Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker infection among others - Please Help


  • This topic is locked This topic is locked
16 replies to this topic

#1 ClearFocus

ClearFocus

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 15 August 2014 - 03:13 PM

Windows 7 Pro PC

Lots of popups and redirections in browsers

 

DDS.com would not run, even after running rkill.  It would only run after I disabled all non-MS services and startup items and restarted. 

 

Thanks for any help.

 

DDS Log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.65.2
Run by epeterman at 16:12:44 on 2014-08-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3983.2723 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
uDefault_Page_URL = hxxp://dell13-comm.msn.com
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: NoDispScrSavPage = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{350226D0-E23C-4035-AB01-24FDA30F34D3} : DHCPNameServer = 192.168.1.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\users\epeter~1\appdata\local\linkey\ieexte~1\iedll.dll 
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
x64-BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-22 20464]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64;{55dce8ba-9dec-4013-937e-adbf9317d990}w64;C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [2014-8-7 61584]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [2014-7-28 41872]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-11-5 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-1-17 72216]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmxpflt.sys [2007-7-6 265744]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2007-7-6 42000]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-22 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-22 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-22 792560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-22 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-15 119512]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-6 1255736]
S4 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-16 218504]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-22 13632]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
S4 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-22 165336]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-12-10 376144]
S4 SmdmFService;SmdmF Service;C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [2014-7-28 3572240]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-22 366040]
S4 Update Deal Keeper;Update Deal Keeper;C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [2014-7-28 323320]
S4 Util Deal Keeper;Util Deal Keeper;C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [2014-7-28 323320]
S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
S4 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
.
=============== Created Last 30 ================
.
2014-08-15 15:04:01 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-15 15:03:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-15 12:38:41 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DF312D9-1F55-466F-B234-775BADE54A18}\mpengine.dll
2014-08-13 16:30:47 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-13 16:30:47 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-13 16:30:47 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-13 16:30:47 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-13 16:30:45 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-13 16:30:45 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-13 16:30:37 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:30:37 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-13 12:39:59 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-13 12:39:59 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-13 12:39:58 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-13 12:39:57 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-07 20:37:51 61584 ----a-w- C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
2014-08-01 12:30:41 -------- d-----w- C:\ProgramData\374311380
2014-07-28 13:31:00 -------- d-----w- C:\ProgramData\UAB
2014-07-28 13:30:59 -------- d-----w- C:\Users\epeterman\AppData\Local\PC_Drivers_Headquarters
2014-07-28 13:30:57 -------- d-----w- C:\ProgramData\Driver Support
2014-07-28 13:30:45 -------- d-----w- C:\Program Files (x86)\Deal Keeper
2014-07-28 13:30:35 -------- d-----w- C:\Program Files (x86)\Driver Support
2014-07-28 13:30:21 -------- d-----w- C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC
2014-07-28 13:30:21 -------- d-----w- C:\Users\epeterman\AppData\Local\Linkey
2014-07-28 13:30:08 -------- d-----w- C:\Users\epeterman\AppData\Local\StormAlerts
2014-07-28 13:30:06 -------- d-----w- C:\Users\epeterman\AppData\Roaming\FirefoxToolbar
2014-07-28 13:30:05 -------- d-----w- C:\Users\epeterman\AppData\Local\Programs
2014-07-28 13:30:04 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-07-28 13:30:02 -------- d-----w- C:\ProgramData\smdmf
2014-07-28 13:11:04 -------- d-----w- C:\ProgramData\APN
2014-07-28 13:08:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-21 12:37:30 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-07-21 12:37:30 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-07-21 12:37:29 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 15:16:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 15:16:14 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 18:01:46 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-01-09 21:38:45 49940480 ----a-w- C:\Program Files (x86)\GUT4D17.tmp
.
============= FINISH: 16:13:30.86 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 16 August 2014 - 09:19 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 17 August 2014 - 12:18 PM

