Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.OptionalSearch Protect.A


  • This topic is locked This topic is locked
20 replies to this topic

#1 tweist73

tweist73

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 09 July 2014 - 11:48 AM

Please help!!

 

I know I am infected with PUP.OptionalSearch Protect.A.  I have MalwareBytes and it keeps finding it.  I always quarantine it and it is always there every time I rerun the scan.  I am running Windowd 8.  I tried to run the DDS program and could not get it to run.

 

Please advise.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 13 July 2014 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These tool are compatible with Windows 8.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 13 July 2014 - 10:12 AM

# AdwCleaner v3.215 - Report created 13/07/2014 at 11:02:30
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\e48fdbe739e444
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\B01F3F08771A494439EC8990D0180939
Key Deleted : HKLM\Software\Classes\Installer\Products\B01F3F08771A494439EC8990D0180939
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=sister+act+&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.ucc.org/search-results.html?cx=004140695161086210870%3Aqbbk4dptm5e&cof=FORID%3A9&ie=UTF-8&q={searchTerms}
Deleted [Search Provider] : hxxp://www.therestaurantstore.com/search-results.html?searchval={searchTerms}&x=46&y=12
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=0&itype=n&ver=13001&tm=402&src=ds&p={searchTerms}
Deleted [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2838 octets] - [13/07/2014 11:02:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2898 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Tammy (administrator) on WINDOWS-DGD8MDM on 13-07-2014 11:07:34
Running from C:\Users\Tammy\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-09-07] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-13] (cyberlink)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4270640 2013-03-24] ()
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [ManicTime] => C:\Program Files (x86)\ManicTime\ManicTime.exe [250120 2013-10-09] (Finkit d.o.o.)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1440536076-1511812993-108412173-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-1440536076-1511812993-108412173-1003\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tammy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BE8E2A49-F7C8-4E2A-87B6-47D3B06F803F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{698A8323-41CD-4C4A-AD4F-6661FDB1EC60}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{7CD9A3EE-3119-4527-8EED-0BB4EEAF9E2C}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{9A41BAF1-3229-4F3A-84B8-58C9074A012D}: [NameServer]208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{F5B87417-01B6-4A9E-A5F9-F09347640B25}: [NameServer]208.69.150.252,208.69.150.250
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\Tammy\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-18]
CHR Extension: (Google Drive) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-18]
CHR Extension: (Google Search) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-18]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-18]
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-23] (BitRaider, LLC)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-09] (SurfRight B.V.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-05-29] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [189248 2014-05-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64; C:\ProgramData\bitraider\BRDriver64.sys [75048 2014-01-23] (BitRaider)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-07-13] ()
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-02] (Atheros)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-24] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-02] (Qualcomm Atheros Communications Inc.) [File not signed]
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-09] ()
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-13 11:07 - 2014-07-13 11:08 - 00024182 _____ () C:\Users\Tammy\Desktop\FRST.txt
2014-07-13 11:07 - 2014-07-13 11:07 - 00000000 ____D () C:\FRST
2014-07-13 11:06 - 2014-07-13 11:06 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-07-13 11:05 - 2014-07-13 11:05 - 02086912 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2014-07-13 10:43 - 2014-07-13 10:53 - 00000000 ____D () C:\Users\Tammy\Desktop\PC
2014-07-11 15:17 - 2014-07-11 15:17 - 01035696 _____ (Ask.com) C:\Users\Tammy\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe
2014-07-11 14:20 - 2014-07-11 14:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-11 14:20 - 2014-07-11 14:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-11 14:19 - 2014-07-13 11:03 - 00009786 _____ () C:\WINDOWS\PFRO.log
2014-07-11 14:18 - 2014-07-11 14:18 - 00000000 _____ () C:\asc_rdflag
2014-07-10 15:17 - 2014-07-10 15:17 - 04978786 _____ () C:\Users\Tammy\Downloads\launcher^FTB_Launcher.exe
2014-07-10 04:00 - 2014-07-10 04:00 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-09 12:44 - 2014-07-13 10:54 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2014-07-09 12:43 - 2014-07-09 12:43 - 00020582 _____ () C:\Users\Tammy\Desktop\dds.com
2014-07-09 12:42 - 2014-07-09 12:42 - 00688992 _____ (Swearware) C:\Users\Tammy\Downloads\dds.com
2014-07-09 12:06 - 2014-07-09 12:06 - 05216105 _____ (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-09 09:53 - 2014-07-09 09:53 - 01348263 _____ () C:\Users\Tammy\Downloads\AdwCleaner.exe
2014-07-09 09:46 - 2014-07-09 09:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 09:45 - 2014-07-09 09:45 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-09 09:33 - 2014-07-09 09:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:31 - 2014-07-09 09:45 - 00000000 ____D () C:\Users\Tammy\Desktop\mbar
2014-07-09 09:31 - 2014-07-09 09:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tammy\Downloads\mbar-1.07.0.1012.exe
