Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Yahoo Spigot Removal Request


  • This topic is locked This topic is locked
7 replies to this topic

#1 hojoatt

hojoatt

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 17 July 2014 - 05:04 PM

I was directed by boopme under my original post title "Spigot Yahoo Redirect in all browsers" to run a series of cleaners and to record the DSS text and attach the attach.txt, It is attached. I ran all the tests suggested by boopme - namely MiniToolbox, ADW Cleaner, JunkWare Removal Tool, and Eset which did not remove the virus or whatever it is. An identical post on this identical topic required running ADW Cleaner, Junk Removal Tool, ComboFix, and Security Check and post the logs. This post was apparently too large to upload so is being split into two parts. Attached is the attach.txt, the DSS log and half of those tests log reports:

.DDS Report:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by BlueJeep at 15:11:25 on 2014-07-17
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1909.728 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\FileOpen\Services\FileOpenManager32.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Corel\WordPerfect Office X6\Programs\wpwin16.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
\\Utlawyer\bcnet\BestCase\WinBFS.EXE
C:\Program Files\LexisNexis\Time Matters 11\tmwe.exe
C:\Program Files\LexisNexis\Time Matters 11\TMMSGE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lexisnexiscenters.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1A8668B4-8669-4383-B60D-67A3227F86C2} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bluejeep\appdata\roaming\mozilla\firefox\profiles\683tioti.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF - prefs.js: keyword.url - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p=
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\users\bluejeep\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R2 FileOpenManager;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManager32.exe [2013-3-19 217456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-3-5 47640]
R3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\drivers\e1k6232.sys [2014-2-15 369416]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-2 200192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-7-14 30976]
S3 IAMT03;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMT03.sys [2010-3-2 40848]
S3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTV.sys [2010-3-2 38288]
S3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2010-3-2 47496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-26 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-26 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-5 1343400]
S4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-2-15 881952]
S4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-8-12 134456]
S4 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-2-15 2175264]
S4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-3-19 375120]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-11-2 794272]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;"c:\program files\macrium\reflect\reflectservice.exe" --> c:\program files\macrium\reflect\ReflectService.exe [?]
S4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-2 2320920]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2014-07-17 20:47:07 -------- d-----w- C:\$RECYCLE.BIN
2014-07-17 20:40:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e2c2254e-9c68-4e7f-80b6-78e22c0916e7}\offreg.dll
2014-07-17 20:33:37 98816 ----a-w- c:\windows\sed.exe
2014-07-17 20:33:37 256000 ----a-w- c:\windows\PEV.exe
2014-07-17 20:33:37 208896 ----a-w- c:\windows\MBR.exe
2014-07-15 12:54:11 -------- d-----w- c:\windows\ERUNT
2014-07-15 12:01:09 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-15 11:59:29 -------- d-----w- C:\AdwCleaner
2014-07-15 11:53:20 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e2c2254e-9c68-4e7f-80b6-78e22c0916e7}\mpengine.dll
2014-07-14 21:10:59 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-07-14 21:10:37 -------- d-----w- c:\programdata\HitmanPro
2014-07-14 18:40:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-10 02:58:23 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-10 02:58:23 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 14:42:48 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 14:42:27 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:42:00 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 14:42:00 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 14:42:00 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 14:42:00 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 14:41:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 14:41:03 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 14:41:03 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 14:41:03 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-09 14:41:03 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 14:41:03 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-09 14:41:03 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 14:41:03 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-09 14:41:03 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 14:39:59 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 14:39:59 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 14:39:59 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 14:39:59 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 14:39:59 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 14:39:59 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 14:39:59 172032 ----a-w- c:\windows\system32\wdigest.dll
.
==================== Find3M  ====================
.
2014-07-17 13:00:33 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-14 18:39:49 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-06 20:01:34 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-06-06 20:01:30 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-06-06 20:01:26 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-06-06 20:01:26 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-05-12 13:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 13:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-03 13:42:59 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-03 13:42:59 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-25 02:06:17 626688 ----a-w- c:\windows\system32\usp10.dll
.
============= FINISH: 15:12:24.49 ===============
 
 
ADW Cleaner report:
# AdwCleaner v3.215 - Report created 17/07/2014 at 09:04:17
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : BlueJeep - BACKOFFICE1
# Running from : C:\Users\BlueJeep\Downloads\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Users\BlueJeep\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\BlueJeep\Documents\Updater
Folder Deleted : C:\Users\Mr. HoJo\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Mr. HoJo\AppData\Roaming\registry mechanic
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\Description
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\eya5hcta.default\prefs.js ]
 
 
[ File : C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default\prefs.js ]
 
 
[ File : C:\Users\David_2\AppData\Roaming\Mozilla\Firefox\Profiles\j9zc2e6j.default\prefs.js ]
 
 
[ File : C:\Users\DMC\AppData\Roaming\Mozilla\Firefox\Profiles\9s1hr7s8.default\prefs.js ]
 
 
[ File : C:\Users\DMC\AppData\Roaming\Mozilla\Firefox\Profiles\nl1c158b.default\prefs.js ]
 
