 11:39 - 00001400 _____ () C:\Windows\Synaptics.log
2014-06-08 11:37 - 2014-06-08 11:35 - 00000000 ____D () C:\Program Files\IDT
2014-06-08 11:35 - 2014-06-08 11:35 - 00000000 ____D () C:\SP57966
2014-06-08 11:34 - 2014-06-08 11:34 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2014-06-08 11:34 - 2010-12-01 00:35 - 00000000 ____D () C:\Program Files\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\ProgramData\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-08 11:33 - 2010-12-01 00:32 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-08 11:29 - 2010-12-09 19:17 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\hpqlog
2014-06-08 11:27 - 2014-06-08 11:27 - 00000000 ____D () C:\SP56163
2014-06-08 11:27 - 2014-06-08 11:25 - 00000554 _____ () C:\Windows\LkmdfCoInst.log
2014-06-08 11:27 - 2014-06-08 11:25 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-06-08 11:26 - 2014-06-08 11:25 - 00000000 ____D () C:\ProgramData\Logishrd
2014-06-08 11:26 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logitech
2014-06-08 11:25 - 2014-06-08 11:25 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-06-08 11:25 - 2014-06-08 11:25 - 00006519 _____ () C:\Windows\LDPINST.LOG
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Leadertech
2014-06-08 11:25 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logishrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-06-08 10:50 - 2014-06-08 10:50 - 01527104 _____ (LogMeIn, Inc.) C:\Users\BradfordC\Downloads\Support-LogMeInRescue.exe
2014-06-08 10:44 - 2010-12-12 13:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-08 01:13 - 2014-06-11 02:28 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-08 01:08 - 2014-06-11 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
 
Files to move or delete:
====================
C:\ProgramData\CARDFILE.EXE
 
 
Some content of TEMP:
====================
C:\Users\BradfordC\AppData\Local\Temp\Adobe ReaderUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\AdobeReaderSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ApnStub.exe
C:\Users\BradfordC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ct_2001.exe
C:\Users\BradfordC\AppData\Local\Temp\DeleteInstall.exe
C:\Users\BradfordC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppqbhkn.dll
C:\Users\BradfordC\AppData\Local\Temp\Extract.exe
C:\Users\BradfordC\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\BradfordC\AppData\Local\Temp\IeSearchProvider156376471028614233.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\LMkRstPt.exe
C:\Users\BradfordC\AppData\Local\Temp\MSN6649.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{7E826A71-D013-497A-B4F8-DCF0C96A2B69}.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{DB9B1E92-8C60-4C34-B39E-C8BA12DBECE2}.exe
C:\Users\BradfordC\AppData\Local\Temp\optprosetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00000.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00001.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00002.exe
C:\Users\BradfordC\AppData\Local\Temp\Resource.exe
C:\Users\BradfordC\AppData\Local\Temp\SCC.dll
C:\Users\BradfordC\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SP48482.exe
C:\Users\BradfordC\AppData\Local\Temp\sp50843.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP50948.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51096.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51592.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51650.exe
C:\Users\BradfordC\AppData\Local\Temp\sp52110.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52308.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52407.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52509.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52615.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52971.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53133.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53540.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53546.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53794.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53998.exe
C:\Users\BradfordC\AppData\Local\Temp\SP54001.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54373.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54620.exe
C:\Users\BradfordC\AppData\Local\Temp\SP55299.exe
C:\Users\BradfordC\AppData\Local\Temp\sp58915.exe
C:\Users\BradfordC\AppData\Local\Temp\sp64126.exe
C:\Users\BradfordC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\SymCCIS.dll
C:\Users\BradfordC\AppData\Local\Temp\uninst1.exe
C:\Users\BradfordC\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\BradfordC\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\BradfordC\AppData\Local\Temp\updater_uninstall.exe
C:\Users\BradfordC\AppData\Local\Temp\v-bates.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-06-08 15:03:03
Restore point made on: 2014-06-12 02:17:17
Restore point made on: 2014-06-14 03:19:33
Restore point made on: 2014-06-14 03:37:00
Restore point made on: 2014-06-16 16:23:05
Restore point made on: 2014-06-17 02:19:58
Restore point made on: 2014-06-17 13:57:51
Restore point made on: 2014-06-20 02:34:48
Restore point made on: 2014-06-24 02:27:44
Restore point made on: 2014-06-27 02:31:52
Restore point made on: 2014-07-01 02:26:36
Restore point made on: 2014-07-04 02:41:36
Restore point made on: 2014-07-06 05:28:32
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 5941.86 MB
Available physical RAM: 5099.93 MB
Total Pagefile: 5940.01 MB
Available Pagefile: 5098.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:269.76 GB) (Free:147.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:28.03 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (USB MEMORY) (Removable) (Total:0.48 GB) (Free:0.19 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DE1C2D32)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=28 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2014-06-28 13:24
 
==================== End Of Log ============================


#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 07 July 2014 - 08:52 AM

Hi,

The log show lot's of malware let's remove it and see if you can run programs after this...

Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
 

  • Attached File  fixlist.txt   7.79KB   5 downloads
  • Download the file above and save it to the flash drive as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)
  • On Vista or higher enter System Recovery Options like you did before.
    FRST_Fix.png
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

After the fix let the computer restart and boot to windows then try to download and execute the next task.


Step 2 - AdwCleaner Scan

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
    AdwCleaner_Clean.png
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Step 3 - Farbar Recovery Scan Tool (FRST)

  • Download FRST x64 and save it to the Desktop.
  • Execute FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.

 

Things I would like to see in your next reply:

  • The Fixlog.txt log
  • AdwCleaner log AdwCleaner[S0].txt
  • The FRST.txt and Addition.txt logs

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 07 July 2014 - 06:02 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by SYSTEM on MININT-U9PTM55 on 06-07-2014 19:31:04
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-23] (IDT, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-24] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\BradfordC\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\BradfordC\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\BradfordC\...\Run: [GoogleChromeAutoLaunch_E705B56914F1459D6A44922EDBC115DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\BradfordC\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-03-01] ()
HKU\BradfordC\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\Users\BradfordC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\BradfordC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} =>  No File
 
==================== Services (Whitelisted) =================
 
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S2 sKEjhLDk; C:\ProgramData\IQRnIJ\sKEjhLDk.exe [2318720 2014-07-06] (Acute Angle Solutions)
S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-06] (Symantec Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-06] ()
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; C:\Windows\System32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [61104 2014-06-05] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-06 19:30 - 2014-07-06 19:31 - 00000000 ____D () C:\FRST
2014-07-06 04:21 - 2014-07-06 04:21 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\Blasteroids
2014-07-06 04:04 - 2014-07-06 04:36 - 00000288 _____ () C:\Windows\Tasks\ArcadeParlor.job
2014-07-06 04:04 - 2014-07-06 04:04 - 00003184 _____ () C:\Windows\System32\Tasks\ArcadeParlor
2014-07-06 04:04 - 2014-07-06 04:04 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\ArcadeParlor
2014-07-06 04:03 - 2014-07-06 04:37 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-07-06 04:03 - 2014-07-06 04:17 - 00000460 ____H () C:\Windows\Tasks\Norton Security Scan for BradfordC.job
2014-07-06 04:03 - 2014-07-06 04:03 - 00003634 _____ () C:\Windows\System32\Tasks\Norton Security Scan for BradfordC
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\ProgramData\IQRnIJ
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-06 04:02 - 2014-07-06 04:17 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-07-06 04:02 - 2014-02-18 21:52 - 00159032 _____ (Microsoft Corporation) C:\Windows\System32\ATL90.dll
2014-07-06 04:01 - 2014-07-06 04:01 - 01990520 _____ (SafeInstall, LLC) C:\Users\BradfordC\Downloads\pidgin_installer.exe
2014-06-25 13:41 - 2014-06-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-25 13:41 - 2014-06-25 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 13:41 - 2014-05-12 03:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-06-25 13:41 - 2014-05-12 03:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-06-24 02:16 - 2014-06-24 02:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-14 03:40 - 2014-06-14 03:37 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 03:40 - 2014-06-14 03:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 03:37 - 2014-06-14 03:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:36 - 2014-06-14 03:36 - 00918952 _____ (Oracle Corporation) C:\Users\BradfordC\Downloads\JavaSetup7u60.com
2014-06-11 02:29 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-11 02:29 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-11 02:29 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-11 02:29 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-11 02:29 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-11 02:29 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-11 02:29 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-11 02:29 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-11 02:29 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-11 02:29 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-11 02:29 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-11 02:29 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-11 02:29 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-11 02:29 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 02:29 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-11 02:29 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-11 02:29 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-11 02:29 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 02:29 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-11 02:29 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-11 02:29 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-11 02:29 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 02:29 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-11 02:29 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 02:29 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 02:29 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 02:29 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-11 02:29 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 02:29 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 02:29 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 02:29 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-11 02:29 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 02:29 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 02:29 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-11 02:29 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-11 02:29 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 02:29 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 02:29 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 02:29 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 02:29 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 02:29 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 02:29 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-11 02:29 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 02:29 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 02:29 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 02:29 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-11 02:29 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 02:29 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-11 02:29 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 02:29 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 02:29 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-11 02:29 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 02:29 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-11 02:29 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 02:29 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-11 02:29 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-11 02:29 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-11 02:29 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-11 02:29 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-11 02:29 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-11 02:29 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 02:29 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 02:29 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 02:29 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 02:28 - 2014-06-08 01:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-11 02:28 - 2014-06-08 01:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\BradfordC\Documents\Smart PC Cleaner