2014-07-09 08:57 - 2014-07-09 08:57 - 04766808 _____ () C:\Users\Tammy\Downloads\RogueKiller.exe
2014-07-09 08:57 - 2014-07-09 08:57 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-07-09 08:57 - 2014-07-09 08:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-09 08:55 - 2014-07-09 08:55 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-07-09 08:54 - 2014-07-09 08:54 - 00000938 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000938 _____ () C:\Users\Tammy\Desktop\NTREGOPT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000919 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000919 _____ () C:\Users\Tammy\Desktop\ERUNT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-09 08:53 - 2014-07-09 08:53 - 00791393 _____ (Lars Hederer ) C:\Users\Tammy\Downloads\erunt-setup.exe
2014-07-09 08:21 - 2014-07-13 11:02 - 00000000 ____D () C:\AdwCleaner
2014-07-09 08:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-09 08:19 - 2014-07-09 08:19 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\WINDOWS\pss
2014-07-09 00:38 - 2014-07-09 00:38 - 00003039 _____ () C:\Users\Tammy\Desktop\HiJackThis.lnk
2014-07-09 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-09 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-09 00:35 - 2014-07-09 00:35 - 01402880 _____ () C:\Users\Tammy\Downloads\HijackThis.msi
2014-07-09 00:28 - 2014-07-08 23:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:28 - 2014-07-08 23:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 00:23 - 2014-07-09 00:23 - 00039070 _____ () C:\WINDOWS\system32\.crusader
2014-07-09 00:19 - 2014-07-09 00:19 - 00002066 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-09 00:19 - 2014-07-09 00:19 - 00002064 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-09 00:19 - 2014-07-09 00:19 - 00002054 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-09 00:12 - 2014-07-09 00:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-09 00:12 - 2014-07-09 00:12 - 00001907 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-09 00:12 - 2014-07-09 00:12 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-09 00:11 - 2014-07-09 00:12 - 11185664 _____ (SurfRight B.V.) C:\Users\Tammy\Downloads\HitmanPro_x64.exe
2014-07-08 23:52 - 2014-07-08 23:52 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 23:52 - 2014-07-08 23:52 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 23:51 - 2014-07-08 23:51 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 23:50 - 2014-07-08 23:50 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 23:50 - 2014-07-08 23:50 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 23:50 - 2014-07-08 23:50 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 23:49 - 2014-07-08 23:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 23:49 - 2014-07-08 23:49 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-08 23:49 - 2014-07-08 23:49 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-08 23:48 - 2014-07-08 23:48 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 23:48 - 2014-07-08 23:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 23:48 - 2014-07-08 23:48 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-08 23:47 - 2014-07-08 23:47 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 23:46 - 2014-07-08 23:46 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-08 23:32 - 2014-07-10 21:01 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 23:31 - 2014-07-09 09:32 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-08 23:31 - 2014-07-08 23:31 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 23:31 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-08 23:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-08 23:30 - 2014-07-08 23:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-08 23:27 - 2014-07-08 23:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-08 23:26 - 2014-07-08 23:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-08 15:45 - 2014-07-08 23:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 08:50 - 2014-07-03 08:50 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-30 19:14 - 2014-07-11 14:19 - 81002496 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-06-30 19:14 - 2014-07-11 14:19 - 00704512 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-06-30 19:14 - 2014-07-11 14:19 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-06-30 19:14 - 2014-07-11 14:19 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-06-28 11:35 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Tammy\Downloads\pax2014
2014-06-26 12:15 - 2014-06-26 12:15 - 00008359 _____ () C:\Users\Tammy\Downloads\contacts-export.csv
2014-06-26 11:35 - 2014-06-26 11:35 - 00002553 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-06-26 11:35 - 2014-06-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-06-26 11:34 - 2014-06-26 11:34 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-06-26 11:33 - 2014-06-26 11:34 - 86995808 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Tammy\Downloads\Evernote_5.4.1.3962.exe
2014-06-26 11:23 - 2014-06-26 11:23 - 00005718 _____ () C:\Users\Tammy\Downloads\Newsletters and Announcements.ics
2014-06-23 20:16 - 2014-06-23 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-23 20:16 - 2014-06-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-23 20:15 - 2014-06-23 20:15 - 00918952 _____ (Oracle Corporation) C:\Users\Tammy\Downloads\chromeinstall-7u60.exe
2014-06-23 20:15 - 2014-06-23 20:15 - 00918952 _____ (Oracle Corporation) C:\Users\Tammy\Downloads\chromeinstall-7u60 (1).exe
2014-06-23 20:05 - 2014-06-23 20:05 - 00011358 _____ () C:\Users\Tammy\Downloads\expense_worksheet_year_blank.xlsx
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-06-17 14:36 - 2014-06-17 14:36 - 05640013 _____ () C:\Users\Tammy\Downloads\IMG_0337 (1).MOV
2014-06-17 14:35 - 2014-06-17 14:35 - 05640013 _____ () C:\Users\Tammy\Downloads\IMG_0337.MOV
2014-06-16 16:38 - 2014-06-16 16:40 - 00101624 _____ () C:\Users\Tammy\Downloads\image.jpeg
 