 
[ File : C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\t9hkclve.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\David_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\DMC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\HowardJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Mr. HoJo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18138 octets] - [15/07/2014 06:00:25]
AdwCleaner[R1].txt - [2361 octets] - [17/07/2014 08:56:50]
AdwCleaner[S0].txt - [19034 octets] - [15/07/2014 06:05:57]
AdwCleaner[S1].txt - [2293 octets] - [17/07/2014 09:04:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2353 octets] ##########
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 17 July 2014 - 05:06 PM

This is rest of test logs would not fit into original post:

 

Junkware Removal Tool Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by BlueJeep on Thu 07/17/2014 at 14:27:11.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
~~~ Services
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3454095549-3568087932-2717066106-1015\Software\Microsoft\Internet Explorer\Main\\Start Page
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19F4A65D-8AEA-4520-ABB6-9A3B29975056}
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\rmschedule.job
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\pc1data"
Failed to delete: [Folder] "C:\ProgramData\application data\pc1data"
Successfully deleted: [Folder] "C:\Users\BlueJeep\AppData\Roaming\registry mechanic"
 
 
 
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/17/2014 at 14:29:00.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ComboFix Log Report.txt:
ComboFix 14-07-17.03 - BlueJeep 07/17/2014  14:37:34.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1909.712 [GMT -6:00]
Running from: c:\users\BlueJeep\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinConfig
c:\program files\WinConfig\npf_mgm.exe
c:\programdata\31C5C10AC3.sys
c:\programdata\Taskmgr
c:\programdata\Taskmgr\OD01.int
c:\programdata\Taskmgr\OD15.int
c:\users\BlueJeep\AppData\Local\assembly\tmp
c:\users\Mr. HoJo\AppData\Local\assembly\tmp
c:\users\Mr. HoJo\AppData\Local\assembly\tmp\SR8SEPLH\__AssemblyInfo__.ini
c:\users\Mr. HoJo\AppData\Local\assembly\tmp\SR8SEPLH\AddinExpress.MSO.2005.DLL
c:\windows\system32\SET14DB.tmp
c:\windows\system32\SET4A96.tmp
c:\windows\system32\SET8C68.tmp
c:\windows\system32\SETAB52.tmp
c:\windows\system32\SETB807.tmp
c:\windows\system32\SETEBCE.tmp
c:\windows\system32\WanPacket.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-17 to 2014-07-17  )))))))))))))))))))))))))))))))
.
.
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\HowardJ\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\Howard\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\DMC\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\David_2\AppData\Local\temp
2014-07-17 20:45 . 2014-07-17 20:45 -------- d-----w- c:\users\David\AppData\Local\temp
2014-07-17 03:22 . 2014-07-17 03:22 -------- d-----w- c:\users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-15 12:54 . 2014-07-15 12:54 -------- d-----w- c:\windows\ERUNT
2014-07-15 12:01 . 2010-08-30 14:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-15 11:59 . 2014-07-17 15:09 -------- d-----w- C:\AdwCleaner
2014-07-15 11:53 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2C2254E-9C68-4E7F-80B6-78E22C0916E7}\mpengine.dll
2014-07-14 21:10 . 2014-07-14 21:20 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-07-14 21:10 . 2014-07-14 21:19 -------- d-----w- c:\programdata\HitmanPro
2014-07-14 18:40 . 2014-07-14 19:03 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-10 02:58 . 2014-06-30 01:40 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-10 02:58 . 2014-06-30 01:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 14:42 . 2014-07-09 14:42 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 14:42 . 2014-07-09 14:42 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:42 . 2014-07-09 14:42 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 14:42 . 2014-07-09 14:42 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 14:42 . 2014-07-09 14:42 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:42 . 2014-07-09 14:42 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 14:41 . 2014-07-09 14:41 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 14:41 . 2014-07-09 14:41 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 14:41 . 2014-07-09 14:41 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 14:41 . 2014-07-09 14:41 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-09 14:41 . 2014-07-09 14:41 399360 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 14:41 . 2014-07-09 14:41 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 14:41 . 2014-07-09 14:41 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 14:41 . 2014-07-09 14:41 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 14:41 . 2014-07-09 14:41 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 14:39 . 2014-07-09 14:39 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 14:39 . 2014-07-09 14:39 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 14:39 . 2014-07-09 14:39 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 14:39 . 2014-07-09 14:39 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 14:39 . 2014-07-09 14:39 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 14:39 . 2014-07-09 14:39 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 14:39 . 2014-07-09 14:39 172032 ----a-w- c:\windows\system32\wdigest.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-17 13:00 . 2014-01-13 21:05 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-14 18:39 . 2014-06-12 21:18 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-06 20:01 . 