Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Clicker Clikug.A or gigaclicks


  • This topic is locked This topic is locked
6 replies to this topic

#1 Edrod13

Edrod13

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 05 August 2014 - 06:49 PM

Just the other day my computer seemed to have an influx of pop ups and it was getting pretty bad. MSE found and cleaned the mentioned Trojan but my machine still seems a but sluggish. I am concerned that I might still have some issues left over and am requesting help with a hijackthis log. The computer is operational as I am posting from it now. I was able to delete two programs from the control panel called CinemaYB and IST Search which showed up the day I starting having issues. I think the infection was a fake JAVA request as I stopped the install half way through but obviously something was installed.

 

 

Any help would be greatly appreciated as I use this machine for my online banking.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:34:35 PM, on 8/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Hijack THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14362;https=127.0.0.1:14362
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 127.0.0 sams.nikonimaging.com
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} (Zenfolio Uploader) - http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jump Desktop Service (JumpDesktop) - Phase Five Systems - C:\Program Files (x86)\Jump Desktop\JumpService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MediaDeviceSrv - NetWork Host Corporation - C:\ProgramData\MediaDevice\1406922461\mediadev.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetworkHostSrv - NetWork Host Corporation - C:\ProgramData\NeworkHost\1406952075\webdev.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11612 bytes

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 PM

Posted 09 August 2014 - 08:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Edrod13

Edrod13
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 09 August 2014 - 11:35 PM

I just ran both Adwcleaner and Farbar without fixing or cleaning anything. As soon as I logged in here MSE alerted again that it found TrojanClicker:Win32/Clikug.D and SoftwareBundler:Win32/SquareNet. The item are at file:C:\Users\Edrod13\Appdata\roaming\serv\idlecrawler.exe and  file:C:\Users\Edrod13\Appdata\roaming\device\d.exe respectively.

 

Here are the logs:

# AdwCleaner v3.304 - Report created 09/08/2014 at 21:22:56
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : EDROD13 - I5-2500K
# Running from : C:\Users\EDROD13\Desktop\adwcleaner_3.304.exe
# Option : Scan

***** [ Services ] *****

Service Found : be0fb33b

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\supporter
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\EDROD13\AppData\Local\Chromatic Browser
Folder Found : C:\Users\EDROD13\AppData\Local\globalUpdate
Folder Found : C:\Users\EDROD13\AppData\Local\torch
Folder Found : C:\Users\EDROD13\AppData\Roaming\VOPackage
Folder Found : C:\Users\EDROD13\Documents\Updater
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [4525 octets] - [09/08/2014 21:22:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4585 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by EDROD13 (administrator) on I5-2500K on 09-08-2014 21:24:51
Running from C:\Users\EDROD13\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
(NetWork Host Corporation) C:\ProgramData\MediaDevice\1406922461\mediadev.exe
(NetWork Host Corporation) C:\ProgramData\NeworkHost\1406952075\webdev.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-10-16] (Seagate)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1325936 2009-10-16] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [904840 2009-10-16] (Acronis)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1284365564-139693682-2703393004-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKU\S-1-5-21-1284365564-139693682-2703393004-1000\...\Run: [Jump Desktop] => C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [424008 2011-12-21] (Phase Five Systems)
HKU\S-1-5-21-1284365564-139693682-2703393004-1000\...\MountPoints2: {07b7e362-ae27-11e0-80ef-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1284365564-139693682-2703393004-1000\...\MountPoints2: {f147c89c-34d3-11e3-bf21-0026832cfb1c} - L:\ScholasticReader.exe
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-08-01] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:14362;https=127.0.0.1:14362
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKCU\...\Firefox\Extensions: [{F9F30E2E-5B93-C4AA-228D-AE11FECD53FC}] - C:\Program Files (x86)\ver3click-n-mark\176.xpi

