Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown redirect virus not cleaned by multiple removal tools


  • This topic is locked This topic is locked
35 replies to this topic

#1 hojoatt

hojoatt

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 15 July 2014 - 11:56 AM

All browsers redirect to Yahoo and install as default search engine and remove open pages, multiple removal tools suggested tried - Malwarebytes, CC Cleaner, Registry Mechanic (keeps claiming to remove 2 items in Internet Explorer but are not removed after clean and are identified when re-run), MiniToolBox, ADW Cleaner, Junkware Removal Tool, ESET and others find dozens of threats claimed removed and not a thing changes with this redirect to Yahoo and removal of set open pages

 

Here is the DDS text log:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by BlueJeep at 10:39:42 on 2014-07-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1909.638 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\FileOpen\Services\FileOpenManager32.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Windows\system32\calc.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
\\Utlawyer\bcnet\BestCase\WinBFS.EXE
\\Utlawyer\ignnet\I-Got-Notices\IGotNotices.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ie
uSearch Bar = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
dRun: [AROReminder] c:\program files\aro 2012\aro.exe -rem
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lexisnexiscenters.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1A8668B4-8669-4383-B60D-67A3227F86C2} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bluejeep\appdata\roaming\mozilla\firefox\profiles\683tioti.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.url - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p=
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\bluejeep\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-2-15 881952]
R2 FileOpenManager;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManager32.exe [2013-3-19 217456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-3-5 47640]
R3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\drivers\e1k6232.sys [2014-2-15 369416]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-2 200192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-7-14 30976]
S3 IAMT03;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2010-3-2 40848]
S3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2010-3-2 38288]
S3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2010-3-2 47496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-26 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-26 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-5 1343400]
S4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-8-12 134456]
S4 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-15 2175264]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-3-19 375120]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-11-2 794272]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-2 2320920]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2014-07-15 15:48:59 -------- d-----w- c:\users\bluejeep\appdata\roaming\Registry Mechanic
2014-07-15 12:54:11 -------- d-----w- c:\windows\ERUNT
2014-07-15 12:01:09 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-15 11:59:29 -------- d-----w- C:\AdwCleaner
2014-07-15 11:53:20 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e2c2254e-9c68-4e7f-80b6-78e22c0916e7}\mpengine.dll
2014-07-14 21:10:59 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-07-14 21:10:37 -------- d-----w- c:\programdata\HitmanPro
2014-07-14 18:40:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-12 22:58:09 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-10 02:58:23 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-10 02:58:23 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 14:42:48 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 14:42:27 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:42:00 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 14:42:00 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 14:42:00 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 14:42:00 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 14:41:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 14:41:03 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 14:41:03 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 14:41:03 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-09 14:41:03 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 14:41:03 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-09 14:41:03 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 14:41:03 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-09 14:41:03 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 14:39:59 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 14:39:59 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 14:39:59 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 14:39:59 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 14:39:59 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 14:39:59 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 14:39:59 172032 ----a-w- c:\windows\system32\wdigest.dll
.
==================== Find3M  ====================
.
2014-07-14 19:28:26 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-14 18:39:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-06 20:01:34 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-06-06 20:01:30 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-06-06 20:01:26 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-06-06 20:01:26 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-05-12 13:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 13:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-03 13:42:59 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-03 13:42:59 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-25 02:06:17 626688 ----a-w- c:\windows\system32\usp10.dll
2014-04-18 13:30:56 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
.
============= FINISH: 10:45:47.51 ===============
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 20 July 2014 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 July 2014 - 07:18 AM