Thanks RPMcMurphy.  Here are the logs ...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by epeterman (administrator) on ED-PC on 17-08-2014 13:18:17
Running from C:\Users\epeterman\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [394952 2007-03-29] (Trend Micro Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-838180318-3242947858-2930357393-1117\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5483872 2014-07-16] (PC Drivers Headquarters)
HKU\S-1-5-21-838180318-3242947858-2930357393-1117\...\Policies\system: [NoDispScrSavPage] 1
HKU\S-1-5-21-838180318-3242947858-2930357393-1117\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-838180318-3242947858-2930357393-1117\...\MountPoints2: {c50cbcb1-797f-11e3-b9bb-b8ca3aaad7ca} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll File Not Found
AppInit_DLLs-x32: c:\users\epeter~1\appdata\local\linkey\ieexte~1\iedll.dll => "c:\users\epeter~1\appdata\local\linkey\ieexte~1\iedll.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\user.js
FF SearchPlugin: C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: Linkey for Firefox - C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\Extensions\extension@linkeyproject.com [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-28]
CHR Extension: (YouTube) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google Search) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Linkey) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Gmail) - C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-07-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Cwbrxd; C:\Windows\cwbrxd.exe [106496 2013-11-09] (IBM Corporation) [File not signed]
S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-16] ()
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-21] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-21] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)
S4 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [737920 2007-03-29] (Trend Micro Inc.)
S4 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3572240 2014-07-21] (Aztec Media Inc)
S4 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
S4 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [685776 2007-03-29] (Trend Micro Inc.)
S4 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [323320 2014-08-11] ()
S4 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-11] ()
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [41872 2014-07-21] (Aztec Media Inc)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3708776 2012-02-07] (Realtek Semiconductor Corp.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-08-15] (Malwarebytes Corporation)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2009-12-04] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2009-12-04] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2009-12-04] (Trend Micro Inc.)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-06] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 13:18 - 2014-08-17 13:18 - 00018115 _____ () C:\Users\epeterman\Desktop\FRST.txt
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ____D () C:\FRST
2014-08-17 13:17 - 2014-08-17 13:17 - 02101760 _____ (Farbar) C:\Users\epeterman\Downloads\FRST64.exe
2014-08-17 13:17 - 2014-08-17 13:17 - 02101760 _____ (Farbar) C:\Users\epeterman\Desktop\FRST64.exe
2014-08-15 16:13 - 2014-08-15 16:18 - 00007867 _____ () C:\Users\epeterman\Desktop\attach.txt
2014-08-15 16:13 - 2014-08-15 16:13 - 00019284 _____ () C:\Users\epeterman\Desktop\dds.txt
2014-08-15 12:07 - 2014-08-15 12:07 - 00688992 ____R (Swearware) C:\Users\epeterman\Desktop\dds.com
2014-08-15 12:07 - 2014-08-15 12:07 - 00688992 _____ (Swearware) C:\Users\epeterman\Downloads\dds.com
2014-08-15 11:04 - 2014-08-15 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 11:03 - 2014-08-15 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-15 11:02 - 2014-08-15 15:36 - 00002040 _____ () C:\Users\epeterman\Desktop\Rkill.txt
2014-08-15 11:02 - 2014-05-08 12:14 - 17523520 _____ (Malwarebytes Corporation ) C:\Users\epeterman\Desktop\Malwarebytes FREE mbam-setup.exe
2014-08-15 11:02 - 2014-05-08 12:14 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\epeterman\Desktop\RKill rkill.exe
2014-08-15 11:02 - 2014-05-08 12:13 - 01016261 _____ (Thisisu) C:\Users\epeterman\Desktop\Junkware Removal Tool JRT.exe
2014-08-15 11:02 - 2014-02-05 16:00 - 17832344 _____ (SUPERAntiSpyware) C:\Users\epeterman\Desktop\SuperAntiSpyware Portable SAS_567D9.EXE
2014-08-14 16:55 - 2014-08-14 16:55 - 00449216 _____ () C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898458_il35.exe
2014-08-14 16:55 - 2014-08-14 16:55 - 00449216 _____ () C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898133_il35.exe
2014-08-13 12:40 - 2014-08-13 12:40 - 00000066 _____ () C:\Windows\TMFilter.log
2014-08-13 12:30 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 12:30 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 12:30 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 12:30 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 12:30 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 12:30 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 12:30 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 12:30 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 08:41 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 08:41 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 08:41 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 08:41 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 08:41 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 08:41 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 08:41 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 08:41 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 08:41 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 08:41 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 08:41 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 08:41 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 08:41 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 08:41 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 08:41 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 08:41 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 08:41 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 08:41 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 08:41 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 08:41 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 08:41 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 08:41 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 08:41 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 08:41 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 08:41 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 08:41 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 08:41 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 08:41 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 08:41 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 08:41 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 08:41 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 08:41 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 08:41 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 08:41 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 08:41 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 08:41 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 08:41 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 08:41 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 08:41 