Chrome:
=======
CHR Extension: (CostMin) - C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-08-18] (Adobe Systems) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2011-12-21] (Phase Five Systems) [File not signed]
R2 MediaDeviceSrv; C:\ProgramData\MediaDevice\1406922461\mediadev.exe [409600 2014-08-01] (NetWork Host Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed]
R2 NetworkHostSrv; C:\ProgramData\NeworkHost\1406952075\webdev.exe [408576 2014-08-01] (NetWork Host Corporation) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1037312 2013-01-18] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 21:24 - 2014-08-09 21:25 - 00015720 _____ () C:\Users\EDROD13\Desktop\FRST.txt
2014-08-09 21:24 - 2014-08-09 21:24 - 00000000 ____D () C:\FRST
2014-08-09 21:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-09 21:22 - 2014-08-09 21:23 - 00000000 ____D () C:\AdwCleaner
2014-08-09 21:20 - 2014-08-09 21:20 - 02093568 _____ (Farbar) C:\Users\EDROD13\Desktop\FRST64.exe
2014-08-09 21:19 - 2014-08-09 21:19 - 01366203 _____ () C:\Users\EDROD13\Desktop\adwcleaner_3.304.exe
2014-08-09 21:16 - 2014-08-09 21:16 - 00000000 ___RD () C:\Users\EDROD13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-05 22:12 - 2014-08-09 21:15 - 00000280 _____ () C:\Windows\setupact.log
2014-08-05 22:12 - 2014-08-05 22:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 16:32 - 2014-08-05 16:34 - 00000000 ____D () C:\Hijack THIS
2014-08-05 16:31 - 2014-08-05 16:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\EDROD13\Downloads\HijackThis.exe
2014-08-05 12:44 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-05 12:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-05 12:44 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-05 12:43 - 2014-08-05 12:44 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-02 01:30 - 2014-08-02 01:30 - 01126449 _____ () C:\HttpProxy_36_133292_1406968250.dmp
2014-08-01 21:01 - 2014-08-01 21:01 - 00000000 ____D () C:\ProgramData\NeworkHost
2014-08-01 20:49 - 2014-08-09 21:20 - 00377859 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 17:43 - 2014-08-01 17:43 - 00447849 _____ () C:\HttpProxy_36_8096_1406940196.dmp
2014-08-01 17:41 - 2014-08-01 17:41 - 00719929 _____ () C:\HttpProxy_36_27744_1406940114.dmp
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\ProgramData\MediaDevice
2014-08-01 12:30 - 2014-08-01 12:30 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-01 12:25 - 2014-08-07 01:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 12:25 - 2014-08-01 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 12:25 - 2014-08-01 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 12:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 12:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:24 - 2014-08-01 12:24 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-01 12:22 - 2014-08-01 20:46 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\VOPackage
2014-08-01 12:22 - 2014-08-01 20:45 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-01 12:22 - 2014-08-01 12:32 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-08-01 12:22 - 2014-08-01 12:22 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\globalUpdate
2014-08-01 12:21 - 2014-08-05 15:53 - 00000000 ____D () C:\Program Files (x86)\ISTsearch
2014-08-01 12:21 - 2014-08-05 12:40 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\serv
2014-08-01 12:21 - 2014-08-01 20:46 - 00000000 ____D () C:\ProgramData\Online
2014-08-01 12:21 - 2014-08-01 20:45 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\10454
2014-08-01 12:21 - 2014-08-01 12:47 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-01 12:21 - 2014-08-01 12:22 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-01 12:21 - 2014-08-01 12:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\device
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Packages
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\ProgramData\c2ade557563918c1
2014-07-10 20:43 - 2014-07-24 12:08 - 00000000 ____D () C:\Users\EDROD13\Documents\Soccer JUSA U9
2014-07-10 09:27 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:27 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:27 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:27 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:27 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:27 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:27 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:27 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:27 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:27 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:27 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:27 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:27 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:27 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:27 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:27 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:27 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:27 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:27 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:27 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:27 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:27 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:27 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:27 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:27 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:27 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:27 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:27 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:27 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:27 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:27 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:27 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:27 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:27 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:27 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:27 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:27 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:27 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:27 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:27 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:27 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:27 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:27 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:27 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:27 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:27 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:27 