Here is the Farbar text but I could not see the other file you asked to attach:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by BlueJeep (administrator) on BACKOFFICE1 on 21-07-2014 06:07:17
Running from C:\Users\BlueJeep\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(PFU LIMITED) C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\systemku.exe
(LexisNexis, a division of Reed Elsevier Inc. ) C:\Program Files\LexisNexis\Time Matters 11\tmmsge.exe
(Best Case, LLC, Best Case Bankruptcy, P.O. Box 32, Evanston Illinois, 800-492-8037) \\Utlawyer\bcnet\BestCase\WinBFS.EXE
(LegalPRO Systems, Inc.) \\Utlawyer\ignnet\I-Got-Notices\IGotNotices.exe
(LexisNexis, a division of Reed Elsevier Inc. ) C:\Program Files\LexisNexis\Time Matters 11\tmwe.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Corel Corporation) C:\Program Files\Corel\WordPerfect Office X6\Programs\ps160.exe
(Corel Corporation) C:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1015\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1015\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1015\...\Policies\Explorer: [NoInstrumentation] 1
AppInit_DLLs: C:\Users\CloneAccount\AppData\Local\Linkey\IEEXTE~1\iedll.dll => C:\Users\CloneAccount\AppData\Local\Linkey\IEExtension\iedll.dll [175632 2014-06-01] (Aztec Media Inc)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-17] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9728D77C-3F94-4C9C-9A4E-0713B0EA6969} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\CloneAccount\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\BlueJeep\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-14]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://online.wellsfargo.com/login?ERROR_CODE=ZXJyb3IuY29va2llc05vdEVuYWJsZWQ%3D", "hxxp://www.utb.uscourts.gov/", "hxxp://www.law.cornell.edu/uscode/text", "hxxp://www.law.cornell.edu/rules/frbp", "https://bay182.mail.live.com/default.aspx", "https://ecf.utb.uscourts.gov/cgi-bin/login.pl", "https://www.xfinityhomesecurity.com/sp/camerasLiveVideo.html?ID=1265661.2"
CHR Extension: (Google Docs) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-14]
CHR Extension: (YouTube) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (Gmail) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-10] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
S4 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S4 atashost; C:\Windows\system32\atashost.exe [134456 2013-08-12] (Cisco WebEx LLC)
S4 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager32.exe [217456 2013-03-19] (FileOpen Systems Inc.)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-05] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3572240 2014-07-17] (Aztec Media Inc)
S4 ReflectService.exe; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [X]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-17] (Aztec Media Inc)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-14] ()
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16064 2012-06-12] (Macrium Software)
S3 catchme; \??\C:\Users\BlueJeep\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
S1 lsjsopcd; \??\C:\Windows\system32\drivers\lsjsopcd.sys [X]
S1 MpKsl18925ac7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DFC0C8E-4C01-444F-8755-A1944F58D8C2}\MpKsl18925ac7.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 06:07 - 2014-07-21 06:07 - 00016520 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-21 06:07 - 2014-07-21 06:07 - 00000000 ____D () C:\FRST
2014-07-21 06:06 - 2014-07-21 06:06 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:17 - 2014-07-19 15:23 - 00001020 _____ () C:\Windows\setupact.log
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 21:17 - 2014-07-18 21:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 20:48 - 2014-07-18 20:48 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 18:22 - 2014-07-18 18:22 - 00000000 ____D () C:\Users\BlueJeep\Documents\Updater
2014-07-18 18:10 - 2014-07-18 18:10 - 00625870 _____ () C:\Users\BlueJeep\Downloads\WindowsServer2008R2andWindows7GroupPolicySettings.xlsx
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-21 06:07 - 00000000 ____D () C:\ProgramData\systemk
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Linkey
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Program Files\Settings Manager
2014-07-18 14:15 - 2014-07-18 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-18 14:14 - 2014-07-18 14:15 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\OpenCandy
2014-07-18 14:13 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-17 15:14 - 2014-07-17 15:34 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:50 - 2014-07-17 14:50 - 00024572 _____ () C:\ComboFix.txt
2014-07-17 14:33 - 2014-07-17 14:50 - 00000000 ____D () C:\Qoobox
2014-07-17 14:33 - 2014-07-17 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:33 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:33 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:33 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 05221938 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-17 14:29 - 2014-07-17 14:29 - 00001786 _____ () C:\Users\BlueJeep\Desktop\JRT.txt
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 14:59 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-17 09:07 - 2014-07-17 09:08 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215 (1).exe
2014-07-17 08:56 - 2014-07-17 08:56 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215.exe
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:18 - 2014-07-16 21:19 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:45 - 2014-07-17 15:12 - 00015361 _____ () C:\Users\BlueJeep\Desktop\dds.txt
2014-07-15 10:45 - 2014-07-17 15:12 - 00004998 _____ () C:\Users\BlueJeep\Desktop\attach.txt
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 10:05 - 2014-07-21 03:00 - 00222577 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 10:01 - 2014-07-15 10:01 - 05226496 _____ () C:\Users\BlueJeep\s-1-5-21-3454095549-3568087932-2717066106-1015.rrr
2014-07-15 10:01 - 2014-07-15 10:01 - 00356352 _____ () C:\Windows\system32\config\default.rrr
2014-07-15 09:59 - 2014-07-15 10:01 - 62226432 _____ () C:\Windows\system32\config\software.rrr
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:49 - 2014-07-15 06:49 - 00031283 _____ () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home.htm
2014-07-15 06:49 - 2014-07-15 06:49 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-15 06:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-17 09:09 - 00000000 ____D () C:\AdwCleaner
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:57 - 2014-07-15 05:58 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:36 - 2014-07-14 17:39 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:10 - 2014-07-14 15:20 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:10 - 2014-07-14 15:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 12:40 - 2014-07-14 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 12:24 - 2014-07-15 10:01 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-14 12:24 - 2014-07-15 10:01 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-14 12:24 - 2014-07-15 10:01 - 01679360 _____ () C:\Users\DMC\s-1-5-21-3454095549-3568087932-2717066106-1008.rrr
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:42 - 2014-07-18 12:28 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:06 - 2014-07-12 14:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\BlueJeep\Downloads\iExplore.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:48 - 2014-07-12 06:49 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:11 - 2014-07-10 07:15 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-09 20:58 - 2014-06-29 19:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:58 - 2014-06-29 19:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-03 09:19 - 2014-07-14 13:43 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
2014-06-25 12:33 - 2014-06-25 12:33 - 00016978 _____ () C:\Users\BlueJeep\Downloads\peggy.xlsx
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 06:07 - 2014-07-21 06:07 - 00016520 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-21 06:07 - 2014-07-21 06:07 - 00000000 ____D () C:\FRST
2014-07-21 06:07 - 2014-07-18 14:16 - 00000000 ____D () C:\ProgramData\systemk
2014-07-21 06:06 - 2014-07-21 06:06 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-21 06:04 - 2012-04-05 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 05:24 - 2011-01-24 10:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 05:14 - 2014-03-07 12:29 - 00000520 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3454095549-3568087932-2717066106-1015.job
2014-07-21 03:00 - 2014-07-15 10:05 - 00222577 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 11:24 - 2011-01-24 10:31 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 18:46 - 2011-01-24 08:46 - 00003676 _____ () C:\Windows\BESTCWND.INI
2014-07-19 18:43 - 2013-08-13 13:42 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\FileZilla
2014-07-19 18:36 - 2011-01-13 12:11 - 00003458 _____ () C:\Windows\bestcase.ini
2014-07-19 18:18 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-19 15:26 - 2010-03-02 10:37 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 15:23 - 2014-07-18 21:17 - 00001020 _____ () C:\Windows\setupact.log
2014-07-19 11:58 - 2013-10-19 08:48 - 00143380 _____ () C:\Users\BlueJeep\Documents\WUPDATE.LOG
2014-07-19 11:41 - 2011-10-07 07:29 - 00000202 _____ () C:\Windows\BestCOpn.ini
2014-07-19 11:32 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 11:32 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 11:25 - 2012-11-03 08:47 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-07-19 11:25 - 2011-11-02 10:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-19 11:24 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:21 - 2013-09-10 19:47 - 00000000 ____D () C:\Users\David_2\AppData\Local\Adobe
2014-07-18 21:21 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2\AppData\Roaming\Adobe