2013-03-05 07:41 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-06-06 20:01 . 2013-03-05 07:41 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-06-06 20:01 . 2013-03-05 07:41 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-06-06 20:01 . 2013-03-05 07:41 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-05-12 13:26 . 2014-06-12 21:18 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 13:25 . 2014-06-12 21:18 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06 . 2014-06-11 12:00 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06 . 2014-06-11 12:00 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-03 13:42 . 2012-04-05 12:57 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-03 13:42 . 2011-05-16 13:59 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-25 02:06 . 2014-06-11 12:00 626688 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-06-05 19:59 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 20:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk]
backup=c:\windows\pss\CardMinder Viewer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk]
backup=c:\windows\pss\Conversion to PDF with ScanSnap Organizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk]
backup=c:\windows\pss\ScanSnap Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^BlueJeep^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Mr. HoJo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
backup=c:\windows\pss\eFax 4.4.lnkStartup
path=c:\users\Mr. HoJo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
backupExtension=Startup
.
[HKLM\~\startupfolder\C:^Users^Mr. HoJo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
path=c:\users\Mr. HoJo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backupExtension=Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slick Savings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{747F4296-271A-AD7F-C968-4F70D1826C6D}
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2014-05-08 13:49 3499896 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-05 01:58 856064 ----a-w- c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-02-28 02:38 558496 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7]
2014-02-12 00:08 2288928 ----a-w- c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-06-05 07:01 4489472 ----a-w- c:\users\BlueJeep\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-12-23 04:16 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-11-15 00:48 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2012-08-29 18:01 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker]
2013-03-26 18:23 908144 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2014-06-27 20:20 24477056 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-11 04:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-11 04:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2009-10-01 03:02 111640 ----a-r- c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2012-09-20 22:02 1425208 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2012-11-29 17:56 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcreg]
2014-05-29 11:16 79088 ----a-w- c:\program files\pcmax\service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PdxRegCl]
2010-10-27 18:52 54632 ----a-w- c:\program files\Corel\Paradox\Programs\PdxRegCl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-11 04:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2012-11-01 03:00 155592 ----a-w- c:\program files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2014-02-15 20:32 12017368 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2012-08-21 20:43 105120 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 16:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 lsjsopcd;lsjsopcd;c:\windows\system32\drivers\lsjsopcd.sys [x]
R1 MpKsl18925ac7;MpKsl18925ac7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DFC0C8E-4C01-444F-8755-A1944F58D8C2}\MpKsl18925ac7.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-07-14 30976]
R3 IAMT03;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMT03.sys [2007-04-11 40848]
R3 IAMTV;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTV.sys [2007-04-11 38288]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXP.sys [2007-04-11 47496]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-09 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-26 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-26 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-05 1343400]
R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
R4 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-08-12 134456]
R4 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-06-05 2175264]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2014-06-06 375120]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
R4 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2012-06-12 16064]
S2 FileOpenManager;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManager32.exe [2013-03-19 217456]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-01 13624]
S3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2014-02-15 369416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 200192]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
svcboot_dsdshfs REG_MULTI_SZ    svcboot_dsdshfs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-14 13:42 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:42]
.
2014-07-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3454095549-3568087932-2717066106-1015.job
- c:\program files\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-04 18:14]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 16:31]
.
2014-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-24 16:31]