==================== One Month Modified Files and Folders =======
 
2014-07-13 11:08 - 2014-07-13 11:07 - 00024182 _____ () C:\Users\Tammy\Desktop\FRST.txt
2014-07-13 11:07 - 2014-07-13 11:07 - 00000000 ____D () C:\FRST
2014-07-13 11:06 - 2014-07-13 11:06 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-07-13 11:06 - 2013-03-24 19:02 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-13 11:06 - 2013-03-18 14:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 11:05 - 2014-07-13 11:05 - 02086912 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2014-07-13 11:05 - 2014-05-14 10:01 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\DropboxMaster
2014-07-13 11:05 - 2014-01-15 14:28 - 00000000 ___RD () C:\Users\Tammy\Google Drive
2014-07-13 11:05 - 2013-11-16 22:05 - 00000000 ___DO () C:\Users\Tammy\SkyDrive
2014-07-13 11:05 - 2013-11-16 21:42 - 01400470 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-13 11:05 - 2013-09-25 22:05 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Skype
2014-07-13 11:05 - 2013-08-28 19:25 - 00000000 ___RD () C:\Users\Tammy\Dropbox
2014-07-13 11:05 - 2013-03-20 20:04 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Dropbox
2014-07-13 11:05 - 2013-03-18 14:23 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 11:04 - 2014-01-22 18:13 - 00001024 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-13 11:04 - 2014-01-22 18:13 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-13 11:04 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-13 11:03 - 2014-07-11 14:19 - 00009786 _____ () C:\WINDOWS\PFRO.log
2014-07-13 11:03 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-13 11:02 - 2014-07-09 08:21 - 00000000 ____D () C:\AdwCleaner
2014-07-13 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-13 10:55 - 2013-11-27 23:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{133918A8-5889-4FFA-929A-7D446B41193A}
2014-07-13 10:54 - 2014-07-09 12:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2014-07-13 10:53 - 2014-07-13 10:43 - 00000000 ____D () C:\Users\Tammy\Desktop\PC
2014-07-13 10:51 - 2013-08-05 17:49 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\vlc
2014-07-13 10:19 - 2013-03-18 14:23 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 10:04 - 2013-09-22 14:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-13 08:22 - 2013-03-18 14:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-13 05:24 - 2013-03-18 14:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1440536076-1511812993-108412173-1002
2014-07-12 17:17 - 2013-04-09 22:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-12 17:17 - 2013-04-09 22:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 15:10 - 2014-05-24 20:42 - 00000000 ____D () C:\Users\Tammy\AppData\Local\ftblauncher
2014-07-11 15:17 - 2014-07-11 15:17 - 01035696 _____ (Ask.com) C:\Users\Tammy\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe
2014-07-11 14:20 - 2014-07-11 14:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-11 14:20 - 2014-07-11 14:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-11 14:20 - 2013-10-06 17:47 - 00066048 ___SH () C:\Users\Tammy\Desktop\Thumbs.db
2014-07-11 14:19 - 2014-06-30 19:14 - 81002496 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-11 14:19 - 2014-06-30 19:14 - 00704512 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-11 14:19 - 2014-06-30 19:14 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-11 14:19 - 2014-06-30 19:14 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-11 14:19 - 2013-11-16 21:47 - 00000000 ____D () C:\Users\Tammy
2014-07-11 14:18 - 2014-07-11 14:18 - 00000000 _____ () C:\asc_rdflag
2014-07-11 14:18 - 2014-06-11 20:39 - 00000274 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Tammy.job
2014-07-11 14:17 - 2014-06-11 20:39 - 00002235 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-11 14:17 - 2013-07-30 22:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-11 14:17 - 2013-04-11 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-07-11 06:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-10 21:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-07-10 21:01 - 2014-07-08 23:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 15:18 - 2013-11-24 23:43 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\ftblauncher
2014-07-10 15:17 - 2014-07-10 15:17 - 04978786 _____ () C:\Users\Tammy\Downloads\launcher^FTB_Launcher.exe
2014-07-10 04:03 - 2013-08-14 03:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 04:02 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 04:02 - 2013-03-19 03:07 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 04:00 - 2014-07-10 04:00 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-09 12:43 - 2014-07-09 12:43 - 00020582 _____ () C:\Users\Tammy\Desktop\dds.com