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 08:41 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 08:41 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 08:41 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 08:41 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 08:41 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 08:41 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 08:41 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 08:41 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 08:41 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 08:41 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 08:41 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 08:41 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 08:41 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 08:41 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 08:41 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 08:41 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 08:41 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 08:41 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 08:41 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 08:41 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 08:41 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 08:41 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 08:41 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 08:41 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 08:41 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 08:41 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 08:41 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 08:41 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 08:41 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 08:41 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 08:41 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 08:41 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 08:41 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 08:41 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 08:41 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 08:41 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 08:41 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 08:41 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 08:41 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 08:41 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 08:41 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 08:41 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 08:41 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 08:41 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 08:39 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 08:39 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 08:39 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 08:39 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 14:38 - 2014-08-12 14:42 - 00033792 _____ () C:\Users\epeterman\Documents\FKFSPromNote2015.xls
2014-08-07 16:37 - 2014-08-06 16:29 - 00061584 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
2014-08-07 15:54 - 2014-08-07 15:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 08:37 - 2014-08-04 08:37 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (3).exe
2014-08-04 08:37 - 2014-08-04 08:37 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (2).exe
2014-08-04 08:36 - 2014-08-04 08:36 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup.exe
2014-08-04 08:36 - 2014-08-04 08:36 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (1).exe
2014-08-01 08:30 - 2014-08-01 08:30 - 00000000 ____D () C:\ProgramData\374311380
2014-07-28 09:35 - 2014-07-31 10:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-28 09:35 - 2014-07-31 10:08 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-28 09:35 - 2014-07-28 09:35 - 00000000 ____D () C:\Users\epeterman\Documents\Optimizer Pro
2014-07-28 09:31 - 2014-07-28 09:31 - 00003776 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-07-28 09:31 - 2014-07-28 09:31 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-07-28 09:31 - 2014-07-28 09:31 - 00003770 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-07-28 09:31 - 2014-07-28 09:31 - 00000000 ____D () C:\Users\epeterman\Downloads\Driver Support
2014-07-28 09:31 - 2014-07-28 09:31 - 00000000 ____D () C:\ProgramData\UAB
2014-07-28 09:30 - 2014-08-15 16:07 - 00000000 ____D () C:\ProgramData\smdmf
2014-07-28 09:30 - 2014-08-15 10:59 - 00000000 ____D () C:\Users\epeterman\AppData\Local\StormAlerts
2014-07-28 09:30 - 2014-08-07 16:36 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-07-28 09:30 - 2014-07-28 09:30 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Roaming\FirefoxToolbar
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\PC_Drivers_Headquarters
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\Linkey
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-28 09:29 - 2014-07-28 09:29 - 02077392 _____ (Microsoft Corporation) C:\Users\epeterman\Downloads\IE11-Windows6.1.exe
2014-07-28 09:11 - 2014-07-28 09:11 - 00000000 ____D () C:\ProgramData\APN
2014-07-28 09:08 - 2014-07-28 09:08 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 09:08 - 2014-07-28 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 09:08 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-28 09:08 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-28 09:08 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-28 09:08 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-17 13:18 - 2014-08-17 13:18 - 00018115 _____ () C:\Users\epeterman\Desktop\FRST.txt
2014-08-17 13:18 - 2014-08-17 13:18 - 00000000 ____D () C:\FRST
2014-08-17 13:17 - 2014-08-17 13:17 - 02101760 _____ (Farbar) C:\Users\epeterman\Downloads\FRST64.exe
2014-08-17 13:17 - 2014-08-17 13:17 - 02101760 _____ (Farbar) C:\Users\epeterman\Desktop\FRST64.exe
2014-08-17 13:16 - 2013-07-22 04:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 12:35 - 2014-01-09 17:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 08:37 - 2013-07-22 04:08 - 01174757 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 00:35 - 2014-01-09 17:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 16:18 - 2014-08-15 16:13 - 00007867 _____ () C:\Users\epeterman\Desktop\attach.txt
2014-08-15 16:15 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 16:15 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 16:13 - 2014-08-15 16:13 - 00019284 _____ () C:\Users\epeterman\Desktop\dds.txt
2014-08-15 16:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 16:08 - 2009-07-14 00:51 - 00036326 _____ () C:\Windows\setupact.log
2014-08-15 16:07 - 2014-07-28 09:30 - 00000000 ____D () C:\ProgramData\smdmf
2014-08-15 16:07 - 2014-01-09 18:02 - 00032100 _____ () C:\ssapi.log
2014-08-15 16:04 - 2014-08-15 11:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 16:02 - 2014-01-28 14:17 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-08-15 16:02 - 2014-01-28 14:17 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-15 16:02 - 2009-07-14 00:45 - 00301680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 15:36 - 2014-08-15 11:02 - 00002040 _____ () C:\Users\epeterman\Desktop\Rkill.txt
2014-08-15 12:07 - 2014-08-15 12:07 - 00688992 ____R (Swearware) C:\Users\epeterman\Desktop\dds.com
2014-08-15 12:07 - 2014-08-15 12:07 - 00688992 _____ (Swearware) C:\Users\epeterman\Downloads\dds.com
2014-08-15 11:03 - 2014-08-15 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-15 11:03 - 2009-07-14 01:13 - 00796470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 10:59 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\StormAlerts