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 21:17 - 2014-07-18 21:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 21:06 - 2013-08-12 11:13 - 00002022 __RSH () C:\ProgramData\ntuser.pol
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 20:52 - 2013-08-12 19:34 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\Paint.NET
2014-07-18 20:48 - 2014-07-18 20:48 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 20:48 - 2013-08-14 09:04 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\CrashDumps
2014-07-18 18:22 - 2014-07-18 18:22 - 00000000 ____D () C:\Users\BlueJeep\Documents\Updater
2014-07-18 18:10 - 2014-07-18 18:10 - 00625870 _____ () C:\Users\BlueJeep\Downloads\WindowsServer2008R2andWindows7GroupPolicySettings.xlsx
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Linkey
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Program Files\Settings Manager
2014-07-18 14:15 - 2014-07-18 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-18 14:15 - 2014-07-18 14:14 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\OpenCandy
2014-07-18 14:14 - 2014-07-18 14:13 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:28 - 2014-07-14 07:42 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:21 - 2013-08-13 14:13 - 00122608 _____ () C:\Users\CloneAccount\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-18 11:53 - 2013-08-13 14:13 - 00000632 __RSH () C:\Users\CloneAccount\ntuser.pol
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\IObit
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Google
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount
2014-07-18 11:53 - 2013-02-08 20:34 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-07-18 11:53 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 15:34 - 2014-07-17 15:14 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:12 - 2014-07-15 10:45 - 00015361 _____ () C:\Users\BlueJeep\Desktop\dds.txt
2014-07-17 15:12 - 2014-07-15 10:45 - 00004998 _____ () C:\Users\BlueJeep\Desktop\attach.txt
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:59 - 2014-07-17 09:11 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:50 - 2014-07-17 14:50 - 00024572 _____ () C:\ComboFix.txt
2014-07-17 14:50 - 2014-07-17 14:33 - 00000000 ____D () C:\Qoobox
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
2014-07-17 14:49 - 2014-07-17 14:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:47 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 14:32 - 2014-07-17 14:32 - 05221938 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-17 14:29 - 2014-07-17 14:29 - 00001786 _____ () C:\Users\BlueJeep\Desktop\JRT.txt
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-17 09:09 - 2014-07-15 05:59 - 00000000 ____D () C:\AdwCleaner
2014-07-17 09:08 - 2014-07-17 09:07 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215 (1).exe
2014-07-17 08:56 - 2014-07-17 08:56 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215.exe
2014-07-17 07:24 - 2014-03-03 18:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-17 07:00 - 2014-01-13 15:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-17 05:50 - 2013-08-30 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 05:49 - 2014-02-15 14:37 - 00002167 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-17 05:49 - 2010-03-02 11:24 - 00000000 ____D () C:\Windows\Panther
2014-07-17 05:48 - 2010-03-02 11:06 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-17 05:45 - 2014-02-15 14:40 - 62316544 _____ () C:\Windows\system32\config\software.iobit
2014-07-17 05:45 - 2014-02-15 14:40 - 00372736 _____ () C:\Windows\system32\config\default.iobit
2014-07-17 05:45 - 2014-02-15 14:40 - 00352256 _____ () C:\Windows\system32\config\sam.iobit
2014-07-17 05:45 - 2014-02-15 14:40 - 00032768 _____ () C:\Windows\system32\config\security.iobit
2014-07-17 05:45 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:22 - 2013-09-17 18:13 - 00122608 _____ () C:\Users\HowardJ\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Adobe
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Local\Adobe
2014-07-16 21:19 - 2014-07-16 21:18 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 21:18 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2
2014-07-16 21:16 - 2013-09-17 18:13 - 00000632 __RSH () C:\Users\HowardJ\ntuser.pol
2014-07-16 21:16 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\IObit
2014-07-16 21:16 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ
2014-07-16 21:15 - 2013-08-12 06:57 - 00000632 __RSH () C:\Users\David_2\ntuser.pol
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-07-16 21:09 - 2013-09-17 17:10 - 00000000 ____D () C:\Users\DMC\AppData\Local\CrashDumps
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 10:01 - 2014-07-15 10:01 - 05226496 _____ () C:\Users\BlueJeep\s-1-5-21-3454095549-3568087932-2717066106-1015.rrr
2014-07-15 10:01 - 2014-07-15 10:01 - 00356352 _____ () C:\Windows\system32\config\default.rrr
2014-07-15 10:01 - 2014-07-15 09:59 - 62226432 _____ () C:\Windows\system32\config\software.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 01679360 _____ () C:\Users\DMC\s-1-5-21-3454095549-3568087932-2717066106-1008.rrr
2014-07-15 10:01 - 2014-06-05 13:52 - 00901120 _____ () C:\Users\David_2\s-1-5-21-3454095549-3568087932-2717066106-1013.rrr
2014-07-15 10:01 - 2014-05-14 17:27 - 00663552 _____ () C:\Users\CloneAccount\s-1-5-21-3454095549-3568087932-2717066106-1016.rrr
2014-07-15 10:01 - 2014-05-14 17:27 - 00245760 _____ () C:\Users\LogMeInRemoteUser\s-1-5-21-3454095549-3568087932-2717066106-1012.rrr
2014-07-15 10:01 - 2014-02-15 14:19 - 01073152 _____ () C:\Users\Howard\s-1-5-21-3454095549-3568087932-2717066106-1007.rrr
2014-07-15 10:01 - 2014-02-15 14:19 - 00712704 _____ () C:\Users\HowardJ\s-1-5-21-3454095549-3568087932-2717066106-1017.rrr
2014-07-15 10:01 - 2013-08-12 07:59 - 00000000 ____D () C:\Users\Howard
2014-07-15 10:01 - 2012-09-06 21:33 - 00000000 ____D () C:\Users\DMC
2014-07-15 10:01 - 2011-01-30 20:54 - 00000000 ____D () C:\Users\Administrator
2014-07-15 10:01 - 2011-01-26 10:01 - 00000000 ____D () C:\Users\Mr. HoJo
2014-07-15 10:01 - 2011-01-04 17:53 - 00000000 ____D () C:\Users\David
2014-07-15 07:48 - 2014-06-13 18:52 - 00000000 ____D () C:\temp
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:54 - 2011-11-02 09:57 - 00000000 ____D () C:\ProgramData\PC1Data
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:49 - 2014-07-15 06:49 - 00031283 _____ () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home.htm
2014-07-15 06:49 - 2014-07-15 06:49 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-15 06:05 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\IObit
2014-07-15 06:05 - 2011-10-17 17:36 - 00000000 ____D () C:\ProgramData\IObit
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:58 - 2014-07-15 05:57 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:39 - 2014-07-14 17:36 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 17:28 - 2012-09-06 21:33 - 00000632 __RSH () C:\Users\DMC\ntuser.pol
2014-07-14 16:48 - 2013-08-13 09:38 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Mozilla
2014-07-14 15:20 - 2014-07-14 15:10 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:19 - 2014-07-14 15:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:18 - 2014-06-12 14:59 - 00000000 ____D () C:\Program Files\pcmax
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 13:43 - 2014-07-03 09:19 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-14 13:43 - 2013-01-02 12:43 - 00000000 ____D () C:\Users\Mr. HoJo\Documents\2012 Phone Messages
2014-07-14 13:43 - 2012-08-23 20:11 - 00000000 ____D () C:\Users\David\Downloads\Windows 7 Issues  Wake-on-Lan (WOL) for Windows 7 Made Easy!_files
2014-07-14 13:03 - 2014-07-14 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 12:39 - 2014-06-12 15:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 12:25 - 2009-07-13 20:03 - 62652416 _____ () C:\Windows\system32\config\software.rmbak
2014-07-14 12:25 - 2009-07-13 20:03 - 00524288 _____ () C:\Windows\system32\config\default.rmbak
2014-07-14 08:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Resources
2014-07-14 08:16 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:46 - 2011-01-26 05:40 - 00000000 ____D () C:\Program Files\IObit
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:42 - 2011-01-24 10:31 - 00000000 ____D () C:\Program Files\Google
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-14 06:36 - 2014-02-15 14:40 - 27725824 _____ () C:\Windows\system32\config\components.iobit
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:06 - 2014-07-12 14:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\BlueJeep\Downloads\iExplore.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:49 - 2014-07-12 06:48 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-12 06:49 - 2013-09-17 21:46 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 06:49 - 2013-09-17 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 06:49 - 2011-01-26 05:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-12 06:47 - 2014-01-22 09:00 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-12 06:47 - 2014-01-22 09:00 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-12 06:15 - 2013-05-01 21:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:15 - 2014-07-10 07:11 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-10 05:24 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-05 11:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2009-07-14 01:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:02 - 2010-03-02 10:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 08:34 - 2014-02-15 14:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-07 07:25 - 2012-12-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
2014-06-29 19:40 - 2014-07-09 20:58 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:36 - 2014-07-09 20:58 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 12:33 - 2014-06-25 12:33 - 00016978 _____ () C:\Users\BlueJeep\Downloads\peggy.xlsx
 