.
2014-07-17 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [2012-11-03 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X6\Programs\WPLauncher.hta
Trusted Zone: uscourts.gov
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=114576&fr=spigot-yhp-ff
FF - prefs.js: keyword.url - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=114576&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKU-Default-Run-AROReminder - c:\program files\ARO 2012\aro.exe
SafeBoot-MsMpSvc
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-NextLive - c:\users\BlueJeep\AppData\Roaming\newnext.me\nengine.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Setup"="06-JW88-6TK6-S311-K5QX-FWJX-VFJTMFS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msiexec.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-07-17  14:50:43 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-17 20:50
.
Pre-Run: 347,107,979,264 bytes free
Post-Run: 347,092,652,032 bytes free
.
- - End Of File - - 11872210DFA1CD0B543970DA8AF5E6C7
A36C5E4F47E84449FF07ED3517B43A31
 
 
Security Check Txt:
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
  Adobe Flash Player  13.0.0.206 Flash Player out of Date!
 Mozilla Firefox (30.0) 
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 22 July 2014 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541368 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:31 PM

Posted 27 July 2014 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you still need help.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

===

Wait for further instructions.

#5 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 28 July 2014 - 07:12 AM

I was able to get Internet Explorer going again so did not follow the email before last one but ran the Frst tool in last email to see where we are and here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by BlueJeep (administrator) on BACKOFFICE1 on 28-07-2014 06:09:14
Running from C:\Users\BlueJeep\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3454095549-3568087932-2717066106-1015\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {F4E5F416-5761-427E-A471-EB684BB7799B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9728D77C-3F94-4C9C-9A4E-0713B0EA6969} URL = 
SearchScopes: HKCU - {F4E5F416-5761-427E-A471-EB684BB7799B} URL = https://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\BlueJeep\AppData\Roaming\Mozilla\Firefox\Profiles\683tioti.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\BlueJeep\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-14]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://online.wellsfargo.com/login?ERROR_CODE=ZXJyb3IuY29va2llc05vdEVuYWJsZWQ%3D", "hxxp://www.utb.uscourts.gov/", "hxxp://www.law.cornell.edu/uscode/text", "hxxp://www.law.cornell.edu/rules/frbp", "https://bay182.mail.live.com/default.aspx", "https://ecf.utb.uscourts.gov/cgi-bin/login.pl", "https://www.xfinityhomesecurity.com/sp/camerasLiveVideo.html?ID=1265661.2"
CHR Extension: (Google Docs) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-14]
CHR Extension: (Google Drive) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-14]
CHR Extension: (YouTube) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-14]
CHR Extension: (Google Search) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-14]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-14]
CHR Extension: (Google Wallet) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-14]
CHR Extension: (Gmail) - C:\Users\BlueJeep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-10] (Adobe Systems) [File not signed]
S4 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
S4 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S4 atashost; C:\Windows\system32\atashost.exe [134456 2013-08-12] (Cisco WebEx LLC)
S4 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager32.exe [217456 2013-03-19] (FileOpen Systems Inc.)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-05] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-07-14] ()
S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation)
S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation)
S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16064 2012-06-12] (Macrium Software)
S3 catchme; \??\C:\Users\BlueJeep\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 06:09 - 2014-07-28 06:09 - 01084416 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-28 06:09 - 2014-07-28 06:09 - 00013157 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-26 17:23 - 2014-07-26 17:23 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195 (2).msi
2014-07-26 14:15 - 2014-07-26 17:38 - 00000228 _____ () C:\Windows\BestCWND.INI
2014-07-26 12:22 - 2014-07-26 12:23 - 29720784 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1-x86-en-us.exe
2014-07-26 12:04 - 2014-07-26 12:04 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195.msi
2014-07-26 12:04 - 2014-07-26 12:04 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195 (1).msi
2014-07-26 09:22 - 2014-07-26 09:22 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7.EXE
2014-07-26 09:18 - 2014-07-26 09:19 - 00002754 _____ () C:\Windows\IE10_main.log
2014-07-26 09:15 - 2014-07-26 09:15 - 58082952 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN764 (1).EXE
2014-07-26 09:13 - 2014-07-26 09:13 - 58082952 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-07-26 08:23 - 2014-07-26 08:23 - 00023664 _____ () C:\ComboFix.txt
2014-07-26 07:22 - 2014-07-26 17:28 - 00016374 _____ () C:\Windows\IE11_main.log
2014-07-26 06:03 - 2014-07-26 06:03 - 00013501 _____ () C:\Users\BlueJeep\Desktop\combofix - Shortcut.lnk
2014-07-25 13:10 - 2014-07-25 13:10 - 00004050 _____ () C:\Users\BlueJeep\Downloads\Adams,_Eliza.bci