2014-07-09 12:42 - 2014-07-09 12:42 - 00688992 _____ (Swearware) C:\Users\Tammy\Downloads\dds.com
2014-07-09 12:06 - 2014-07-09 12:06 - 05216105 _____ (Swearware) C:\Users\Tammy\Downloads\ComboFix.exe
2014-07-09 09:53 - 2014-07-09 09:53 - 01348263 _____ () C:\Users\Tammy\Downloads\AdwCleaner.exe
2014-07-09 09:46 - 2014-07-09 09:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 09:45 - 2014-07-09 09:45 - 01016261 _____ (Thisisu) C:\Users\Tammy\Downloads\JRT.exe
2014-07-09 09:45 - 2014-07-09 09:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:45 - 2014-07-09 09:31 - 00000000 ____D () C:\Users\Tammy\Desktop\mbar
2014-07-09 09:32 - 2014-07-08 23:31 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-09 09:31 - 2014-07-09 09:31 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Tammy\Downloads\mbar-1.07.0.1012.exe
2014-07-09 08:57 - 2014-07-09 08:57 - 04766808 _____ () C:\Users\Tammy\Downloads\RogueKiller.exe
2014-07-09 08:57 - 2014-07-09 08:57 - 00029160 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-07-09 08:57 - 2014-07-09 08:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-09 08:55 - 2014-07-09 08:55 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-07-09 08:54 - 2014-07-09 08:54 - 00000938 _____ () C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000938 _____ () C:\Users\Tammy\Desktop\NTREGOPT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000919 _____ () C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000919 _____ () C:\Users\Tammy\Desktop\ERUNT.lnk
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-09 08:54 - 2014-07-09 08:54 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-09 08:53 - 2014-07-09 08:53 - 00791393 _____ (Lars Hederer ) C:\Users\Tammy\Downloads\erunt-setup.exe
2014-07-09 08:19 - 2014-07-09 08:19 - 01348263 _____ () C:\Users\Tammy\Downloads\adwcleaner_3.215.exe
2014-07-09 07:50 - 2014-07-09 07:50 - 00000000 ____D () C:\WINDOWS\pss
2014-07-09 01:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-09 00:38 - 2014-07-09 00:38 - 00003039 _____ () C:\Users\Tammy\Desktop\HiJackThis.lnk
2014-07-09 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-09 00:38 - 2014-07-09 00:38 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-09 00:35 - 2014-07-09 00:35 - 01402880 _____ () C:\Users\Tammy\Downloads\HijackThis.msi
2014-07-09 00:31 - 2014-07-09 00:12 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-09 00:27 - 2013-08-22 10:44 - 05108688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 00:24 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 00:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 00:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 00:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 00:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 00:23 - 2014-07-09 00:23 - 00039070 _____ () C:\WINDOWS\system32\.crusader
2014-07-09 00:19 - 2014-07-09 00:19 - 00002066 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-09 00:19 - 2014-07-09 00:19 - 00002064 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-09 00:19 - 2014-07-09 00:19 - 00002054 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-09 00:19 - 2014-01-15 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-09 00:12 - 2014-07-09 00:12 - 00001907 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-09 00:12 - 2014-07-09 00:12 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-09 00:12 - 2014-07-09 00:11 - 11185664 _____ (SurfRight B.V.) C:\Users\Tammy\Downloads\HitmanPro_x64.exe
2014-07-09 00:05 - 2013-09-22 14:29 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 23:52 - 2014-07-09 00:28 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-08 23:52 - 2014-07-09 00:28 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 23:52 - 2014-07-08 23:52 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 23:52 - 2014-07-08 23:52 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 23:52 - 2014-07-08 23:52 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 23:52 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-08 23:51 - 2014-07-08 23:51 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 23:51 - 2014-07-08 23:51 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 23:51 - 2014-07-08 23:51 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 23:50 - 2014-07-08 23:50 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 23:50 - 2014-07-08 23:50 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 23:50 - 2014-07-08 23:50 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 23:49 - 2014-07-08 23:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 23:49 - 2014-07-08 23:49 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-08 23:49 - 2014-07-08 23:49 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-08 23:49 - 2014-07-08 