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:27 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:27 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:27 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:27 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:27 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:27 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 09:27 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:27 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:27 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:27 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 09:27 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 09:27 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 09:27 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 09:27 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 09:27 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 09:27 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 09:27 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 09:27 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 21:25 - 2014-08-09 21:24 - 00015720 _____ () C:\Users\EDROD13\Desktop\FRST.txt
2014-08-09 21:25 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 21:25 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 21:24 - 2014-08-09 21:24 - 00000000 ____D () C:\FRST
2014-08-09 21:23 - 2014-08-09 21:22 - 00000000 ____D () C:\AdwCleaner
2014-08-09 21:23 - 2009-07-13 22:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 21:20 - 2014-08-09 21:20 - 02093568 _____ (Farbar) C:\Users\EDROD13\Desktop\FRST64.exe
2014-08-09 21:20 - 2014-08-01 20:49 - 00377859 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 21:19 - 2014-08-09 21:19 - 01366203 _____ () C:\Users\EDROD13\Desktop\adwcleaner_3.304.exe
2014-08-09 21:16 - 2014-08-09 21:16 - 00000000 ___RD () C:\Users\EDROD13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-08-09 21:15 - 2014-08-05 22:12 - 00000280 _____ () C:\Windows\setupact.log
2014-08-09 21:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 07:55 - 2012-04-02 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 01:09 - 2014-08-01 12:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 23:39 - 2011-08-07 17:07 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-08-05 22:12 - 2014-08-05 22:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 16:34 - 2014-08-05 16:32 - 00000000 ____D () C:\Hijack THIS
2014-08-05 16:31 - 2014-08-05 16:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\EDROD13\Downloads\HijackThis.exe
2014-08-05 16:31 - 2011-07-13 16:45 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\VirtualStore
2014-08-05 16:29 - 2011-07-13 16:45 - 00000000 ____D () C:\Users\EDROD13
2014-08-05 15:53 - 2014-08-01 12:21 - 00000000 ____D () C:\Program Files (x86)\ISTsearch
2014-08-05 15:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 15:26 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\Setup
2014-08-05 15:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-08-05 12:44 - 2014-08-05 12:43 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 12:44 - 2013-12-14 18:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 12:44 - 2012-11-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 12:40 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\serv
2014-08-02 01:30 - 2014-08-02 01:30 - 01126449 _____ () C:\HttpProxy_36_133292_1406968250.dmp
2014-08-01 21:01 - 2014-08-01 21:01 - 00000000 ____D () C:\ProgramData\NeworkHost
2014-08-01 20:46 - 2014-08-01 12:22 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\VOPackage
2014-08-01 20:46 - 2014-08-01 12:21 - 00000000 ____D () C:\ProgramData\Online
2014-08-01 20:45 - 2014-08-01 12:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-01 20:45 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\10454
2014-08-01 17:43 - 2014-08-01 17:43 - 00447849 _____ () C:\HttpProxy_36_8096_1406940196.dmp
2014-08-01 17:41 - 2014-08-01 17:41 - 00719929 _____ () C:\HttpProxy_36_27744_1406940114.dmp
2014-08-01 12:47 - 2014-08-01 12:47 - 00000000 ____D () C:\ProgramData\MediaDevice
2014-08-01 12:47 - 2014-08-01 12:21 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-01 12:32 - 2014-08-01 12:22 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-08-01 12:30 - 2014-08-01 12:30 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-01 12:25 - 2014-08-01 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 12:25 - 2014-08-01 12:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 12:25 - 2011-07-27 00:47 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\Malwarebytes
2014-08-01 12:25 - 2011-07-27 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:24 - 2014-08-01 12:24 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-01 12:22 - 2014-08-01 12:22 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\globalUpdate
2014-08-01 12:22 - 2014-08-01 12:21 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-01 12:21 - 2014-08-01 12:21 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Guest
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Roaming\device
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Packages
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\Users\Administrator
2014-08-01 12:21 - 2014-08-01 12:21 - 00000000 ____D () C:\ProgramData\c2ade557563918c1
2014-08-01 12:21 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-01 12:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-01 10:12 - 2011-07-14 09:53 - 00000000 ____D () C:\Users\EDROD13\Documents\4911 Eureka
2014-08-01 09:30 - 2011-07-25 08:27 - 00000000 ____D () C:\Users\EDROD13\AppData\Local\CrashDumps
2014-07-25 12:55 - 2014-05-07 06:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-05 12:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-05 12:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-05 12:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 12:08 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\EDROD13\Documents\Soccer JUSA U9
2014-07-18 07:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 18:24 - 2012-08-20 10:02 - 00000000 ____D () C:\Windows\Minidump
2014-07-10 17:55 - 2012-04-02 21:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 17:55 - 2012-04-02 21:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 17:55 - 2011-07-15 00:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 17:44 - 2009-07-13 21:45 - 04923136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 17:43 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 09:46 - 2013-08-14 01:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 09:45 - 2011-08-01 23:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\EDROD13\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-01 13:02