2014-06-08 14:56 - 2014-07-06 05:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-08 14:01 - 2014-06-05 10:21 - 00061104 _____ (StdLib) C:\Windows\System32\Drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys
2014-06-08 13:17 - 2014-06-13 02:10 - 00122880 _____ () C:\Users\BradfordC\AppData\Local\ChromeHitoryDB
2014-06-08 13:00 - 2014-06-25 08:11 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-06-08 12:57 - 2014-07-06 15:17 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-06-08 12:57 - 2014-06-16 16:24 - 00000000 ____D () C:\Program Files\V-bates
2014-06-08 12:57 - 2014-06-08 12:57 - 01350935 _____ (Tailorsoft ) C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe
2014-06-08 12:57 - 2014-06-08 12:57 - 00003258 _____ () C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}
2014-06-08 12:57 - 2014-06-08 12:57 - 00000045 _____ () C:\user.js
2014-06-08 12:56 - 2014-06-08 16:35 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 12:56 - 2014-06-08 12:56 - 00004024 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-06-08 12:55 - 2014-06-08 12:55 - 00000000 _____ () C:\END
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Intel Corporation
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\QSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\DSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\AtStart.txt
2014-06-08 11:40 - 2014-06-08 11:40 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_01009.Wdf
2014-06-08 11:39 - 2014-06-08 11:39 - 00001400 _____ () C:\Windows\Synaptics.log
2014-06-08 11:35 - 2014-06-08 11:37 - 00000000 ____D () C:\Program Files\IDT
2014-06-08 11:35 - 2014-06-08 11:35 - 00000000 ____D () C:\SP57966
2014-06-08 11:35 - 2012-07-23 22:59 - 01988096 _____ (IDT, Inc.) C:\Windows\System32\stapo64.dll
2014-06-08 11:35 - 2012-07-23 22:59 - 00656896 ____N (IDT, Inc.) C:\Windows\System32\stapi64.dll
2014-06-08 11:35 - 2012-07-23 22:59 - 00540160 _____ (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2014-06-08 11:35 - 2012-07-23 22:59 - 00450048 _____ (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2014-06-08 11:34 - 2014-06-08 11:34 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\ProgramData\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-08 11:29 - 2010-02-25 13:51 - 01863680 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\BttnCmn.dll
2014-06-08 11:29 - 2010-02-25 11:20 - 01885488 _____ (Hewlett-Packard Company) C:\Windows\SysWOW64\BttnCmns.dll
2014-06-08 11:29 - 2010-02-25 11:18 - 01919968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wdfcoinstaller01005.dll
2014-06-08 11:29 - 2010-02-25 11:18 - 00018432 _____ (Hewlett-Packard Development Company, L.P.) C:\Windows\System32\Drivers\HpqKbFiltr.sys
2014-06-08 11:27 - 2014-06-08 11:27 - 00000000 ____D () C:\SP56163
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-06-08 11:25 - 2014-06-08 11:27 - 00000554 _____ () C:\Windows\LkmdfCoInst.log
2014-06-08 11:25 - 2014-06-08 11:27 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-08 11:25 - 2014-06-08 11:26 - 00000000 ____D () C:\ProgramData\Logishrd
2014-06-08 11:25 - 2014-06-08 11:25 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-06-08 11:25 - 2014-06-08 11:25 - 00006519 _____ () C:\Windows\LDPINST.LOG
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Leadertech
2014-06-08 11:24 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logitech
2014-06-08 11:24 - 2014-06-08 11:25 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logishrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-06-08 10:50 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\LogMeIn Rescue Applet
2014-06-08 10:50 - 2014-06-08 10:50 - 01527104 _____ (LogMeIn, Inc.) C:\Users\BradfordC\Downloads\Support-LogMeInRescue.exe
2014-06-08 10:44 - 2014-06-12 11:58 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-07-06 19:31 - 2014-07-06 19:30 - 00000000 ____D () C:\FRST
2014-07-06 15:19 - 2013-11-27 15:29 - 00000426 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-07-06 15:19 - 2010-12-01 00:34 - 02051207 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 15:19 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 15:19 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 15:18 - 2013-11-27 15:29 - 00002860 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-07-06 15:17 - 2014-06-08 12:57 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-07-06 15:17 - 2013-11-27 15:29 - 00016152 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2014-07-06 15:17 - 2012-02-22 17:00 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 15:17 - 2010-12-09 19:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-06 15:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 15:17 - 2009-07-13 20:51 - 00099235 _____ () C:\Windows\setupact.log
2014-07-06 14:39 - 2012-02-22 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 14:34 - 2012-10-30 12:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 14:29 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-06 13:57 - 2011-07-01 15:50 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E82ED17-C171-4C85-ADD5-C7A6E28F815F}
2014-07-06 05:28 - 2014-06-08 14:56 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-06 05:00 - 2010-12-01 00:38 - 00636550 _____ () C:\Windows\PFRO.log
2014-07-06 04:56 - 2010-12-10 12:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-06 04:37 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-07-06 04:36 - 2014-07-06 04:04 - 00000288 _____ () C:\Windows\Tasks\ArcadeParlor.job
2014-07-06 04:21 - 2014-07-06 04:21 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\Blasteroids
2014-07-06 04:17 - 2014-07-06 04:03 - 00000460 ____H () C:\Windows\Tasks\Norton Security Scan for BradfordC.job
2014-07-06 04:17 - 2014-07-06 04:02 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-07-06 04:17 - 2011-02-25 11:02 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForBradfordC.job
2014-07-06 04:16 - 2014-05-01 11:41 - 00000000 ___RD () C:\Users\BradfordC\Dropbox
2014-07-06 04:16 - 2010-12-10 19:03 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\ZumoDrive
2014-07-06 04:04 - 2014-07-06 04:04 - 00003184 _____ () C:\Windows\System32\Tasks\ArcadeParlor
2014-07-06 04:04 - 2014-07-06 04:04 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\ArcadeParlor
2014-07-06 04:03 - 2014-07-06 04:03 - 00003634 _____ () C:\Windows\System32\Tasks\Norton Security Scan for BradfordC
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\ProgramData\IQRnIJ
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-07-06 04:03 - 2010-12-01 00:57 - 00000000 ____D () C:\ProgramData\Norton
2014-07-06 04:01 - 2014-07-06 04:01 - 01990520 _____ (SafeInstall, LLC) C:\Users\BradfordC\Downloads\pidgin_installer.exe