23:49 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 23:49 - 2014-07-08 23:49 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-08 23:49 - 2014-07-08 23:49 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-08 23:48 - 2014-07-08 23:48 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 23:48 - 2014-07-08 23:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 23:48 - 2014-07-08 23:48 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-08 23:47 - 2014-07-08 23:47 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 23:46 - 2014-07-08 23:46 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-08 23:45 - 2014-07-08 23:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-08 23:44 - 2013-08-07 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-07-08 23:31 - 2014-07-08 23:31 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 23:31 - 2014-07-08 23:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-07-08 23:31 - 2014-07-08 15:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 23:30 - 2014-06-11 20:39 - 00000310 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-08 23:28 - 2014-06-11 20:39 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-08 23:27 - 2014-07-08 23:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-07-08 23:27 - 2014-07-08 23:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-08 23:18 - 2014-06-11 20:40 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\ProductData
2014-07-08 23:18 - 2014-06-11 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-07-08 23:18 - 2014-06-10 18:35 - 00000000 ____D () C:\Users\Tammy\Downloads\Monster
2014-07-08 23:18 - 2014-05-24 22:09 - 00000000 ____D () C:\Users\Tammy\Downloads\Direwolf20_1_6_4
2014-07-08 23:18 - 2013-08-07 08:33 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Malwarebytes
2014-07-08 23:18 - 2013-08-07 08:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 23:18 - 2013-03-18 15:02 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-07-08 23:18 - 2013-03-18 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 23:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-07-08 23:13 - 2013-05-22 15:17 - 00000000 ____D () C:\ProgramData\IObit
2014-07-03 14:23 - 2013-08-28 09:50 - 00004986 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WINDOWS-DGD8MDM-Tammy WINDOWS-DGD8MDM
2014-07-03 08:50 - 2014-07-03 08:50 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-03 08:50 - 2014-03-31 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-02 01:04 - 2013-03-18 21:10 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\TS3Client
2014-06-28 15:21 - 2013-09-30 00:04 - 00876144 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-28 11:35 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Tammy\Downloads\pax2014
2014-06-26 12:15 - 2014-06-26 12:15 - 00008359 _____ () C:\Users\Tammy\Downloads\contacts-export.csv
2014-06-26 11:35 - 2014-06-26 11:35 - 00002553 _____ () C:\Users\Public\Desktop\Evernote.lnk
2014-06-26 11:35 - 2014-06-26 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-06-26 11:34 - 2014-06-26 11:34 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-06-26 11:34 - 2014-06-26 11:33 - 86995808 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Tammy\Downloads\Evernote_5.4.1.3962.exe
2014-06-26 11:23 - 2014-06-26 11:23 - 00005718 _____ () C:\Users\Tammy\Downloads\Newsletters and Announcements.ics
2014-06-24 23:23 - 2013-03-18 14:59 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-23 20:18 - 2013-03-18 14:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Packages
2014-06-23 20:17 - 2013-11-04 19:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-23 20:16 - 2014-06-23 20:16 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-23 20:16 - 2014-06-23 20:16 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-23 20:16 - 2014-06-23 20:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-23 20:15 - 2014-06-23 20:15 - 00918952 _____ (Oracle Corporation) C:\Users\Tammy\Downloads\chromeinstall-7u60.exe
2014-06-23 20:15 - 2014-06-23 20:15 - 00918952 _____ (Oracle Corporation) C:\Users\Tammy\Downloads\chromeinstall-7u60 (1).exe
2014-06-23 20:05 - 2014-06-23 20:05 - 00011358 _____ () C:\Users\Tammy\Downloads\expense_worksheet_year_blank.xlsx
2014-06-18 05:14 - 2013-03-18 14:23 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 05:14 - 2013-03-18 14:23 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2014-06-17 14:36 - 2014-06-17 14:36 - 05640013 _____ () C:\Users\Tammy\Downloads\IMG_0337 (1).MOV
2014-06-17 14:35 - 2014-06-17 14:35 - 05640013 _____ () C:\Users\Tammy\Downloads\IMG_0337.MOV
2014-06-16 16:40 - 2014-06-16 16:38 - 00101624 _____ () C:\Users\Tammy\Downloads\image.jpeg
2014-06-15 20:52 - 2014-03-03 12:21 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\XBMC
 