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by EDROD13 at 2014-08-09 21:25:35
Running from C:\Users\EDROD13\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.28 - ASUSTeK Computer Inc.)
Any Video Converter 5.5.0 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
BCL easyPDF Printer 6 (HKLM\...\{8EAF3C82-921D-47E1-8685-B36B4E6B5039}) (Version: 6.3.17 - BCL Technologies)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.1 - NIKON CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Jump Desktop (HKLM-x32\...\{641410DD-5F16-4DEA-83C9-36D2D290FC18}) (Version: 3.2.0 - Phase Five Systems)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{AAB93551-3FFE-42B2-8315-96252BBC1033}) (Version: 7.02.4861 - Nero AG)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RescuePRO 3.2 (HKLM-x32\...\RescuePRO-3.0) (Version:  - )
Seagate DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8326 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Zenfolio Uploader (HKLM-x32\...\zfupload) (Version:  - Zenfolio, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1284365564-139693682-2703393004-1000_Classes\CLSID\{C539A15A-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)
CustomCLSID: HKU\S-1-5-21-1284365564-139693682-2703393004-1000_Classes\CLSID\{C539A15B-3AF9-4c92-B771-50CB78F5C751}\InprocServer32 -> C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll (Seagate)

==================== Restore Points  =========================

19-07-2014 15:56:09 Windows Update
24-07-2014 14:50:41 Windows Update
28-07-2014 14:56:10 Windows Update
01-08-2014 16:16:33 Windows Update
01-08-2014 19:22:31 Installed Java 7 Update 45
05-08-2014 19:34:09 Windows Update
05-08-2014 19:43:33 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-08-13 16:20 - 00000884 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0 sams.nikonimaging.com
0.0.0.0 sams.nikonimaging.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B91C3BC-4D94-453D-8DCB-B55EDB8F508A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {96920EEE-C176-4739-8F2E-3D77913F1733} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-11-03 02:30 - 2010-11-03 02:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2010-12-01 19:15 - 2010-12-01 19:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2011-07-15 00:15 - 2010-10-21 02:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2011-07-13 16:59 - 2011-04-14 19:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-15 00:13 - 2014-08-09 21:15 - 00025088 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2011-07-15 00:13 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2011-07-15 00:15 - 2011-02-24 10:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2011-07-15 00:15 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2011-07-15 00:15 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2011-07-15 00:15 - 2011-03-23 15:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2011-07-15 00:16 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2011-07-15 00:15 - 2011-01-13 16:47 - 00881152 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2011-07-15 00:15 - 2011-04-07 17:33 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2011-07-15 00:15 - 2011-01-07 16:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2011-07-15 00:15 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2011-07-15 00:15 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2011-07-15 00:13 - 2010-08-22 19:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2011-07-15 00:15 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2009-10-16 17:59 - 2009-10-16 17:59 - 01328480 _____ () C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
2012-06-20 14:48 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00868352 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00266240 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll
2010-07-19 15:23 - 2010-07-07 16:00 - 00065536 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll
2010-07-19 17:45 - 2010-07-07 16:00 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2010-07-19 17:45 - 2010-07-07 16:00 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2011-12-21 15:50 - 2011-12-21 15:50 - 02113608 _____ () C:\Program Files (x86)\Jump Desktop\JumpNetwork.dll
2014-02-13 21:42 - 2014-02-13 21:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-07-13 16:55 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-01 12:30 - 2014-08-01 12:30 - 00354304 _____ () C:\ProgramData\NetworkHostTask\vmhost.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2014 09:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 07:38:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 10:38:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 10:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:13:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 03:49:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 03:27:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 00:43:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service click-n-mark since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/05/2014 00:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 01:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: l1click-n-markbC176.exe, version: 1.176.0.0, time stamp: 0x53d965a0
Faulting module name: l1click-n-markbC176.dll, version: 0.0.0.0, time stamp: 0x53d96594
Exception code: 0xc0000005
Fault offset: 0x0000b75b
Faulting process id: 0x858
Faulting application start time: 0xl1click-n-markbC176.exe0
Faulting application path: l1click-n-markbC176.exe1
Faulting module path: l1click-n-markbC176.exe2
Report Id: l1click-n-markbC176.exe3

System errors:
=============
Error: (08/09/2014 09:16:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (08/09/2014 09:15:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/07/2014 07:37:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (08/07/2014 07:36:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/06/2014 10:37:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (08/06/2014 10:36:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/06/2014 10:08:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.