2014-08-15 10:58 - 2014-01-09 17:33 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-15 08:37 - 2014-01-09 18:03 - 00008773 _____ () C:\Windows\cfgall.ini
2014-08-15 08:36 - 2014-01-17 17:06 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-14 16:55 - 2014-08-14 16:55 - 00449216 _____ () C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898458_il35.exe
2014-08-14 16:55 - 2014-08-14 16:55 - 00449216 _____ () C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898133_il35.exe
2014-08-14 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-13 12:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 12:40 - 2014-08-13 12:40 - 00000066 _____ () C:\Windows\TMFilter.log
2014-08-13 12:36 - 2014-01-09 18:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 12:34 - 2014-01-09 18:24 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 12:30 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 14:42 - 2014-08-12 14:38 - 00033792 _____ () C:\Users\epeterman\Documents\FKFSPromNote2015.xls
2014-08-11 08:29 - 2014-01-09 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 16:36 - 2014-07-28 09:30 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-08-07 15:55 - 2014-08-07 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 22:06 - 2014-08-13 08:39 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-13 08:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 16:29 - 2014-08-07 16:37 - 00061584 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
2014-08-04 08:37 - 2014-08-04 08:37 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (3).exe
2014-08-04 08:37 - 2014-08-04 08:37 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (2).exe
2014-08-04 08:36 - 2014-08-04 08:36 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup.exe
2014-08-04 08:36 - 2014-08-04 08:36 - 00063784 _____ (Fusion Install ) C:\Users\epeterman\Downloads\flashplayerpro_Setup (1).exe
2014-08-01 08:30 - 2014-08-01 08:30 - 00000000 ____D () C:\ProgramData\374311380
2014-07-31 19:41 - 2014-08-13 08:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-13 08:41 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 10:10 - 2014-07-28 09:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-31 10:08 - 2014-07-28 09:35 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-29 14:48 - 2010-11-20 23:47 - 00471994 _____ () C:\Windows\PFRO.log
2014-07-28 09:35 - 2014-07-28 09:35 - 00000000 ____D () C:\Users\epeterman\Documents\Optimizer Pro
2014-07-28 09:31 - 2014-07-28 09:31 - 00003776 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-07-28 09:31 - 2014-07-28 09:31 - 00003774 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-07-28 09:31 - 2014-07-28 09:31 - 00003770 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-07-28 09:31 - 2014-07-28 09:31 - 00000000 ____D () C:\Users\epeterman\Downloads\Driver Support
2014-07-28 09:31 - 2014-07-28 09:31 - 00000000 ____D () C:\ProgramData\UAB
2014-07-28 09:30 - 2014-07-28 09:30 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Roaming\FirefoxToolbar
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\PC_Drivers_Headquarters
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Users\epeterman\AppData\Local\Linkey
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-07-28 09:30 - 2014-07-28 09:30 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-28 09:29 - 2014-07-28 09:29 - 02077392 _____ (Microsoft Corporation) C:\Users\epeterman\Downloads\IE11-Windows6.1.exe
2014-07-28 09:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 09:11 - 2014-07-28 09:11 - 00000000 ____D () C:\ProgramData\APN
2014-07-28 09:09 - 2014-01-09 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-28 09:08 - 2014-07-28 09:08 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 09:08 - 2014-07-28 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-28 09:08 - 2014-01-24 11:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-25 10:52 - 2014-08-13 08:41 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-13 08:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-13 08:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-13 08:41 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-13 08:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-13 08:41 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-13 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-13 08:41 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-13 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-13 08:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-13 08:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-13 08:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-13 08:41 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-13 08:41 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-13 08:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-13 08:41 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-13 08:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-13 08:41 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-13 08:41 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-13 08:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-13 08:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-13 08:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-13 08:41 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-13 08:41 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-13 08:41 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-13 08:41 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-13 08:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-13 08:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-13 08:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-13 08:41 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-13 08:41 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-13 08:41 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-13 08:41 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-13 08:41 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-13 08:41 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-13 08:41 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-13 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-13 08:41 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-13 08:41 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-13 08:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-13 08:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-13 08:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-13 08:41 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-13 08:41 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-13 08:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-13 08:41 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-13 08:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-13 08:41 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-13 08:41 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-13 08:41 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-13 08:41 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-13 08:41 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-13 08:41 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-13 08:41 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-21 08:38 - 2014-01-17 17:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-21 08:37 - 2014-01-17 17:06 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-07-21 08:37 - 2014-01-17 17:06 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-07-21 08:37 - 2014-01-17 17:06 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
 