Files to move or delete:
====================
C:\Users\BlueJeep\AcrobatPro_11_Web_WWMUI.exe
 
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ASCSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:29
 
==================== End Of Log =======================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 21 July 2014 - 07:59 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-17] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\CloneAccount\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
FF Homepage: hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3572240 2014-07-17] (Aztec Media Inc)
S4 ReflectService.exe; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [X]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [X]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-17] (Aztec Media Inc)
S3 catchme; \??\C:\Users\BlueJeep\AppData\Local\Temp\catchme.sys [X]
S1 lsjsopcd; \??\C:\Windows\system32\drivers\lsjsopcd.sys [X]
S1 MpKsl18925ac7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DFC0C8E-4C01-444F-8755-A1944F58D8C2}\MpKsl18925ac7.sys [X]
C:\Program Files\Settings Manager\systemk

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 July 2014 - 08:18 AM

I put the fixlist.txt into the frst folder but there is no way to launch farbar again and if I download it again and run the fixlist file isn't in it?



#6 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 July 2014 - 08:35 AM

OK I was able to get it done and it appears all is working now and no yahoo redirect, thanks, here is fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by BlueJeep at 2014-07-21 07:29:45 Run:1
Running from C:\FRST
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-17] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\CloneAccount\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
FF Homepage: hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3572240 2014-07-17] (Aztec Media Inc)
S4 ReflectService.exe; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [X]
S4 SupportSoft RemoteAssist; C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [X]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-17] (Aztec Media Inc)
S3 catchme; \??\C:\Users\BlueJeep\AppData\Local\Temp\catchme.sys [X]
S1 lsjsopcd; \??\C:\Windows\system32\drivers\lsjsopcd.sys [X]
S1 MpKsl18925ac7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DFC0C8E-4C01-444F-8755-A1944F58D8C2}\MpKsl18925ac7.sys [X]
C:\Program Files\Settings Manager\systemk
 
End
*****************
 
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe' => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}'=> Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}' => Key deleted successfully.
'HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}' => Key deleted successfully.
'HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}' => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
'HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}' => Key deleted successfully.
Firefox homepage deleted successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
SystemkService => Unable to stop service
SystemkService => Error deleting Service
ReflectService.exe => Service deleted successfully.
SupportSoft RemoteAssist => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Unable to stop service
F06DEFF2-5B9C-490D-910F-35D3A9119622 => Error deleting Service
catchme => Service deleted successfully.
lsjsopcd => Service deleted successfully.
MpKsl18925ac7 => Service deleted successfully.
 