2014-07-23 12:29 - 2014-07-23 12:31 - 00022458 _____ () C:\Users\BlueJeep\Downloads\SystemLook.txt
2014-07-23 09:10 - 2014-07-23 09:10 - 00000000 _____ () C:\asc_rdflag
2014-07-23 07:00 - 2014-07-23 07:00 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:28 - 2014-07-26 09:03 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Registry Mechanic
2014-07-22 17:15 - 2014-07-26 09:22 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-21 10:01 - 2014-07-26 09:06 - 00002244 _____ () C:\Windows\PFRO.log
2014-07-21 07:25 - 2014-07-28 06:09 - 00000000 ____D () C:\FRST
2014-07-21 07:10 - 2014-07-21 07:10 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST (2).exe
2014-07-21 07:09 - 2014-07-21 07:09 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST (1).exe
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:17 - 2014-07-28 06:01 - 00001804 _____ () C:\Windows\setupact.log
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 21:17 - 2014-07-18 21:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:15 - 2014-07-25 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:13 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-17 15:14 - 2014-07-17 15:34 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:33 - 2014-07-26 08:23 - 00000000 ____D () C:\Qoobox
2014-07-17 14:33 - 2014-07-17 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:33 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 14:33 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 14:33 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 14:33 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-17 14:32 - 2014-07-26 05:46 - 05563277 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 14:59 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:18 - 2014-07-16 21:19 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 _____ (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 10:05 - 2014-07-28 00:36 - 00459673 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:49 - 2014-07-25 05:36 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-15 06:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-25 05:35 - 00000000 ____D () C:\AdwCleaner
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:57 - 2014-07-15 05:58 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:36 - 2014-07-14 17:39 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:10 - 2014-07-14 15:20 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:10 - 2014-07-14 15:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 12:40 - 2014-07-14 13:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 12:24 - 2014-07-26 09:03 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-14 12:24 - 2014-07-26 09:03 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:42 - 2014-07-18 12:28 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:48 - 2014-07-12 06:49 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:11 - 2014-07-10 07:15 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-09 20:58 - 2014-06-29 19:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:58 - 2014-06-29 19:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-03 09:19 - 2014-07-14 13:43 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 06:10 - 2014-07-28 06:09 - 00013157 _____ () C:\Users\BlueJeep\Downloads\FRST.txt
2014-07-28 06:09 - 2014-07-28 06:09 - 01084416 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST.exe
2014-07-28 06:09 - 2014-07-21 07:25 - 00000000 ____D () C:\FRST
2014-07-28 06:08 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 06:08 - 2009-07-13 22:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 06:05 - 2014-07-15 10:05 - 00459673 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 06:04 - 2012-04-05 06:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 06:02 - 2012-04-05 06:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-28 06:02 - 2011-05-16 07:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-28 06:01 - 2014-07-18 21:17 - 00001804 _____ () C:\Windows\setupact.log
2014-07-28 06:01 - 2012-11-03 08:47 - 00000296 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2014-07-28 06:01 - 2011-11-02 10:23 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 06:01 - 2011-01-24 10:31 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 06:01 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 00:24 - 2011-01-24 10:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 00:14 - 2014-03-07 12:29 - 00000520 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3454095549-3568087932-2717066106-1015.job
2014-07-26 17:42 - 2011-10-07 07:29 - 00000202 _____ () C:\Windows\BestCOpn.ini
2014-07-26 17:42 - 2011-01-13 12:11 - 00003415 _____ () C:\Windows\bestcase.ini
2014-07-26 17:38 - 2014-07-26 14:15 - 00000228 _____ () C:\Windows\BestCWND.INI
2014-07-26 17:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 17:28 - 2014-07-26 07:22 - 00016374 _____ () C:\Windows\IE11_main.log
2014-07-26 17:23 - 2014-07-26 17:23 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195 (2).msi
2014-07-26 13:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2014-07-26 12:23 - 2014-07-26 12:22 - 29720784 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\IE11-Windows6.1-x86-en-us.exe
2014-07-26 12:04 - 2014-07-26 12:04 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195.msi
2014-07-26 12:04 - 2014-07-26 12:04 - 00659968 _____ () C:\Users\BlueJeep\Downloads\MicrosoftFixit50195 (1).msi
2014-07-26 11:10 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-26 09:41 - 2013-10-19 08:48 - 00156776 _____ () C:\Users\BlueJeep\Documents\WUPDATE.LOG
2014-07-26 09:41 - 2011-11-22 08:20 - 00898750 _____ () C:\ads_err.adt
2014-07-26 09:41 - 2011-11-22 08:20 - 00016896 _____ () C:\ads_err.adi