2014-07-04 16:05 - 2010-12-10 18:32 - 00000000 ____D () C:\Users\BradfordC\Documents\Outlook Files
2014-07-04 08:02 - 2011-02-25 11:02 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBradfordC
2014-07-04 08:02 - 2010-12-24 05:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-04 08:01 - 2011-10-28 11:26 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-28 12:44 - 2013-03-03 11:21 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-06-28 06:22 - 2010-12-15 17:10 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\CrashDumps
2014-06-27 02:24 - 2011-01-14 11:37 - 00003226 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBRADFORDC-HP$
2014-06-27 02:24 - 2011-01-14 11:37 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForBRADFORDC-HP$.job
2014-06-25 13:41 - 2014-06-25 13:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-06-25 13:41 - 2014-06-25 13:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 13:41 - 2013-06-14 02:39 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 13:41 - 2011-10-10 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 13:41 - 2011-10-10 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 13:41 - 2011-03-21 18:10 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Malwarebytes
2014-06-25 08:14 - 2014-05-01 11:40 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\DropboxMaster
2014-06-25 08:14 - 2014-05-01 11:39 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Dropbox
2014-06-25 08:11 - 2014-06-08 13:00 - 00000000 ____D () C:\Program Files (x86)\Java Component Manager
2014-06-24 02:16 - 2014-06-24 02:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-24 02:16 - 2013-12-03 03:19 - 00050464 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2014-06-24 02:16 - 2013-12-03 03:19 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-23 02:38 - 2010-12-01 00:58 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-23 02:38 - 2010-12-01 00:58 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-18 16:34 - 2012-02-22 17:00 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 16:34 - 2012-02-22 17:00 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 13:59 - 2010-10-16 07:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-17 13:59 - 2010-10-16 07:22 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-06-17 13:59 - 2010-10-16 07:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-16 16:24 - 2014-06-08 12:57 - 00000000 ____D () C:\Program Files\V-bates
2014-06-16 16:21 - 2013-06-13 13:12 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-06-14 03:40 - 2013-10-18 11:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 03:37 - 2014-06-14 03:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 03:37 - 2014-06-14 03:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 03:37 - 2014-06-14 03:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:36 - 2014-06-14 03:36 - 00918952 _____ (Oracle Corporation) C:\Users\BradfordC\Downloads\JavaSetup7u60.com
2014-06-13 02:10 - 2014-06-08 13:17 - 00122880 _____ () C:\Users\BradfordC\AppData\Local\ChromeHitoryDB
2014-06-12 11:58 - 2014-06-08 10:44 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 02:25 - 2013-07-22 04:24 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-12 02:21 - 2011-01-06 13:21 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-12 02:18 - 2014-05-07 02:20 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-08 16:36 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2014-06-08 16:35 - 2014-06-08 12:56 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 15:02 - 2014-05-01 13:23 - 00000000 ____D () C:\ProgramData\Fighters
2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\BradfordC\Documents\Smart PC Cleaner
2014-06-08 14:09 - 2010-12-09 19:07 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\VirtualStore
2014-06-08 12:57 - 2014-06-08 12:57 - 01350935 _____ (Tailorsoft ) C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe
2014-06-08 12:57 - 2014-06-08 12:57 - 00003258 _____ () C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}
2014-06-08 12:57 - 2014-06-08 12:57 - 00000045 _____ () C:\user.js
2014-06-08 12:56 - 2014-06-08 12:56 - 00004024 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-06-08 12:55 - 2014-06-08 12:55 - 00000000 _____ () C:\END
2014-06-08 12:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-06-08 12:46 - 2014-05-01 11:41 - 00001033 _____ () C:\Users\BradfordC\Desktop\Dropbox.lnk
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Intel Corporation
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\QSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\DSwitch.txt
2014-06-08 12:43 - 2014-06-08 12:43 - 00000000 _____ () C:\Users\BradfordC\AppData\Local\AtStart.txt
2014-06-08 12:43 - 2014-06-08 10:50 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\LogMeIn Rescue Applet
2014-06-08 11:49 - 2010-10-16 07:16 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-06-08 11:49 - 2010-10-16 07:12 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-08 11:49 - 2010-10-16 07:12 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-08 11:48 - 2009-09-06 16:40 - 00000000 ____D () C:\SwSetup
2014-06-08 11:43 - 2010-12-01 00:32 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-08 11:40 - 2014-06-08 11:40 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_01009.Wdf
2014-06-08 11:40 - 2010-12-01 00:32 - 00240642 _____ () C:\Windows\DPINST.LOG
2014-06-08 11:39 - 2014-06-08 11:39 - 00001400 _____ () C:\Windows\Synaptics.log
2014-06-08 11:37 - 2014-06-08 11:35 - 00000000 ____D () C:\Program Files\IDT
2014-06-08 11:35 - 2014-06-08 11:35 - 00000000 ____D () C:\SP57966
2014-06-08 11:34 - 2014-06-08 11:34 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2014-06-08 11:34 - 2010-12-01 00:35 - 00000000 ____D () C:\Program Files\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\ProgramData\Intel
2014-06-08 11:33 - 2014-06-08 11:33 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-08 11:33 - 2010-12-01 00:32 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-08 11:29 - 2010-12-09 19:17 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\hpqlog
2014-06-08 11:27 - 2014-06-08 11:27 - 00000000 ____D () C:\SP56163
2014-06-08 11:27 - 2014-06-08 11:25 - 00000554 _____ () C:\Windows\LkmdfCoInst.log
2014-06-08 11:27 - 2014-06-08 11:25 - 00000000 ____D () C:\ProgramData\Logitech
2014-06-08 11:26 - 2014-06-08 11:26 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-06-08 11:26 - 2014-06-08 11:25 - 00000000 ____D () C:\ProgramData\Logishrd
2014-06-08 11:26 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logitech
2014-06-08 11:25 - 2014-06-08 11:25 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2014-06-08 11:25 - 2014-06-08 11:25 - 00006519 _____ () C:\Windows\LDPINST.LOG
2014-06-08 11:25 - 2014-06-08 11:25 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Leadertech
2014-06-08 11:25 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Users\BradfordC\AppData\Roaming\Logishrd
2014-06-08 11:24 - 2014-06-08 11:24 - 00000000 ____D () C:\Program Files\Logitech
2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Program Files\DIFX
2014-06-08 10:50 - 2014-06-08 10:50 - 01527104 _____ (LogMeIn, Inc.) C:\Users\BradfordC\Downloads\Support-LogMeInRescue.exe
2014-06-08 10:44 - 2010-12-12 13:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-08 01:13 - 2014-06-11 02:28 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-08 01:08 - 2014-06-11 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
 