"C:\Program Files\Settings Manager\systemk" directory move:
 
Could not move "C:\Program Files\Settings Manager\systemk\favicon.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Helper.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\smdmf.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\smdmfldr.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\smdmfldr_u.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\sysapcrt.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemkbho.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\SystemkService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\systemku.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\tbicon.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk\Uninstall.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files\Settings Manager\systemk" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-21 07:32:49)<=
 
"C:\Program Files\Settings Manager\systemk\favicon.ico" => File could not move.
"C:\Program Files\Settings Manager\systemk\Helper.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe" => File could not move.
"C:\Program Files\Settings Manager\systemk\smdmf.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\smdmfldr.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\smdmfldr_u.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\sysapcrt.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\systemkbho.dll" => File could not move.
"C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg" => File could not move.
"C:\Program Files\Settings Manager\systemk\SystemkService.exe" => File could not move.
"C:\Program Files\Settings Manager\systemk\systemku.exe" => File could not move.
"C:\Program Files\Settings Manager\systemk\tbicon.exe" => File could not move.
"C:\Program Files\Settings Manager\systemk\Uninstall.exe" => File could not move.
"C:\Program Files\Settings Manager\systemk" => Directory could not move.
 
==== End of Fixlog ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 21 July 2014 - 10:49 AM

I suggest your run the AdwCleaner and get the new version.

Run it and post the log for my review.

#8 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 July 2014 - 11:27 AM

Here is the log:

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 09:59:07
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : BlueJeep - BACKOFFICE1
# Running from : C:\Users\BlueJeep\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\BlueJeep\Documents\Updater
Folder Deleted : C:\Users\CloneAccount\AppData\Local\Linkey
Folder Deleted : C:\Users\CloneAccount\AppData\Roaming\OpenCandy
File Deleted : C:\Windows\System32\Tasks\Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{690AB66F-D414-44F4-8E01-AAF2A1A4892E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{690AB66F-D414-44F4-8E01-AAF2A1A4892E}
Key Deleted : HKLM\SOFTWARE\Classes\Linkey.Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\Linkey
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\CloneAccount\AppData\Local\Linkey\IEEXTE~1\iedll.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eya5hcta.default\prefs.js ]
 
 
[ File : C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default\prefs.js ]
 
 
[ File : C:\Users\David_2\AppData\Roaming\Mozilla\Firefox\Profiles\j9zc2e6j.default\prefs.js ]
 
 
[ File : C:\Users\DMC\AppData\Roaming\Mozilla\Firefox\Profiles\9s1hr7s8.default\prefs.js ]
 
 
[ File : C:\Users\DMC\AppData\Roaming\Mozilla\Firefox\Profiles\nl1c158b.default\prefs.js ]
 
 
[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\t9hkclve.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=412&src=ds&p={searchTerms}
 
[ File : C:\Users\CloneAccount\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=412&src=ds&p={searchTerms}
Deleted [Startup_urls] : hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13437&tm=412&src=hmp
Deleted [Homepage] : hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13437&tm=412&src=hmp
 
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\David_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=101&itype=n&ver=13437&tm=412&src=ds&p={searchTerms}
 
[ File : C:\Users\DMC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\HowardJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Mr. HoJo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18138 octets] - [15/07/2014 06:00:25]
AdwCleaner[R1].txt - [2361 octets] - [17/07/2014 08:56:50]
AdwCleaner[R2].txt - [2264 octets] - [17/07/2014 09:08:27]
AdwCleaner[R3].txt - [4944 octets] - [21/07/2014 09:57:10]
AdwCleaner[S0].txt - [19034 octets] - [15/07/2014 06:05:57]
AdwCleaner[S1].txt - [2433 octets] - [17/07/2014 09:04:17]
AdwCleaner[S2].txt - [4907 octets] - [21/07/2014 09:59:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4967 octets] ##########


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 22 July 2014 - 06:20 AM

How is the computer running now?

#10 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 22 July 2014 - 06:34 AM

Seems to be just fine



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 22 July 2014 - 08:59 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 22 July 2014 - 01:24 PM

Some new problem downloaded when I tried re-installing internet explorer and a bunch of things came bundled that keep making pop ups appear.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 AM

Posted 23 July 2014 - 07:07 AM

Some new problem downloaded when I tried re-installing internet explorer and a bunch of things came bundled that keep making pop ups appear.

Where did you get that download from?

Run the FRST tool and post a fresh log for my review.

#14 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 23 July 2014 - 07:13 AM

I thought it was the Microsoft site but it was not it was: hxxttp://us.downloadinfo.co/lp/internet-explorer/457/?_u=ejo273oms4uetugjjljoivbk428sc6s90tc98l6m073d3qhrhd40-14b3d096b3d7886c3e49ec3ca5658522
 
 
I need a new link to FRST as it apparently updated and deleted

Edited by nasdaq, 23 July 2014 - 09:19 AM.


#15 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 23 July 2014 - 07:18 AM