2014-07-26 09:22 - 2014-07-26 09:22 - 31893640 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN7.EXE
2014-07-26 09:22 - 2014-07-22 17:15 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-26 09:19 - 2014-07-26 09:18 - 00002754 _____ () C:\Windows\IE10_main.log
2014-07-26 09:15 - 2014-07-26 09:15 - 58082952 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN764 (1).EXE
2014-07-26 09:13 - 2014-07-26 09:13 - 58082952 _____ (Microsoft Corporation) C:\Users\BlueJeep\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-07-26 09:06 - 2014-07-21 10:01 - 00002244 _____ () C:\Windows\PFRO.log
2014-07-26 09:06 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep
2014-07-26 09:04 - 2009-07-13 20:03 - 62652416 _____ () C:\Windows\system32\config\software.rmbak
2014-07-26 09:04 - 2009-07-13 20:03 - 00524288 _____ () C:\Windows\system32\config\default.rmbak
2014-07-26 09:03 - 2014-07-22 17:28 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Registry Mechanic
2014-07-26 09:03 - 2014-07-14 12:24 - 09740288 _____ () C:\Users\Mr. HoJo\s-1-5-21-3454095549-3568087932-2717066106-1006.rrr
2014-07-26 09:03 - 2014-07-14 12:24 - 03153920 _____ () C:\Users\David\s-1-5-21-3454095549-3568087932-2717066106-1001.rrr
2014-07-26 09:03 - 2014-05-14 17:27 - 00245760 _____ () C:\Users\LogMeInRemoteUser\s-1-5-21-3454095549-3568087932-2717066106-1012.rrr
2014-07-26 09:03 - 2014-02-15 14:19 - 01073152 _____ () C:\Users\Howard\s-1-5-21-3454095549-3568087932-2717066106-1007.rrr
2014-07-26 09:03 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ
2014-07-26 09:03 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount
2014-07-26 09:03 - 2013-08-12 07:59 - 00000000 ____D () C:\Users\Howard
2014-07-26 09:03 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2
2014-07-26 09:03 - 2012-09-06 21:33 - 00000000 ____D () C:\Users\DMC
2014-07-26 09:03 - 2011-01-30 20:54 - 00000000 ____D () C:\Users\Administrator
2014-07-26 09:03 - 2011-01-26 10:01 - 00000000 ____D () C:\Users\Mr. HoJo
2014-07-26 09:03 - 2011-01-04 17:53 - 00000000 ____D () C:\Users\David
2014-07-26 08:23 - 2014-07-26 08:23 - 00023664 _____ () C:\ComboFix.txt
2014-07-26 08:23 - 2014-07-17 14:33 - 00000000 ____D () C:\Qoobox
2014-07-26 08:21 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2014-07-26 06:03 - 2014-07-26 06:03 - 00013501 _____ () C:\Users\BlueJeep\Desktop\combofix - Shortcut.lnk
2014-07-26 05:46 - 2014-07-17 14:32 - 05563277 ____R (Swearware) C:\Users\BlueJeep\Downloads\ComboFix.exe
2014-07-25 13:11 - 2013-08-14 09:04 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\CrashDumps
2014-07-25 13:10 - 2014-07-25 13:10 - 00004050 _____ () C:\Users\BlueJeep\Downloads\Adams,_Eliza.bci
2014-07-25 13:05 - 2011-08-03 11:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 13:04 - 2011-08-03 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 05:37 - 2014-07-18 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2014-07-25 05:37 - 2009-07-13 22:53 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 05:37 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-25 05:36 - 2014-07-15 06:49 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Avenue H - Utah's Health Insurance Marketplace - Home_files
2014-07-25 05:36 - 2014-06-05 14:01 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\ProductData
2014-07-25 05:36 - 2014-02-15 14:37 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-25 05:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-25 05:35 - 2014-07-15 05:59 - 00000000 ____D () C:\AdwCleaner
2014-07-23 12:31 - 2014-07-23 12:29 - 00022458 _____ () C:\Users\BlueJeep\Downloads\SystemLook.txt
2014-07-23 12:14 - 2011-01-24 17:52 - 00005813 _____ () C:\ads_err.adm
2014-07-23 09:10 - 2014-07-23 09:10 - 00000000 _____ () C:\asc_rdflag
2014-07-23 09:10 - 2014-03-03 12:10 - 62373888 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-07-23 09:10 - 2014-03-03 12:10 - 00389120 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-07-23 09:10 - 2014-03-03 12:10 - 00352256 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-07-23 09:10 - 2014-03-03 12:10 - 00032768 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-07-23 07:00 - 2014-07-23 07:00 - 00122608 _____ () C:\Users\BlueJeep\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:43 - 2013-08-13 13:42 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\FileZilla
2014-07-22 17:41 - 2014-02-15 14:40 - 62373888 _____ () C:\Windows\system32\config\software.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00389120 _____ () C:\Windows\system32\config\default.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00352256 _____ () C:\Windows\system32\config\sam.iobit
2014-07-22 17:41 - 2014-02-15 14:40 - 00032768 _____ () C:\Windows\system32\config\security.iobit
2014-07-21 07:32 - 2013-08-12 16:22 - 00000008 __RSH () C:\Users\BlueJeep\ntuser.pol
2014-07-21 07:32 - 2013-08-12 11:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-21 07:29 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-21 07:10 - 2014-07-21 07:10 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST (2).exe
2014-07-21 07:09 - 2014-07-21 07:09 - 01080320 _____ (Farbar) C:\Users\BlueJeep\Downloads\FRST (1).exe
2014-07-19 15:26 - 2010-03-02 10:37 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 21:43 - 2014-07-18 21:43 - 00000017 _____ () C:\Users\David_2\AppData\Local\resmon.resmoncfg
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\David_2\AppData\Local\WinZip
2014-07-18 21:23 - 2014-07-18 21:23 - 00330812 _____ () C:\Users\David_2\Downloads\14aren.zip
2014-07-18 21:21 - 2013-09-10 19:47 - 00000000 ____D () C:\Users\David_2\AppData\Local\Adobe
2014-07-18 21:21 - 2013-08-12 06:57 - 00000000 ____D () C:\Users\David_2\AppData\Roaming\Adobe