Files to move or delete:
====================
C:\ProgramData\CARDFILE.EXE
 
 
Some content of TEMP:
====================
C:\Users\BradfordC\AppData\Local\Temp\Adobe ReaderUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\AdobeReaderSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ApnStub.exe
C:\Users\BradfordC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ct_2001.exe
C:\Users\BradfordC\AppData\Local\Temp\DeleteInstall.exe
C:\Users\BradfordC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppqbhkn.dll
C:\Users\BradfordC\AppData\Local\Temp\Extract.exe
C:\Users\BradfordC\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\BradfordC\AppData\Local\Temp\IeSearchProvider156376471028614233.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\LMkRstPt.exe
C:\Users\BradfordC\AppData\Local\Temp\MSN6649.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{7E826A71-D013-497A-B4F8-DCF0C96A2B69}.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{DB9B1E92-8C60-4C34-B39E-C8BA12DBECE2}.exe
C:\Users\BradfordC\AppData\Local\Temp\optprosetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00000.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00001.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00002.exe
C:\Users\BradfordC\AppData\Local\Temp\Resource.exe
C:\Users\BradfordC\AppData\Local\Temp\SCC.dll
C:\Users\BradfordC\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SP48482.exe
C:\Users\BradfordC\AppData\Local\Temp\sp50843.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP50948.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51096.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51592.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51650.exe
C:\Users\BradfordC\AppData\Local\Temp\sp52110.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52308.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52407.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52509.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52615.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52971.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53133.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53540.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53546.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53794.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53998.exe
C:\Users\BradfordC\AppData\Local\Temp\SP54001.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54373.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54620.exe
C:\Users\BradfordC\AppData\Local\Temp\SP55299.exe
C:\Users\BradfordC\AppData\Local\Temp\sp58915.exe
C:\Users\BradfordC\AppData\Local\Temp\sp64126.exe
C:\Users\BradfordC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\SymCCIS.dll
C:\Users\BradfordC\AppData\Local\Temp\uninst1.exe
C:\Users\BradfordC\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\BradfordC\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\BradfordC\AppData\Local\Temp\updater_uninstall.exe
C:\Users\BradfordC\AppData\Local\Temp\v-bates.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-06-08 15:03:03
Restore point made on: 2014-06-12 02:17:17
Restore point made on: 2014-06-14 03:19:33
Restore point made on: 2014-06-14 03:37:00
Restore point made on: 2014-06-16 16:23:05
Restore point made on: 2014-06-17 02:19:58
Restore point made on: 2014-06-17 13:57:51
Restore point made on: 2014-06-20 02:34:48
Restore point made on: 2014-06-24 02:27:44
Restore point made on: 2014-06-27 02:31:52
Restore point made on: 2014-07-01 02:26:36
Restore point made on: 2014-07-04 02:41:36
Restore point made on: 2014-07-06 05:28:32
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 5941.86 MB
Available physical RAM: 5099.93 MB
Total Pagefile: 5940.01 MB
Available Pagefile: 5098.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:269.76 GB) (Free:147.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:28.03 GB) (Free:4.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: (USB MEMORY) (Removable) (Total:0.48 GB) (Free:0.19 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DE1C2D32)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=28 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2014-06-28 13:24
 