It worked now, here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01
Ran by BlueJeep (administrator) on BACKOFFICE1 on 23-07-2014 06:14:58
Running from C:\Users\BlueJeep\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Best Case, LLC, Best Case Bankruptcy, P.O. Box 32, Evanston Illinois, 800-492-8037) \\Utlawyer\bcnet\BestCase\WinBFS.EXE
(LegalPRO Systems, Inc.) \\Utlawyer\ignnet\I-Got-Notices\IGotNotices.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LexisNexis, a division of Reed Elsevier Inc. ) C:\Program Files\LexisNexis\Time Matters 11\tmwe.exe
(LexisNexis, a division of Reed Elsevier Inc. ) C:\Program Files\LexisNexis\Time Matters 11\tmmsge.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\RunOnce: [BrandClearStubs] => RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{D23BF655-7113-446E-9DEA-7928909D9A23} 
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1006\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -update plugin 
HKU\S-1-5-21-3454095549-3568087932-2717066106-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1006\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1006\...\MountPoints2: {346cbe46-6c2e-11e0-bc5e-00270e110bc4} - J:\LaunchU3.exe -a
HKU\S-1-5-21-3454095549-3568087932-2717066106-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1008\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1008\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1012\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3454095549-3568087932-2717066106-1013\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2288928 2014-02-11] (IObit)
HKU\S-1-5-21-3454095549-3568087932-2717066106-1013\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1013\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1015\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1016\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1016\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1017\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-1017\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-500\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3454095549-3568087932-2717066106-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: RegistryDefragBootTime.exeautocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {9728D77C-3F94-4C9C-9A4E-0713B0EA6969} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\BlueJeep\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default\Extensions\staged [2014-07-22]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-14]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://online.wellsfargo.com/login?ERROR_CODE=ZXJyb3IuY29va2llc05vdEVuYWJsZWQ%3D", "hxxp://www.utb.uscourts.gov/", "hxxp://www.law.cornell.edu/uscode/text", "hxxp://www.law.cornell.edu/rules/frbp", "https://bay182.mail.live.com/default.aspx", "https://ecf.utb.uscourts.gov/cgi-bin/login.pl", "https://www.xfinityhomesecurity.com/sp/camerasLiveVideo.html?ID=1265661.2"
CHR Extension: (Google Docs) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-14]
CHR Extension: (YouTube) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (Gmail) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
========================== Services (Whitelisted) =================
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-10] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
S4 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S4 atashost; C:\Windows\system32\atashost.exe [134456 2013-08-12] (Cisco WebEx LLC)
S4 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager32.exe [217456 2013-03-19] (FileOpen Systems Inc.)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-05] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-14] ()
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16064 2012-06-12] (Macrium Software)
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-23 06:14 - 2014-07-23 06:14 - 00000000 ____D () C:\Users\BlueJeep\Downloads\FRST-OlderVersion
2014-07-22 17:38 - 2014-07-22 17:38 - 38612976 _____ (IObit ) C:\Users\BlueJeep\Downloads\Advanced-SystemCare (1).exe
2014-07-22 17:28 - 2014-07-22 17:28 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Registry Mechanic
2014-07-22 17:26 - 2014-07-22 17:26 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (3).exe
2014-07-22 17:25 - 2014-07-22 17:25 - 29720784 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1-x86-en-us.exe
2014-07-22 17:19 - 2014-07-22 17:19 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (2).exe
2014-07-22 17:17 - 2014-07-22 17:18 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7 (1).EXE
2014-07-22 17:15 - 2014-07-22 17:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-22 17:14 - 2014-07-22 17:15 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7.EXE
2014-07-22 12:15 - 2014-07-23 06:14 - 01082368 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-22 12:10 - 2014-07-22 12:10 - 01354223 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner (2).exe
2014-07-22 10:47 - 2014-07-22 10:47 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (1).exe
2014-07-22 10:45 - 2014-07-22 10:45 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1.exe
2014-07-22 10:44 - 2014-07-22 10:44 - 00838296 _____ ( ) C:\Users\BlueJeep\Downloads\IE11_Setup.exe
2014-07-21 09:56 - 2014-07-21 09:56 - 01354223 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner (1).exe
2014-07-21 07:25 - 2014-07-23 06:15 - 00000000 ____D () C:\FRST
2014-07-21 06:08 - 2014-07-21 06:09 - 00031945 _____ () C:\Users\BlueJeep\Downloads\Addition.txt
2014-07-21 06:07 - 2014-07-23 06:14 - 00015075 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 20:48 - 2014-07-18 20:48 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 18:10 - 2014-07-18 18:10 - 00625870 _____ () C:\Users\BlueJeep\Downloads\WindowsServer2008R2andWindows7GroupPolicySettings.xlsx
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:13 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-17 15:14 - 2014-07-17 15:34 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:50 - 2014-07-17 14:50 - 00024572 _____ () C:\ComboFix.txt
2014-07-17 14:33 - 2014-07-17 14:50 - 00000000 ____D () C:\Qoobox
2014-07-17 14:33 - 2014-07-17 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:33 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:33 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:33 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 14:32 - 2014-07-17 14:32 - 05221938 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 14:59 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-17 09:07 - 2014-07-17 09:08 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215 (1).exe
2014-07-17 08:56 - 2014-07-17 08:56 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215.exe
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:18 - 2014-07-16 21:19 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 10:05 - 2014-07-23 04:58 - 00317987 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 10:01 - 2014-07-15 10:01 - 05226496 _____ () C:\Users\BlueJeep\s-1-5-21-3454095549-3568087932-2717066106-1015.rrr
2014-07-15 10:01 - 2014-07-15 10:01 - 00356352 _____ () C:\Windows\system32\config\default.rrr
2014-07-15 09:59 - 2014-07-15 10:01 - 62226432 _____ () C:\Windows\system32\config\software.rrr
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:49 - 2014-07-15 06:49 - 00031283 _____ () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home.htm
2014-07-15 06:49 - 2014-07-15 06:49 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-15 06:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-22 12:13 - 00000000 ____D () C:\AdwCleaner
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:57 - 2014-07-15 05:58 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:36 - 2014-07-14 17:39 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:10 - 2014-07-14 15:20 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:10 - 2014-07-14 15:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 12:40 - 2014-07-14 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 12:24 - 2014-07-15 10:01 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-14 12:24 - 2014-07-15 10:01 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-14 12:24 - 2014-07-15 10:01 - 01679360 _____ () C:\Users\DMC\s-1-5-21-3454095549-3568087932-2717066106-1008.rrr
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:42 - 2014-07-18 12:28 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:06 - 2014-07-12 14:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\BlueJeep\Downloads\iExplore.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:48 - 2014-07-12 06:49 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:11 - 2014-07-10 07:15 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-09 20:58 - 2014-06-29 19:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:58 - 2014-06-29 19:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-03 09:19 - 2014-07-14 13:43 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
2014-06-25 12:33 - 2014-06-25 12:33 - 00016978 _____ () C:\Users\BlueJeep\Downloads\peggy.xlsx
 