Error: (08/06/2014 10:07:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/06/2014 00:25:39 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (08/06/2014 00:25:39 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (08/09/2014 09:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 07:38:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 10:38:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2014 10:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 10:13:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 03:49:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 03:27:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 00:43:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service click-n-mark since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/05/2014 00:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2014 01:30:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: l1click-n-markbC176.exe1.176.0.053d965a0l1click-n-markbC176.dll0.0.0.053d96594c00000050000b75b85801cfae047204cbe3C:\Program Files (x86)\ver3click-n-mark\l1click-n-markbC176.exeC:\Program Files (x86)\ver3click-n-mark\l1click-n-markbC176.dll4f3e7ebe-1a1f-11e4-a087-0026832cfb1c

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8089.14 MB
Available physical RAM: 5366.68 MB
Total Pagefile: 16176.46 MB
Available Pagefile: 13159.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:15.14 GB) NTFS
Drive d: (STORAGE) (Fixed) (Total:97.66 GB) (Free:70.24 GB) NTFS
Drive e: (MUSIC) (Fixed) (Total:307.62 GB) (Free:267.46 GB) NTFS
Drive f: (CURRENT) (Fixed) (Total:428.58 GB) (Free:367.12 GB) NTFS
Drive g: (BACKUP 1 ) (Fixed) (Total:465.75 GB) (Free:143.2 GB) NTFS
Drive h: (BACKUP 2) (Fixed) (Total:465.75 GB) (Free:282.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2848D4BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=736 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 68AF598A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=OF Extended)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Apparently this Trojan is still not removed so your help would be greatly appreciated.  Thanks



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 PM

Posted 10 August 2014 - 08:22 AM

Run the Adwcleaner tool and clean everything.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-08-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (CostMin) - C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 MediaDeviceSrv; C:\ProgramData\MediaDevice\1406922461\mediadev.exe [409600 2014-08-01] (NetWork Host Corporation) [File not signed]
R2 NetworkHostSrv; C:\ProgramData\NeworkHost\1406952075\webdev.exe [408576 2014-08-01] (NetWork Host Corporation) [File not signed]
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
C:\ProgramData\NeworkHost
C:\Program Files (x86)\Supporter
C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko
C:\ProgramData\MediaDevice

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Edrod13

Edrod13
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 10 August 2014 - 06:06 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by EDROD13 at 2014-08-10 15:56:06 Run:1
Running from C:\Users\EDROD13\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\Program Files (x86)\Supporter\Supporter_x64.dll [4365824 2014-08-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={D392CCB1-772B-43AE-B221-6A01C4E32EFF}&mid=f19e4414fc3447d0ab07d16fc5c812ef-a7694a468c3df8c5b7e98e3150445b8eaea1eefa&lang=en&ds=qw011&pr=sa&d=2012-07-09 18:22:31&v=11.1.0.12&sap=dsp&q={searchTerms}
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (CostMin) - C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 MediaDeviceSrv; C:\ProgramData\MediaDevice\1406922461\mediadev.exe [409600 2014-08-01] (NetWork Host Corporation) [File not signed]
R2 NetworkHostSrv; C:\ProgramData\NeworkHost\1406952075\webdev.exe [408576 2014-08-01] (NetWork Host Corporation) [File not signed]
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
C:\ProgramData\NeworkHost
C:\Program Files (x86)\Supporter
C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko
C:\ProgramData\MediaDevice

End
*****************

"C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL" => Value Data not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"FF Plugin: @microsoft.com/GENUINE -> disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File not found.
C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
MediaDeviceSrv => Service not found.
NetworkHostSrv => Service not found.
be0fb33b => Service not found.
C:\ProgramData\NeworkHost => Moved successfully.
"C:\Program Files (x86)\Supporter" => File/Directory not found.
"C:\Users\EDROD13\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmphkmmmekffjeiaipogffafdfaoko" => File/Directory not found.
C:\ProgramData\MediaDevice => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spyder3Elite    
 Java 7 Update 67 
 Java 7 Update 45 
 Java version out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

The computer has always been pretty snappy except that I was getting a ton of pop ups when I originally got the infection. The computer is running great and I am not getting any pop ups I just want to make sure that the Trojan is gone. How does it look? Thanks

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 PM

Posted 11 August 2014 - 08:17 AM

You are looking good.

Remove this old version of Java 7 Update 45 using the Add/Remove programs.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 PM

Posted 16 August 2014 - 08:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users