==================== End Of Log ============================


#8 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 07 July 2014 - 06:06 PM

Unable to complete ADwcleaner scan on computer. Still can not connect to internet so I could not download to desktop. Tried to put on memory drive but will not recognize it.  Same error as previous where executables are *.lnk files. Noticed when I was in system recovery that there are restore points listed. Do you not recommend doing a restore?



#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 08 July 2014 - 08:04 AM

Unable to complete ADwcleaner scan on computer. Still can not connect to internet so I could not download to desktop. Tried to put on memory drive but will not recognize it.  Same error as previous where executables are *.lnk files. Noticed when I was in system recovery that there are restore points listed. Do you not recommend doing a restore?

 

Can you execute the Step 1 from my last post and post the resulting log?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#10 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 08 July 2014 - 10:16 AM

Yes, I ran it last night and posted it above.



#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 08 July 2014 - 01:01 PM

Yes, I ran it last night and posted it above.

 

Hi,

 

The log you posted is the same FRTS log!

 

If you saved the fixlist.txt the flash drive, run FRST64 and hit the fix button you should have now a new log on the flash drive called fixlog.txt it's this one I need to see.

 

By the way it seems you are not subscribed to this topic! In the upper right hand corner of the topic you will see a button called "Follow This Topic". I suggest you click on that button, and make sure a tick is in the "receive notifications" and is set to "Instantly". This way you will be notified by email when the "Reply to this topic" button is used to add a new reply to your topic.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 08 July 2014 - 04:57 PM