Some content of TEMP:
====================
C:\Users\epeterman\AppData\Local\Temp\APNSetup.exe
C:\Users\epeterman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\epeterman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\epeterman\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 00:52
 
==================== End Of Log ============================
 
Look forward to hearing from you.

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 17 August 2014 - 08:09 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - {E6B73864-82DC-44AF-8E15-35BA2CC5FE43} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.15.1.20&apn_uid=46EAD2A2-C8AE-4A5D-B830-01329D5BF197&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17207&doi=2014-07-28&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p=
FF Extension: Linkey for Firefox - C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\Extensions\extension@linkeyproject.com [2014-07-28]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-07-28]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-06] (StdLib)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 17 August 2014 - 08:55 PM

Thanks RPMcMurphy.  Latest log file attached.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by epeterman at 2014-08-17 21:58:12 Run:1
Running from C:\Users\epeterman\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p={searchTerms}
SearchScopes: HKCU - {79EB7732-DBCE-418C-A547-C377FAAFDCD8} URL =
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll64.dll No File
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\EPETER~1\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=492&aid=227&itype=n&ver=13467&tm=422&src=ds&p=
FF Extension: Linkey for Firefox - C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\Extensions\extension@linkeyproject.com [2014-07-28]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-07-28]
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-06] (StdLib)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{79EB7732-DBCE-418C-A547-C377FAAFDCD8}" => Key deleted successfully.
"HKCR\CLSID\{79EB7732-DBCE-418C-A547-C377FAAFDCD8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E6B73864-82DC-44AF-8E15-35BA2CC5FE43}" => Key deleted successfully.
"HKCR\CLSID\{E6B73864-82DC-44AF-8E15-35BA2CC5FE43}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\Extensions\extension@linkeyproject.com => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah" => Key deleted successfully.
C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx => Moved successfully.
{55dce8ba-9dec-4013-937e-adbf9317d990}w64 => Service stopped successfully.
{55dce8ba-9dec-4013-937e-adbf9317d990}w64 => Service deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
EmptyTemp: => Removed 1.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Look forward to hearing from you.
 
Thanks!


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 18 August 2014 - 02:18 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 18 August 2014 - 05:34 PM

Thanks RPMcMurphy ... here's the combofix log:

 

ComboFix 14-08-17.01 - epeterman 08/18/2014  18:29:20.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3983.2489 [GMT -4:00]
Running from: c:\users\epeterman\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\374311380\BITD0B.tmp
c:\users\epeterman\Documents\FKFSAnnSal.xls~RF1f7797d.TMP
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-18 to 2014-08-18  )))))))))))))))))))))))))))))))
.
.
2014-08-18 22:32 . 2014-08-18 22:32 -------- d-----w- c:\users\Ed\AppData\Local\temp
2014-08-17 17:18 . 2014-08-18 01:58 -------- d-----w- C:\FRST
2014-08-15 15:04 . 2014-08-15 20:04 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-15 15:03 . 2014-08-15 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-08-15 12:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DF312D9-1F55-466F-B234-775BADE54A18}\mpengine.dll
2014-08-13 16:30 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 16:30 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 16:30 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 16:30 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 16:30 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 16:30 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 16:30 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:30 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 12:39 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 12:39 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 12:39 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 12:39 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-07 20:37 . 2014-08-06 20:29 61584 ----a-w- c:\windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
2014-07-28 13:31 . 2014-07-28 13:31 -------- d-----w- c:\programdata\UAB
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\users\epeterman\AppData\Local\PC_Drivers_Headquarters
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\programdata\Driver Support
2014-07-28 13:30 . 2014-08-07 20:36 -------- d-----w- c:\program files (x86)\Deal Keeper
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\program files (x86)\Driver Support
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\users\epeterman\AppData\Local\Linkey
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\users\epeterman\AppData\Local\Weather_Warnings_LLC
2014-07-28 13:30 . 2014-08-15 14:59 -------- d-----w- c:\users\epeterman\AppData\Local\StormAlerts
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\users\epeterman\AppData\Roaming\FirefoxToolbar
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\users\epeterman\AppData\Local\Programs
2014-07-28 13:30 . 2014-07-28 13:30 -------- d-----w- c:\program files (x86)\Settings Manager
2014-07-28 13:30 . 2014-08-18 22:34 -------- d-----w- c:\programdata\smdmf
2014-07-28 13:11 . 2014-07-28 13:11 -------- d-----w- c:\programdata\APN
2014-07-28 13:09 . 2014-07-28 13:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-28 13:08 . 2014-07-11 07:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 16:34 . 2014-01-09 22:24 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-12 12:27 . 2012-07-17 06:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-21 12:37 . 2014-01-17 21:06 35656 ----a-w- c:\windows\system32\LMIport.dll
2014-07-21 12:37 . 2014-01-17 21:06 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-21 12:37 . 2014-01-17 21:06 92488 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-09 15:16 . 2013-07-22 08:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 15:16 . 2013-07-22 08:08 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-10 03:31 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 03:31 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 18:01 . 2014-01-17 21:06 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-06-06 10:10 . 2014-07-10 03:31 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 03:31 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 03:30 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 03:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 03:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-10 03:31 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-10 03:31 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-10 03:31 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-10 03:31 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-10 03:31 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-10 03:31 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-10 03:31 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-10 03:31 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-10 03:31 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-10 03:31 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-10 03:31 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-10 03:31 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-10 03:31 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-10 03:31 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-10 03:31 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-09 21:38 . 2014-01-09 21:38 49940480 ----a-w- c:\program files (x86)\GUT4D17.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Support"="c:\program files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-07-16 5483872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 Update Deal Keeper;Update Deal Keeper;c:\program files (x86)\Deal Keeper\updateDealKeeper.exe;c:\program files (x86)\Deal Keeper\updateDealKeeper.exe [x]
R4 Util Deal Keeper;Util Deal Keeper;c:\program files (x86)\Deal Keeper\bin\utilDealKeeper.exe;c:\program files (x86)\Deal Keeper\bin\utilDealKeeper.exe [x]
R4 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
R4 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg;c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 SmdmFService;SmdmF Service;c:\program files (x86)\Settings Manager\smdmf\SmdmFService.exe;c:\program files (x86)\Settings Manager\smdmf\SmdmFService.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 17:36 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 15:16]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 21:30]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 21:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 02:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 02:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-AccuWage 2013 Java - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"ImagePath"="\??\c:\program files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Settings Manager\smdmf\smdmfu.exe
.
**************************************************************************
.
Completion time: 2014-08-18  18:37:46 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-18 22:37
.
Pre-Run: 452,295,090,176 bytes free
Post-Run: 452,936,114,176 bytes free
.
- - End Of File - - 445440198C5F7B03B5F03DB53F9352D2