2014-07-18 21:17 - 2014-07-18 21:17 - 00443432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 21:17 - 2014-07-18 21:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 20:59 - 2014-07-18 20:59 - 00000000 ____D () C:\Users\David_2\AppData\Local\CrashDumps
2014-07-18 20:52 - 2013-08-12 19:34 - 00000000 ____D () C:\Users\BlueJeep\AppData\Local\Paint.NET
2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Program Files\Search
2014-07-18 17:16 - 2014-07-18 17:16 - 00000000 ____D () C:\Users\David_2\AppData\Local\Apps\2.0
2014-07-18 14:16 - 2014-07-18 14:16 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en (1).exe
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\Mozilla
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\FirefoxToolbar
2014-07-18 14:14 - 2014-07-18 14:14 - 02774120 _____ (Crystal Dew World ) C:\Users\CloneAccount\Downloads\CrystalDiskInfo6_1_14-en.exe
2014-07-18 14:14 - 2014-07-18 14:14 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082 (1).exe
2014-07-18 14:14 - 2014-07-18 14:13 - 00929416 _____ (CNET Download.com) C:\Users\CloneAccount\Downloads\cbsidlm-cbsi188-CrystalDiskInfo-SEO-10832082.exe
2014-07-18 12:28 - 2014-07-14 07:42 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 12:21 - 2014-07-18 12:21 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Paint.NET
2014-07-18 12:21 - 2013-08-13 14:13 - 00122608 _____ () C:\Users\CloneAccount\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 12:03 - 2014-07-18 12:03 - 00000000 ____D () C:\Installation
2014-07-18 12:02 - 2014-07-18 12:02 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\WinZip
2014-07-18 11:53 - 2013-08-13 14:13 - 00000632 __RSH () C:\Users\CloneAccount\ntuser.pol
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Roaming\IObit
2014-07-18 11:53 - 2013-08-13 14:12 - 00000000 ____D () C:\Users\CloneAccount\AppData\Local\Google
2014-07-18 11:53 - 2013-02-08 20:34 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-07-18 11:53 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-17 15:34 - 2014-07-17 15:14 - 00071475 _____ () C:\Users\BlueJeep\Documents\Report Logs.wpd
2014-07-17 15:11 - 2014-07-17 15:11 - 00688992 ____R (Swearware) C:\Users\BlueJeep\Downloads\dds (1).com
2014-07-17 14:59 - 2014-07-17 09:11 - 00049489 _____ () C:\Users\BlueJeep\Documents\ADW Cleaner report.wpd
2014-07-17 14:56 - 2014-07-17 14:56 - 00854390 _____ () C:\Users\BlueJeep\Downloads\SecurityCheck.exe
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-07-17 14:50 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
2014-07-17 14:49 - 2014-07-17 14:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-17 14:26 - 2014-07-17 14:26 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT (1).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (4).exe
2014-07-17 09:20 - 2014-07-17 09:20 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (3).exe
2014-07-17 09:17 - 2014-07-17 09:17 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (2).exe
2014-07-17 09:11 - 2014-07-17 09:11 - 00816128 _____ () C:\Users\BlueJeep\Downloads\RogueKiller (1).exe
2014-07-17 07:24 - 2014-03-03 18:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-17 05:50 - 2013-08-30 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 05:49 - 2014-02-15 14:37 - 00002167 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-07-17 05:49 - 2010-03-02 11:24 - 00000000 ____D () C:\Windows\Panther
2014-07-17 05:48 - 2010-03-02 11:06 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-16 21:22 - 2014-07-16 21:22 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Canneverbe Limited
2014-07-16 21:22 - 2013-09-17 18:13 - 00122608 _____ () C:\Users\HowardJ\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\Adobe
2014-07-16 21:20 - 2013-09-17 18:13 - 00000000 ____D () C:\Users\HowardJ\AppData\Local\Adobe
2014-07-16 21:19 - 2014-07-16 21:18 - 00009216 ___SH () C:\Users\David_2\Thumbs.db
2014-07-16 21:16 - 2013-09-17 18:13 - 00000632 __RSH () C:\Users\HowardJ\ntuser.pol
2014-07-16 21:16 - 2013-09-17 18:12 - 00000000 ____D () C:\Users\HowardJ\AppData\Roaming\IObit
2014-07-16 21:15 - 2013-08-12 06:57 - 00000632 __RSH () C:\Users\David_2\ntuser.pol
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-07-16 21:15 - 2013-03-14 06:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-07-16 21:09 - 2013-09-17 17:10 - 00000000 ____D () C:\Users\DMC\AppData\Local\CrashDumps
2014-07-16 13:04 - 2014-07-16 13:04 - 00003285 _____ () C:\Users\BlueJeep\Downloads\Tripp,_Rich.bci
2014-07-16 08:13 - 2014-07-16 08:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 10:39 - 2014-07-15 10:39 - 00688992 _____ (Swearware) C:\Users\BlueJeep\Downloads\dds.com
2014-07-15 07:48 - 2014-06-13 18:52 - 00000000 ____D () C:\temp
2014-07-15 06:58 - 2014-07-15 06:58 - 02347384 _____ (ESET) C:\Users\BlueJeep\Downloads\esetsmartinstaller_enu.exe
2014-07-15 06:54 - 2014-07-15 06:54 - 00000000 ____D () C:\Windows\ERUNT
2014-07-15 06:54 - 2011-11-02 09:57 - 00000000 ____D () C:\ProgramData\PC1Data
2014-07-15 06:53 - 2014-07-15 06:53 - 01016261 _____ (Thisisu) C:\Users\BlueJeep\Downloads\JRT.exe
2014-07-15 06:05 - 2013-08-12 16:22 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\IObit
2014-07-15 06:05 - 2011-10-17 17:36 - 00000000 ____D () C:\ProgramData\IObit
2014-07-15 06:00 - 2014-07-15 06:00 - 00018845 _____ () C:\Users\BlueJeep\Downloads\Ltrhead.wpd
2014-07-15 05:59 - 2014-07-15 05:59 - 01348263 _____ () C:\Users\BlueJeep\Downloads\AdwCleaner.exe
2014-07-15 05:58 - 2014-07-15 05:57 - 00026143 _____ () C:\Users\BlueJeep\Downloads\Result.txt
2014-07-15 05:57 - 2014-07-15 05:57 - 00401920 _____ (Farbar) C:\Users\BlueJeep\Downloads\MiniToolBox.exe
2014-07-14 17:56 - 2014-07-14 17:56 - 00000000 ___HD () C:\Users\DMC\Desktop\New folder
2014-07-14 17:39 - 2014-07-14 17:36 - 206658032 _____ (CURIOLAB S.M.B.A.) C:\Users\DMC\Downloads\ExterminateItSetup.exe