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppg9m50.dll
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-11 15:09
 
==================== End Of Log ============================
 
 


#4 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 13 July 2014 - 10:14 AM

Attached File  Addition.txt   52.18KB   1 downloads



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 13 July 2014 - 01:06 PM

]Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN25253374231688614&UM=2&UP=SP0F10483D-E5A2-48B8-AC6D-A3755DB2A400&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN25253374231688614&UM=2&UP=SP0F10483D-E5A2-48B8-AC6D-A3755DB2A400&SSPV=
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Task: {8FE1F3E9-AD00-4C21-A134-C607317786B7} - \DSite No Task File <==== ATTENTION
Task: {D0B8BF11-462C-4F39-90D4-7B27888FD020} - \YourFile DownloaderUpdate No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#6 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 13 July 2014 - 01:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by Tammy at 2014-07-13 14:15:59 Run:1
Running from C:\Users\Tammy\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-08-05]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Task: {8FE1F3E9-AD00-4C21-A134-C607317786B7} - \DSite No Task File <==== ATTENTION
Task: {D0B8BF11-462C-4F39-90D4-7B27888FD020} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
 
End
*****************
 
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCU\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe' => Key deleted successfully.
C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe' => Key deleted successfully.
"C:\Users\Tammy\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx" => File/Directory not found.
nvvad_WaveExtensible => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FE1F3E9-AD00-4C21-A134-C607317786B7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FE1F3E9-AD00-4C21-A134-C607317786B7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0B8BF11-462C-4F39-90D4-7B27888FD020}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0B8BF11-462C-4F39-90D4-7B27888FD020}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate' => Key deleted successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Windows Defender                  
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.145  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#7 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 13 July 2014 - 01:38 PM