Sorry about that. Here is the fixlog.txt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by SYSTEM at 2014-07-07 18:51:51 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-24] ()
HKU\BradfordC\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
HKU\BradfordC\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
S2 sKEjhLDk; C:\ProgramData\IQRnIJ\sKEjhLDk.exe [2318720 2014-07-06] (Acute Angle Solutions)
S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-24] (AVG Secure Search)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; C:\Windows\System32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [61104 2014-06-05] (StdLib)
2014-07-06 04:21 - 2014-07-06 04:21 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\Blasteroids
2014-07-06 04:04 - 2014-07-06 04:36 - 00000288 _____ () C:\Windows\Tasks\ArcadeParlor.job
2014-07-06 04:04 - 2014-07-06 04:04 - 00003184 _____ () C:\Windows\System32\Tasks\ArcadeParlor
2014-07-06 04:04 - 2014-07-06 04:04 - 00000000 ____D () C:\Users\BradfordC\AppData\Local\ArcadeParlor
2014-07-06 04:03 - 2014-07-06 04:37 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-07-06 04:03 - 2014-07-06 04:17 - 00000460 ____H () C:\Windows\Tasks\Norton Security Scan for BradfordC.job
2014-07-06 04:03 - 2014-07-06 04:03 - 00003634 _____ () C:\Windows\System32\Tasks\Norton Security Scan for BradfordC
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\Windows\System32\Drivers\NSSx64
2014-07-06 04:03 - 2014-07-06 04:03 - 00000000 ____D () C:\ProgramData\IQRnIJ
2014-07-06 04:02 - 2014-07-06 04:17 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-06-24 02:16 - 2014-06-24 02:16 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-14 03:36 - 2014-06-14 03:36 - 00918952 _____ (Oracle Corporation) C:\Users\BradfordC\Downloads\JavaSetup7u60.com
2014-06-08 14:59 - 2014-06-08 14:59 - 00000000 ____D () C:\Users\BradfordC\Documents\Smart PC Cleaner
2014-06-08 14:56 - 2014-07-06 05:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-08 14:01 - 2014-06-05 10:21 - 00061104 _____ (StdLib) C:\Windows\System32\Drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys
2014-06-08 12:57 - 2014-07-06 15:17 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-06-08 12:57 - 2014-06-16 16:24 - 00000000 ____D () C:\Program Files\V-bates
2014-06-08 12:57 - 2014-06-08 12:57 - 01350935 _____ (Tailorsoft ) C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe
2014-06-08 12:57 - 2014-06-08 12:57 - 00003258 _____ () C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}
2014-06-08 12:57 - 2014-06-08 12:57 - 00000045 _____ () C:\user.js
2014-06-08 12:56 - 2014-06-08 16:35 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 12:56 - 2014-06-08 12:56 - 00004024 _____ () C:\Windows\System32\Tasks\TidyNetwork Update
2014-06-08 12:55 - 2014-06-08 12:55 - 00000000 _____ () C:\END
2014-07-06 15:19 - 2013-11-27 15:29 - 00000426 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-07-06 15:18 - 2013-11-27 15:29 - 00002860 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-07-06 15:17 - 2014-06-08 12:57 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job
2014-07-06 04:17 - 2014-07-06 04:02 - 00000000 ____D () C:\Program Files\PC Optimizer Pro
2014-06-24 02:16 - 2013-12-03 03:19 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-16 16:24 - 2014-06-08 12:57 - 00000000 ____D () C:\Program Files\V-bates
2014-06-08 16:35 - 2014-06-08 12:56 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 15:02 - 2014-05-01 13:23 - 00000000 ____D () C:\ProgramData\Fighters
C:\ProgramData\CARDFILE.EXE
C:\Users\BradfordC\AppData\Local\Temp\Adobe ReaderUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\AdobeReaderSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ApnStub.exe
C:\Users\BradfordC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ct_2001.exe
C:\Users\BradfordC\AppData\Local\Temp\DeleteInstall.exe
C:\Users\BradfordC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppqbhkn.dll
C:\Users\BradfordC\AppData\Local\Temp\Extract.exe
C:\Users\BradfordC\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\BradfordC\AppData\Local\Temp\IeSearchProvider156376471028614233.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\BradfordC\AppData\Local\Temp\LMkRstPt.exe
C:\Users\BradfordC\AppData\Local\Temp\MSN6649.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{7E826A71-D013-497A-B4F8-DCF0C96A2B69}.exe
C:\Users\BradfordC\AppData\Local\Temp\oi_{DB9B1E92-8C60-4C34-B39E-C8BA12DBECE2}.exe
C:\Users\BradfordC\AppData\Local\Temp\optprosetup.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00000.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00001.exe
C:\Users\BradfordC\AppData\Local\Temp\ose00002.exe
C:\Users\BradfordC\AppData\Local\Temp\Resource.exe
C:\Users\BradfordC\AppData\Local\Temp\SCC.dll
C:\Users\BradfordC\AppData\Local\Temp\setup_v3.0.5517.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SkypeUpdateSetup.exe
C:\Users\BradfordC\AppData\Local\Temp\SP48482.exe
C:\Users\BradfordC\AppData\Local\Temp\sp50843.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP50948.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51096.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51592.exe
C:\Users\BradfordC\AppData\Local\Temp\SP51650.exe
C:\Users\BradfordC\AppData\Local\Temp\sp52110.exe.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52308.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52407.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52509.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52615.exe
C:\Users\BradfordC\AppData\Local\Temp\SP52971.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53133.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53540.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53546.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53794.exe
C:\Users\BradfordC\AppData\Local\Temp\SP53998.exe
C:\Users\BradfordC\AppData\Local\Temp\SP54001.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54373.exe
C:\Users\BradfordC\AppData\Local\Temp\sp54620.exe
C:\Users\BradfordC\AppData\Local\Temp\SP55299.exe
C:\Users\BradfordC\AppData\Local\Temp\sp58915.exe
C:\Users\BradfordC\AppData\Local\Temp\sp64126.exe
C:\Users\BradfordC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\BradfordC\AppData\Local\Temp\SymCCIS.dll
C:\Users\BradfordC\AppData\Local\Temp\uninst1.exe
C:\Users\BradfordC\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\BradfordC\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\BradfordC\AppData\Local\Temp\updater_uninstall.exe
C:\Users\BradfordC\AppData\Local\Temp\v-bates.exe
C:\Program Files (x86)\Driver Restore
C:\PROGRA~2\SearchProtect\
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKU\BradfordC\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Restore => value deleted successfully.
HKU\BradfordC\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
sKEjhLDk => Service deleted successfully.
vToolbarUpdater18.1.7 => Service deleted successfully.
BrowserDefendert => Service deleted successfully.
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64 => Service deleted successfully.
C:\Users\BradfordC\AppData\Local\Blasteroids => Moved successfully.
C:\Windows\Tasks\ArcadeParlor.job => Moved successfully.
C:\Windows\System32\Tasks\ArcadeParlor => Moved successfully.
C:\Users\BradfordC\AppData\Local\ArcadeParlor => Moved successfully.
C:\Program Files (x86)\Itibiti Soft Phone => Moved successfully.
C:\Windows\Tasks\Norton Security Scan for BradfordC.job => Moved successfully.
C:\Windows\System32\Tasks\Norton Security Scan for BradfordC => Moved successfully.
C:\Windows\System32\Drivers\NSSx64 => Moved successfully.
C:\ProgramData\IQRnIJ => Moved successfully.
C:\Program Files\PC Optimizer Pro => Moved successfully.
C:\ProgramData\AVG Secure Search => Moved successfully.
C:\Users\BradfordC\Downloads\JavaSetup7u60.com => Moved successfully.
C:\Users\BradfordC\Documents\Smart PC Cleaner => Moved successfully.
C:\Windows\SysWOW64\AI_RecycleBin => Moved successfully.
C:\Windows\System32\Drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys => Moved successfully.
C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job => Moved successfully.
C:\Program Files\V-bates => Moved successfully.
C:\Users\BradfordC\Downloads\Java-2-Update5232014.exe => Moved successfully.
C:\Windows\System32\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67} => Moved successfully.
C:\user.js => Moved successfully.
C:\Program Files (x86)\TidyNetwork => Moved successfully.
C:\Windows\System32\Tasks\TidyNetwork Update => Moved successfully.
C:\END => Moved successfully.
C:\Windows\Tasks\DriverUpdate Startup.job => Moved successfully.
C:\Windows\System32\Tasks\DriverUpdate Startup => Moved successfully.
"C:\Windows\Tasks\FF Watcher {8304BCD5-3A9A-4CC5-9E8E-86FD3C813A67}.job" => File/Directory not found.
"C:\Program Files\PC Optimizer Pro" => File/Directory not found.
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
"C:\Program Files\V-bates" => File/Directory not found.
"C:\Program Files (x86)\TidyNetwork" => File/Directory not found.
C:\ProgramData\Fighters => Moved successfully.
C:\ProgramData\CARDFILE.EXE => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\Adobe ReaderUpdateSetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\AdobeReaderSetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\ct_2001.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\DeleteInstall.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppqbhkn.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\IeSearchProvider156376471028614233.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\MSN6649.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\oi_{7E826A71-D013-497A-B4F8-DCF0C96A2B69}.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\oi_{DB9B1E92-8C60-4C34-B39E-C8BA12DBECE2}.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\ose00001.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\ose00002.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\Resource.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SCC.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\setup_v3.0.5517.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SkypeUpdateSetup.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP48482.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp50843.exe.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP50948.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP51096.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP51592.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP51650.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp52110.exe.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP52308.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP52407.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP52509.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP52615.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP52971.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP53133.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP53540.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP53546.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP53794.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP53998.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP54001.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp54373.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp54620.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SP55299.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\SymCCIS.dll => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\updater_uninstall.exe => Moved successfully.
C:\Users\BradfordC\AppData\Local\Temp\v-bates.exe => Moved successfully.
C:\Program Files (x86)\Driver Restore => Moved successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
 