==================== One Month Modified Files and Folders =======
 
2014-07-23 06:16 - 2014-07-21 06:07 - 00015075 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-23 06:15 - 2014-07-21 07:25 - 00000000 ____D () C:\FRST
2014-07-23 06:14 - 2014-07-23 06:14 - 00000000 ____D () C:\Users\BlueJeep\Downloads\FRST-OlderVersion
2014-07-23 06:14 - 2014-07-22 12:15 - 01082368 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-23 06:14 - 2014-03-07 12:29 - 00000520 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3454095549-3568087932-2717066106-1015.job
2014-07-23 06:10 - 2014-07-15 10:05 - 00317987 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 06:07 - 2011-01-24 08:46 - 00003676 _____ () C:\Windows\BESTCWND.INI
2014-07-23 06:04 - 2012-04-05 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 05:57 - 2011-01-13 12:11 - 00003477 _____ () C:\Windows\bestcase.ini
2014-07-23 05:24 - 2011-01-24 10:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-22 17:43 - 2013-08-13 13:42 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\FileZilla
2014-07-22 17:41 - 2014-02-15 14:40 - 62373888 _____ () C:\Windows\system32\config\software.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00389120 _____ () C:\Windows\system32\config\default.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00352256 _____ () C:\Windows\system32\config\sam.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00032768 _____ () C:\Windows\system32\config\security.iobit
2014-07-22 17:41 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ
2014-07-22 17:41 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount
2014-07-22 17:41 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep
2014-07-22 17:41 - 2013-08-12 07:59 - 00000000 ____D () C:\Users\Howard
2014-07-22 17:41 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2
2014-07-22 17:41 - 2012-09-06 21:33 - 00000000 ____D () C:\Users\DMC
2014-07-22 17:41 - 2011-01-26 10:01 - 00000000 ____D () C:\Users\Mr. HoJo
2014-07-22 17:41 - 2011-01-04 17:53 - 00000000 ____D () C:\Users\David
2014-07-22 17:38 - 2014-07-22 17:38 - 38612976 _____ (IObit ) C:\Users\BlueJeep\Downloads\Advanced-SystemCare (1).exe
2014-07-22 17:37 - 2011-11-02 10:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-22 17:28 - 2014-07-22 17:28 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Registry Mechanic
2014-07-22 17:26 - 2014-07-22 17:26 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (3).exe
2014-07-22 17:25 - 2014-07-22 17:25 - 29720784 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1-x86-en-us.exe
2014-07-22 17:23 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 17:23 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 17:20 - 2013-10-19 08:48 - 00148132 _____ () C:\Users\BlueJeep\Documents\WUPDATE.LOG
2014-07-22 17:20 - 2011-11-22 08:20 - 00879574 _____ () C:\ads_err.adt
2014-07-22 17:20 - 2011-11-22 08:20 - 00016384 _____ () C:\ads_err.adi
2014-07-22 17:20 - 2011-10-07 07:29 - 00000202 _____ () C:\Windows\BestCOpn.ini
2014-07-22 17:19 - 2014-07-22 17:19 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (2).exe
2014-07-22 17:18 - 2014-07-22 17:17 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7 (1).EXE
2014-07-22 17:18 - 2014-07-22 17:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-22 17:16 - 2012-11-03 08:47 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-07-22 17:16 - 2011-01-24 10:31 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 17:16 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 17:15 - 2014-07-22 17:14 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7.EXE
2014-07-22 16:06 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-22 13:40 - 2014-01-13 15:05 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-22 12:14 - 2009-07-13 22:53 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 12:13 - 2014-07-15 05:59 - 00000000 ____D () C:\AdwCleaner
2014-07-22 12:10 - 2014-07-22 12:10 - 01354223 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner (2).exe
2014-07-22 10:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-22 10:47 - 2014-07-22 10:47 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1 (1).exe
2014-07-22 10:45 - 2014-07-22 10:45 - 02077392 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1.exe
2014-07-22 10:44 - 2014-07-22 10:44 - 00838296 _____ ( ) C:\Users\BlueJeep\Downloads\IE11_Setup.exe
2014-07-22 08:55 - 2013-08-14 09:04 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\CrashDumps
2014-07-21 09:56 - 2014-07-21 09:56 - 01354223 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner (1).exe
2014-07-21 07:32 - 2013-08-12 16:22 - 00000008 __RSH () C:\Users\BlueJeep\ntuser.pol
2014-07-21 07:32 - 2013-08-12 11:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-21 07:29 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-21 06:09 - 2014-07-21 06:08 - 00031945 _____ () C:\Users\BlueJeep\Downloads\Addition.txt
2014-07-19 15:26 - 2010-03-02 10:37 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:21 - 2013-09-10 19:47 - 00000000 ____D () C:\Users\David_2\AppData\Local\Adobe
2014-07-18 21:21 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2\AppData\Roaming\Adobe
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 20:52 - 2013-08-12 19:34 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\Paint.NET
2014-07-18 20:48 - 2014-07-18 20:48 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 18:10 - 2014-07-18 18:10 - 00625870 _____ () C:\Users\BlueJeep\Downloads\WindowsServer2008R2andWindows7GroupPolicySettings.xlsx
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:14 - 2014-07-18 14:13 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:28 - 2014-07-14 07:42 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:21 - 2013-08-13 14:13 - 00122608 _____ () C:\Users\CloneAccount\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-18 11:53 - 2013-08-13 14:13 - 00000632 __RSH () C:\Users\CloneAccount\ntuser.pol
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\IObit
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Google
2014-07-18 11:53 - 2013-02-08 20:34 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-07-18 11:53 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 15:34 - 2014-07-17 15:14 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:59 - 2014-07-17 09:11 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:50 - 2014-07-17 14:50 - 00024572 _____ () C:\ComboFix.txt
2014-07-17 14:50 - 2014-07-17 14:33 - 00000000 ____D () C:\Qoobox
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