Malwarebytes still finds the PUP.OptionalSearch Protect.A
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/13/2014
Scan Time: 2:28:10 PM
Logfile: malwarebytes 7-13-14-2-37pm.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.13.05
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338317
Time Elapsed: 8 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1440536076-1511812993-108412173-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [30d9b4eb512a83b3d5e8c19024dece32], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 14 July 2014 - 07:10 AM


The important key was removed by the AdwCleaner tool.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}' => Key deleted successfully.


The key HKU\S-1-5-21... references the HKCU key that was remove by the tool.

Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1440536076-1511812993-108412173-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [30d9b4eb512a83b3d5e8c19024dece32],


Rrun the AdwCleaner again.

Remove it again if it is found.

Keep me posted.

#9 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 14 July 2014 - 10:46 AM

PUP.Optional.SearchProtect.A does not come up in AdwCleaner but the SearchScopes part does.  I am not using Internet Explorer for anything.  I got this because I was filling out an online application to a job and they required you to use Internet Explorer.  Never again!  LOL

 

I ran AdwCleaner, rebooted, gave report S3.  Ran Malwarebytes and it still found PUP.Optional.SearchProtect.A.  So I ran AdwCleaner again it did not find PUP.Optional.SearchProtect.A but did find the SearchScopes again even though I had deleted that. Second report for AdwCleaner is S4.

 

Here are all the reports.

 
# AdwCleaner v3.215 - Report created 14/07/2014 at 11:16:15
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[R4].txt - [1412 octets] - [14/07/2014 11:15:05]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2982 octets] - [13/07/2014 11:02:38]
AdwCleaner[S3].txt - [1222 octets] - [14/07/2014 11:16:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1282 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/14/2014
Scan Time: 11:19:21 AM
Logfile: malwarebytes 7-14-14-11-28am.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.14.06
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338074
Time Elapsed: 8 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1440536076-1511812993-108412173-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [75f92d72e19ac76fe98030225da5c63a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 11:29:28

# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[R4].txt - [1412 octets] - [14/07/2014 11:15:05]
AdwCleaner[R5].txt - [1532 octets] - [14/07/2014 11:29:08]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2982 octets] - [13/07/2014 11:02:38]
AdwCleaner[S3].txt - [1362 octets] - [14/07/2014 11:16:21]
AdwCleaner[S4].txt - [1342 octets] - [14/07/2014 11:29:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1402 octets] ##########


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 14 July 2014 - 12:24 PM

If still present Open Internet Explorer.
Under the Menu > Internet Options > Advanced tab.
In the bottom, reset IE using the Reset button.
Click the apply button.

How is it now?

#11 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 14 July 2014 - 03:43 PM

I did this and both AdwCleaner and Malwarebytes still finds the SearchScopes thing.

 

Steps I took....

I made the changes to Internet Explorer.  It caused me to restart.  Restarted.

Ran AdwCleaner Report S5   Restarted.

Ran Malwarebytes.

Ran AdwCleaner Report S6  Restarted.

 

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 15:20:21
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[R4].txt - [1412 octets] - [14/07/2014 11:15:05]
AdwCleaner[R5].txt - [1532 octets] - [14/07/2014 11:29:08]
AdwCleaner[R6].txt - [1652 octets] - [14/07/2014 15:19:37]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2982 octets] - [13/07/2014 11:02:38]
AdwCleaner[S3].txt - [1362 octets] - [14/07/2014 11:16:21]
AdwCleaner[S4].txt - [1482 octets] - [14/07/2014 11:29:34]
AdwCleaner[S5].txt - [1462 octets] - [14/07/2014 15:20:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1522 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/14/2014
Scan Time: 3:23:23 PM
Logfile: malwarebytes 7-14-14-3-31pm.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.14.10
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338248
Time Elapsed: 7 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1440536076-1511812993-108412173-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [8ee4b8e7067576c0ad0ca0b2f9096c94], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 15:32:55
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[R4].txt - [1412 octets] - [14/07/2014 11:15:05]
AdwCleaner[R5].txt - [1532 octets] - [14/07/2014 11:29:08]
AdwCleaner[R6].txt - [1652 octets] - [14/07/2014 15:19:37]
AdwCleaner[R7].txt - [1772 octets] - [14/07/2014 15:32:45]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2982 octets] - [13/07/2014 11:02:38]
AdwCleaner[S3].txt - [1362 octets] - [14/07/2014 11:16:21]
AdwCleaner[S4].txt - [1482 octets] - [14/07/2014 11:29:34]
AdwCleaner[S5].txt - [1602 octets] - [14/07/2014 15:20:28]
AdwCleaner[S6].txt - [1582 octets] - [14/07/2014 15:32:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1642 octets] ##########