2014-07-14 17:28 - 2012-09-06 21:33 - 00000632 __RSH () C:\Users\DMC\ntuser.pol
2014-07-14 16:48 - 2013-08-13 09:38 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Mozilla
2014-07-14 15:20 - 2014-07-14 15:10 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-14 15:19 - 2014-07-14 15:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-14 15:18 - 2014-07-14 15:18 - 00332056 _____ () C:\Windows\system32\.crusader
2014-07-14 15:18 - 2014-06-12 14:59 - 00000000 ____D () C:\Program Files\pcmax
2014-07-14 15:10 - 2014-07-14 15:10 - 10278752 _____ (SurfRight B.V.) C:\Users\BlueJeep\Downloads\HitmanPro.exe
2014-07-14 15:06 - 2014-07-14 15:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller (1).exe
2014-07-14 13:43 - 2014-07-03 09:19 - 00000000 ____D () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com_files
2014-07-14 13:43 - 2013-01-02 12:43 - 00000000 ____D () C:\Users\Mr. HoJo\Documents\2012 Phone Messages
2014-07-14 13:43 - 2012-08-23 20:11 - 00000000 ____D () C:\Users\David\Downloads\Windows 7 Issues  Wake-on-Lan (WOL) for Windows 7 Made Easy!_files
2014-07-14 13:03 - 2014-07-14 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-14 12:39 - 2014-07-14 12:39 - 14349744 _____ (Malwarebytes Corp.) C:\Users\BlueJeep\Downloads\mbar-1.07.0.1012.exe
2014-07-14 08:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Resources
2014-07-14 08:08 - 2014-07-14 08:08 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-14 08:08 - 2014-07-14 08:08 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-14 07:46 - 2011-01-26 05:40 - 00000000 ____D () C:\Program Files\IObit
2014-07-14 07:42 - 2014-07-14 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 07:42 - 2011-01-24 10:31 - 00000000 ____D () C:\Program Files\Google
2014-07-14 07:35 - 2014-07-14 07:35 - 00000000 ____D () C:\Users\BlueJeep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-14 06:36 - 2014-02-15 14:40 - 27725824 _____ () C:\Windows\system32\config\components.iobit
2014-07-12 16:57 - 2014-07-12 16:57 - 04770392 _____ () C:\Users\BlueJeep\Downloads\RogueKiller.exe
2014-07-12 14:04 - 2014-07-12 14:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\BlueJeep\Downloads\tdsskiller.exe
2014-07-12 06:49 - 2014-07-12 06:48 - 04812672 _____ (Piriform Ltd) C:\Users\BlueJeep\Downloads\ccsetup415.exe
2014-07-12 06:49 - 2013-09-17 21:46 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 06:49 - 2013-09-17 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 06:49 - 2011-01-26 05:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-12 06:47 - 2014-01-22 09:00 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-07-12 06:47 - 2014-01-22 09:00 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-07-12 06:15 - 2013-05-01 21:18 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-11 10:42 - 2014-07-11 10:42 - 00027661 _____ () C:\Users\BlueJeep\Downloads\Media_1405096943957.zip
2014-07-10 07:15 - 2014-07-10 07:11 - 00010797 _____ () C:\Users\BlueJeep\Downloads\Revised hardship letter.wpd
2014-07-10 05:24 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:20 - 2014-05-05 11:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:20 - 2009-07-14 01:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:02 - 2010-03-02 10:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:30 - 2014-07-09 16:30 - 00003654 _____ () C:\Users\BlueJeep\Downloads\Bain,_Erin.bci
2014-07-09 08:42 - 2014-07-09 08:42 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:42 - 2014-07-09 08:42 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:41 - 2014-07-09 08:41 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:41 - 2014-07-09 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:41 - 2014-07-09 08:41 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:40 - 2014-07-09 08:40 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:40 - 2014-07-09 08:40 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:40 - 2014-07-09 08:40 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:40 - 2014-07-09 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:40 - 2014-07-09 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 08:39 - 2014-07-09 08:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 12:32 - 2014-07-07 12:32 - 00003786 _____ () C:\Users\BlueJeep\Downloads\Mellor,_Lynn.bci
2014-07-07 07:25 - 2012-12-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-03 09:19 - 2014-07-03 09:19 - 00024945 _____ () C:\Users\BlueJeep\Downloads\Schere v. ZF, INC., 578 So. 2d 739 - CourtListener.com.htm
2014-07-02 07:38 - 2014-07-02 07:38 - 00005461 _____ () C:\Users\BlueJeep\Downloads\Palfreyman,_Dan_&_Susan.bci
2014-07-01 08:17 - 2014-07-01 08:17 - 00005750 _____ () C:\Users\BlueJeep\Downloads\Ann_Penrod.bci
2014-07-01 07:18 - 2014-07-01 07:18 - 00285043 _____ () C:\Users\BlueJeep\Downloads\PAYCHECK1.jpeg.jpeg
2014-06-29 19:40 - 2014-07-09 20:58 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:36 - 2014-07-09 20:58 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Files to move or delete:
====================
C:\Users\BlueJeep\AcrobatPro_11_Web_WWMUI.exe
 
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\ASCSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:29
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:31 PM

Posted 28 July 2014 - 08:02 AM

Your FRST log is clean.

Any remaining issues?

#7 hojoatt

hojoatt
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 28 July 2014 - 08:04 AM

I do not see anything so maybe we can finally close this post and thanks for all your skill in weeding me through all of this



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:31 PM

Posted 28 July 2014 - 11:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users