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 20 August 2014 - 07:11 AM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 20 August 2014 - 08:30 PM

Here are the two logs ... thanks much!

 

ADWCleaner

 

# AdwCleaner v3.308 - Report created 20/08/2014 at 20:34:48
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : epeterman - ED-PC
# Running from : C:\Users\epeterman\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Found : SmdmFService
Service Found : Update Deal Keeper
Service Found : Util Deal Keeper
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\searchplugins\default-search.xml
File Found : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\user.js
Folder Found : C:\Program Files (x86)\Deal Keeper
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\smdmf
Folder Found : C:\Users\epeterman\AppData\Local\Linkey
Folder Found : C:\Users\epeterman\AppData\LocalLow\DataMngr
Folder Found : C:\Users\epeterman\AppData\Roaming\FirefoxToolbar
Folder Found : C:\Users\epeterman\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMUpdater
Task Found : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Deal Keeper
Key Found : HKCU\Software\Deal Keeper
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SmdmF
Key Found : [x64] HKCU\Software\Deal Keeper
Key Found : [x64] HKCU\Software\Deal Keeper
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SmdmF
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Linkey.Linkey
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Deal Keeper
Key Found : HKLM\SOFTWARE\Deal Keeper
Key Found : HKLM\SOFTWARE\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Deal Keeper
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Deal Keeper
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Linkey
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\86h4i3g4.default\prefs.js ]
 
 
[ File : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6543 octets] - [20/08/2014 20:34:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6603 octets] ##########
 

 

 

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/20/2014
Scan Time: 9:05:58 PM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.20.10
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: epeterman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382481
Time Elapsed: 5 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 3
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1756, , [02d805c31f5c51e527bb9c05f20fb050]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1736, , [02d805c31f5c51e527bb9c05f20fb050]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, 3960, , [4397eddbb3c88caa07db0b9602ffdf21]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 45
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, , [02d805c31f5c51e527bb9c05f20fb050], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [8d4d14b47b00fc3ad1524e242ad849b7], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [8d4d14b47b00fc3ad1524e242ad849b7], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [1dbdfccc0378b68085d4acfc07fb1de3], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [1dbdfccc0378b68085d4acfc07fb1de3], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, , [41994a7ec6b5979f43e8fc7646bce31d], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, , [e0fa10b892e9d0662cff2d4518eacd33], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [e8f2cdfb1b6067cffe155e1958a959a7], 
PUP.Optional.StormAlerts.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StormAlerts, , [2baf22a62a517bbbc9fb4b13a061ab55], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, , [607afdcbf58649ed2b1e25e1a360fb05], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\Deal Keeper, , [9d3d7a4edba033032b829e4c34ce827e], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, , [ac2e16b2d9a25fd7d9fc469ea65c6b95], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, , [9248d4f4661566d0eb5eb551a36052ae], 
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Deal Keeper, , [d901c0084b30f34301ada3470ef49b65], 
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmdmF, , [26b47850adcebc7a3f955094a35ff709], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [88528048304b38fe718d48cab053926e], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [15c57d4bb1ca4de99a9de44541c3b050], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY, , [8d4d5078364561d54b8e400abc482ad6], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [30aa794f8deece68c48ae60903ffdb25], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
 
Registry Values: 4
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [607afdcbf58649ed2b1e25e1a360fb05]
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [9248d4f4661566d0eb5eb551a36052ae]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0F1S1Q1K0I1S1U2X, , [15c57d4bb1ca4de99a9de44541c3b050]
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY|browsers, chrome,ff,ie, , [8d4d5078364561d54b8e400abc482ad6]
 
Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp, Good: (www.google.com), Bad: (http://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp),,[fcdebe0ad0ab290ddc5417b855af39c7]
 