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 15 July 2014 - 08:22 AM


It looks like this registry entry is malformed.

Let me check it.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#13 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 15 July 2014 - 11:33 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:33 on 15/07/2014 by Tammy
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[HKEY_USERS\S-1-5-21-1440536076-1511812993-108412173-1002\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_USERS\S-1-5-21-1440536076-1511812993-108412173-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
 
-= EOF =-


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:13 PM

Posted 15 July 2014 - 12:50 PM


; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[HKEY_USERS\S-1-5-21-1440536076-1511812993-108412173-1002\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-
[-HKEY_USERS\S-1-5-21-1440536076-1511812993-108412173-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.
===

How is it now?

#15 tweist73

tweist73
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 15 July 2014 - 02:20 PM

I ran it 2xs to be sure I did it correctly and both times it still finds it.

 

# AdwCleaner v3.215 - Report created 15/07/2014 at 15:15:06
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Tammy - WINDOWS-DGD8MDM
# Running from : C:\Users\Tammy\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=sister+act+&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.ucc.org/search-results.html?cx=004140695161086210870%3Aqbbk4dptm5e&cof=FORID%3A9&ie=UTF-8&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.therestaurantstore.com/search-results.html?searchval={searchTerms}&x=46&y=12
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0F10483D-E5A2-48B8-AC6D-A3755DB2A400&SSPV=
Deleted [Extension] : adpkifcfcacgmnggcbpbjbkdijciiigm
 
*************************
 
AdwCleaner[R0].txt - [3565 octets] - [09/07/2014 08:22:41]
AdwCleaner[R1].txt - [2467 octets] - [09/07/2014 09:54:12]
AdwCleaner[R2].txt - [2527 octets] - [09/07/2014 10:13:36]
AdwCleaner[R3].txt - [2257 octets] - [13/07/2014 10:58:09]
AdwCleaner[R4].txt - [1412 octets] - [14/07/2014 11:15:05]
AdwCleaner[R5].txt - [1532 octets] - [14/07/2014 11:29:08]
AdwCleaner[R6].txt - [1652 octets] - [14/07/2014 15:19:37]
AdwCleaner[R7].txt - [1772 octets] - [14/07/2014 15:32:45]
AdwCleaner[R8].txt - [3376 octets] - [15/07/2014 14:00:07]
AdwCleaner[R9].txt - [2346 octets] - [15/07/2014 15:14:27]
AdwCleaner[S0].txt - [3610 octets] - [09/07/2014 08:30:40]
AdwCleaner[S1].txt - [2565 octets] - [09/07/2014 10:15:09]
AdwCleaner[S2].txt - [2982 octets] - [13/07/2014 11:02:38]
AdwCleaner[S3].txt - [1362 octets] - [14/07/2014 11:16:21]
AdwCleaner[S4].txt - [1482 octets] - [14/07/2014 11:29:34]
AdwCleaner[S5].txt - [1602 octets] - [14/07/2014 15:20:28]
AdwCleaner[S6].txt - [1722 octets] - [14/07/2014 15:33:02]
AdwCleaner[S7].txt - [3356 octets] - [15/07/2014 14:01:14]
AdwCleaner[S8].txt - [2881 octets] - [15/07/2014 15:15:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2941 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users