2014-07-17 14:49 - 2014-07-17 14:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:47 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-17 14:32 - 2014-07-17 14:32 - 05221938 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-17 09:08 - 2014-07-17 09:07 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215 (1).exe
2014-07-17 08:56 - 2014-07-17 08:56 - 01348263 _____ () C:\Users\BlueJeep\Downloads\adwcleaner_3.215.exe
2014-07-17 07:24 - 2014-03-03 18:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-17 05:50 - 2013-08-30 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 05:49 - 2014-02-15 14:37 - 00002167 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-17 05:49 - 2010-03-02 11:24 - 00000000 ____D () C:\Windows\Panther
2014-07-17 05:48 - 2010-03-02 11:06 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:22 - 2013-09-17 18:13 - 00122608 _____ () C:\Users\HowardJ\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Adobe
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Local\Adobe
2014-07-16 21:19 - 2014-07-16 21:18 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 21:16 - 2013-09-17 18:13 - 00000632 __RSH () C:\Users\HowardJ\ntuser.pol
2014-07-16 21:16 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\IObit
2014-07-16 21:15 - 2013-08-12 06:57 - 00000632 __RSH () C:\Users\David_2\ntuser.pol
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-07-16 21:09 - 2013-09-17 17:10 - 00000000 ____D () C:\Users\DMC\AppData\Local\CrashDumps
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 10:01 - 2014-07-15 10:01 - 05226496 _____ () C:\Users\BlueJeep\s-1-5-21-3454095549-3568087932-2717066106-1015.rrr
2014-07-15 10:01 - 2014-07-15 10:01 - 00356352 _____ () C:\Windows\system32\config\default.rrr
2014-07-15 10:01 - 2014-07-15 09:59 - 62226432 _____ () C:\Windows\system32\config\software.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-15 10:01 - 2014-07-14 12:24 - 01679360 _____ () C:\Users\DMC\s-1-5-21-3454095549-3568087932-2717066106-1008.rrr
2014-07-15 10:01 - 2014-06-05 13:52 - 00901120 _____ () C:\Users\David_2\s-1-5-21-3454095549-3568087932-2717066106-1013.rrr
2014-07-15 10:01 - 2014-05-14 17:27 - 00663552 _____ () C:\Users\CloneAccount\s-1-5-21-3454095549-3568087932-2717066106-1016.rrr
2014-07-15 10:01 - 2014-05-14 17:27 - 00245760 _____ () C:\Users\LogMeInRemoteUser\s-1-5-21-3454095549-3568087932-2717066106-1012.rrr
2014-07-15 10:01 - 2014-02-15 14:19 - 01073152 _____ () C:\Users\Howard\s-1-5-21-3454095549-3568087932-2717066106-1007.rrr
2014-07-15 10:01 - 2014-02-15 14:19 - 00712704 _____ () C:\Users\HowardJ\s-1-5-21-3454095549-3568087932-2717066106-1017.rrr
2014-07-15 10:01 - 2011-01-30 20:54 - 00000000 ____D () C:\Users\Administrator
2014-07-15 07:48 - 2014-06-13 18:52 - 00000000 ____D () C:\temp
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:54 - 2011-11-02 09:57 - 00000000 ____D () C:\ProgramData\PC1Data
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:49 - 2014-07-15 06:49 - 00031283 _____ () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home.htm
2014-07-15 06:49 - 2014-07-15 06:49 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-15 06:05 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\IObit
2014-07-15 06:05 - 2011-10-17 17:36 - 00000000 ____D () C:\ProgramData\IObit
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:58 - 2014-07-15 05:57 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:39 - 2014-07-14 17:36 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 17:28 - 2012-09-06 21:33 - 00000632 __RSH () C:\Users\DMC\ntuser.pol
2014-07-14 16:48 - 2013-08-13 09:38 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Mozilla
2014-07-14 15:20 - 2014-07-14 15:10 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:19 - 2014-07-14 15:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:18 - 2014-06-12 14:59 - 00000000 ____D () C:\Program Files\pcmax
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 13:43 - 2014-07-03 09:19 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-14 13:43 - 2013-01-02 12:43 - 00000000 ____D () C:\Users\Mr. HoJo\Documents\2012 Phone Messages
2014-07-14 13:43 - 2012-08-23 20:11 - 00000000 ____D () C:\Users\David\Downloads\Windows 7 Issues  Wake-on-Lan (WOL) for Windows 7 Made Easy!_files
2014-07-14 13:03 - 2014-07-14 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 12:39 - 2014-06-12 15:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 12:25 - 2009-07-13 20:03 - 62652416 _____ () C:\Windows\system32\config\software.rmbak
2014-07-14 12:25 - 2009-07-13 20:03 - 00524288 _____ () C:\Windows\system32\config\default.rmbak
2014-07-14 08:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Resources
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:46 - 2011-01-26 05:40 - 00000000 ____D () C:\Program Files\IObit
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:42 - 2011-01-24 10:31 - 00000000 ____D () C:\Program Files\Google
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-14 06:36 - 2014-02-15 14:40 - 27725824 _____ () C:\Windows\system32\config\components.iobit
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:06 - 2014-07-12 14:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\BlueJeep\Downloads\iExplore.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:49 - 2014-07-12 06:48 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-12 06:49 - 2013-09-17 21:46 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 06:49 - 2013-09-17 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 06:49 - 2011-01-26 05:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-12 06:47 - 2014-01-22 09:00 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-12 06:47 - 2014-01-22 09:00 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-12 06:15 - 2013-05-01 21:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:15 - 2014-07-10 07:11 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-10 05:24 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-05 11:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2009-07-14 01:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:02 - 2010-03-02 10:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 08:34 - 2014-02-15 14:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-07 07:25 - 2012-12-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
2014-06-29 19:40 - 2014-07-09 20:58 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:36 - 2014-07-09 20:58 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 12:33 - 2014-06-25 12:33 - 00016978 _____ () C:\Users\BlueJeep\Downloads\peggy.xlsx
 
Files to move or delete:
====================
C:\Users\BlueJeep\AcrobatPro_11_Web_WWMUI.exe
 
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ASCSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:29
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users