==== End of Fixlog ====


#13 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 08 July 2014 - 05:12 PM

Hi,

 

The fix went well thanks for the log. Let's see if we can resolve that problem executing programs because there is some more work to do.

  • Please download Attached File  fix_exe_hijack.zip   383bytes   2 downloads and extract it to the flash drive
  • after extraction the flash drive will have a new file called fix_exe_hijack.inf
  • insert the flash drive on the infected computer
  • right click on the fix_exe_hijack.inf file and click install

After the steps above can you run Rkill and post the log it creates?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#14 patsfan

patsfan
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 08 July 2014 - 07:15 PM

Downloaded fix_exe_hijack.zip to floppy and extracted it, which resulted in fix_exe_hijack.inf. Problem is when I view it on infected computer install is not an option. It changes the properties of the file to display as and internet explorer file and changes it to file type LNK File (.lnk). Very frustrating! On the infected computer only. If I view it on a non-infected computer the properties of the file display properly.



#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:58 AM

Posted 09 July 2014 - 03:43 AM

Hi,

 

Downloaded fix_exe_hijack.zip to floppy and extracted it, which resulted in fix_exe_hijack.inf. Problem is when I view it on infected computer install is not an option. It changes the properties of the file to display as and internet explorer file and changes it to file type LNK File (.lnk). Very frustrating! On the infected computer only. If I view it on a non-infected computer the properties of the file display properly.

 

- When you put the floppy back to the non-infected computer can you see the .inf file again?

- Please try to boot in Safe Mode with Command Prompt and let me know if you can access the command prompt


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users