Folders: 20
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\TEMP, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, , [08d253754c2fe254c164ed257093dd23], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\IEExtension, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Datamngr.A, C:\Users\epeterman\AppData\LocalLow\DataMngr, , [5d7d01c781fa76c043b6dce5887a18e8], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs\1.6.0.0, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
 
Files: 123
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, , [02d805c31f5c51e527bb9c05f20fb050], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, , [4397eddbb3c88caa07db0b9602ffdf21], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (1).exe, , [42986b5d532868cec652891e21e02dd3], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (2).exe, , [a436a5235d1ef145997f30779968e917], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (3).exe, , [11c9893f0d6eee48c355a601b948b64a], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup.exe, , [5684c50328536bcbcd4bffa807fac53b], 
PUP.Optional.Amonetize, C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898133_il35.exe, , [defca8200b702e08bcb7f3b6a160e917], 
PUP.Optional.Amonetize, C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898458_il35.exe, , [5189cbfd2f4cd066d3a00c9d788909f7], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\LinkeyDeals.exe, , [25b586425e1d3ff793a2f483d42de818], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\Uninstall.exe, , [e8f2cdfb1b6067cffe155e1958a959a7], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsuninstall.exe, , [2baf22a62a517bbbc9fb4b13a061ab55], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeper.ico, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\0, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\7za.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeperUn.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeperUninstall.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.InstallState, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\7za.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\BrowserAdapter.7z, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse.zip, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeperBAApp.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\sqlite3.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.InstallState, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.Bromon.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BroStats.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapter.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.CompatibilityChecker.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.FeSvc.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.PurBrowse.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.Repmon.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.Boost.A, C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, , [19c16a5ea4d71521e965a348659d09f7], 
PUP.Optional.Superfish.A, C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [07d3f2d6443767cf669b56a5ba4844bc], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsBrowser.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\SAUpdater.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\SAUpdater.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlerts.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlerts.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp0.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsBrowser.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsK.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsU.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\uninstall.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.DefaultSearch.A, C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\searchplugins\default-search.xml, , [e6f40eba5724bb7b9c2e808529da8e72], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, , [c317a226fe7d82b46467d431b152b947], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk, , [08d253754c2fe254c164ed257093dd23], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys, , [4e8ca028a8d35bdb49cfc188f4109e62], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\log.log, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\Helper.dll, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Datamngr.A, C:\Users\epeterman\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, , [5d7d01c781fa76c043b6dce5887a18e8], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs\1.6.0.0\user.config, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\favicon.ico, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Helper.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Internet Explorer Settings.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfbho.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr_u.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc2.cfg, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\tbicon.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Uninstall.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\Internet Explorer Settings.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmf.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr_u.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-838180318-3242947858-2930357393-1117.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF.xpt, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Look forward to hearing from you.  Thanks!


#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 22 August 2014 - 09:37 AM

Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif Also re-run MBAM, this time letting it remove the items it detects.
icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 27 August 2014 - 06:21 PM

ADWCleaner Log

 

# AdwCleaner v3.308 - Report created 20/08/2014 at 20:34:48
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : epeterman - ED-PC
# Running from : C:\Users\epeterman\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Found : SmdmFService
Service Found : Update Deal Keeper
Service Found : Util Deal Keeper
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\searchplugins\default-search.xml
File Found : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\user.js
Folder Found : C:\Program Files (x86)\Deal Keeper
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\smdmf
Folder Found : C:\Users\epeterman\AppData\Local\Linkey
Folder Found : C:\Users\epeterman\AppData\LocalLow\DataMngr
Folder Found : C:\Users\epeterman\AppData\Roaming\FirefoxToolbar
Folder Found : C:\Users\epeterman\Documents\Optimizer Pro
 
***** [ Scheduled Tasks ] *****
 
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMUpdater
Task Found : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Deal Keeper
Key Found : HKCU\Software\Deal Keeper
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SmdmF
Key Found : [x64] HKCU\Software\Deal Keeper
Key Found : [x64] HKCU\Software\Deal Keeper
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SmdmF
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Linkey.Linkey
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Deal Keeper
Key Found : HKLM\SOFTWARE\Deal Keeper
Key Found : HKLM\SOFTWARE\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Deal Keeper
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Deal Keeper
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Linkey
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\86h4i3g4.default\prefs.js ]
 
 
[ File : C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6543 octets] - [20/08/2014 20:34:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6603 octets] ##########
 

 

MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/20/2014
Scan Time: 9:05:58 PM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.20.10
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: epeterman
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382481
Time Elapsed: 5 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 3
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1756, , [02d805c31f5c51e527bb9c05f20fb050]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, 1736, , [02d805c31f5c51e527bb9c05f20fb050]
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, 3960, , [4397eddbb3c88caa07db0b9602ffdf21]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 45
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, , [02d805c31f5c51e527bb9c05f20fb050], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [8d4d14b47b00fc3ad1524e242ad849b7], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [8d4d14b47b00fc3ad1524e242ad849b7], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [1dbdfccc0378b68085d4acfc07fb1de3], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [1dbdfccc0378b68085d4acfc07fb1de3], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, , [41994a7ec6b5979f43e8fc7646bce31d], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Linkey.Linkey, , [e0fa10b892e9d0662cff2d4518eacd33], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [e8f2cdfb1b6067cffe155e1958a959a7], 
PUP.Optional.StormAlerts.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StormAlerts, , [2baf22a62a517bbbc9fb4b13a061ab55], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, , [607afdcbf58649ed2b1e25e1a360fb05], 
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\Deal Keeper, , [9d3d7a4edba033032b829e4c34ce827e], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, , [ac2e16b2d9a25fd7d9fc469ea65c6b95], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, , [9248d4f4661566d0eb5eb551a36052ae], 
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Deal Keeper, , [d901c0084b30f34301ada3470ef49b65], 
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmdmF, , [26b47850adcebc7a3f955094a35ff709], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [88528048304b38fe718d48cab053926e], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [15c57d4bb1ca4de99a9de44541c3b050], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY, , [8d4d5078364561d54b8e400abc482ad6], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [30aa794f8deece68c48ae60903ffdb25], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
 
Registry Values: 4
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [607afdcbf58649ed2b1e25e1a360fb05]
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [9248d4f4661566d0eb5eb551a36052ae]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0F1S1Q1K0I1S1U2X, , [15c57d4bb1ca4de99a9de44541c3b050]
PUP.Optional.Linkey.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY|browsers, chrome,ff,ie, , [8d4d5078364561d54b8e400abc482ad6]
 
Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-838180318-3242947858-2930357393-1117-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp, Good: (www.google.com), Bad: (http://www.default-search.net?sid=492&aid=227&itype=n&ver=13467&tm=422&src=hmp),,[fcdebe0ad0ab290ddc5417b855af39c7]
 
Folders: 20
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\TEMP, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, , [08d253754c2fe254c164ed257093dd23], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\ChromeExtension, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\IEExtension, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Datamngr.A, C:\Users\epeterman\AppData\LocalLow\DataMngr, , [5d7d01c781fa76c043b6dce5887a18e8], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs\1.6.0.0, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
 
Files: 123
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe, , [02d805c31f5c51e527bb9c05f20fb050], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe, , [4397eddbb3c88caa07db0b9602ffdf21], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (1).exe, , [42986b5d532868cec652891e21e02dd3], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (2).exe, , [a436a5235d1ef145997f30779968e917], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup (3).exe, , [11c9893f0d6eee48c355a601b948b64a], 
PUP.Optional.OptimumInstaller, C:\Users\epeterman\Downloads\flashplayerpro_Setup.exe, , [5684c50328536bcbcd4bffa807fac53b], 
PUP.Optional.Amonetize, C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898133_il35.exe, , [defca8200b702e08bcb7f3b6a160e917], 
PUP.Optional.Amonetize, C:\Users\epeterman\Downloads\FlashPlayersetup__280_i1171898458_il35.exe, , [5189cbfd2f4cd066d3a00c9d788909f7], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\LinkeyDeals.exe, , [25b586425e1d3ff793a2f483d42de818], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\Uninstall.exe, , [e8f2cdfb1b6067cffe155e1958a959a7], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsuninstall.exe, , [2baf22a62a517bbbc9fb4b13a061ab55], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeper.ico, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\0, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\7za.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeperUn.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\DealKeeperUninstall.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.InstallState, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\7za.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\BrowserAdapter.7z, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse.zip, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\DealKeeperBAApp.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\sqlite3.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.InstallState, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\{55dce8ba-9dec-4013-937e-adbf9317d990}.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.Bromon.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BroStats.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.BrowserAdapter.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.CompatibilityChecker.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.FeSvc.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.PurBrowse.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\plugins\DealKeeper.Repmon.dll, , [c11909bf94e739fd713b0edc729012ee], 
PUP.Optional.Boost.A, C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, , [19c16a5ea4d71521e965a348659d09f7], 
PUP.Optional.Superfish.A, C:\Users\epeterman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [07d3f2d6443767cf669b56a5ba4844bc], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsBrowser.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\SAUpdater.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\SAUpdater.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlerts.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlerts.exe.config, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsApp0.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsBrowser.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsK.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\StormAlertsU.dat, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\StormAlerts\uninstall.exe, , [37a3c5034c2f979fbf82c53bad56629e], 
PUP.Optional.DefaultSearch.A, C:\Users\epeterman\AppData\Roaming\Mozilla\Firefox\Profiles\mt08nuu2.default\searchplugins\default-search.xml, , [e6f40eba5724bb7b9c2e808529da8e72], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, , [c317a226fe7d82b46467d431b152b947], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk, , [08d253754c2fe254c164ed257093dd23], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys, , [4e8ca028a8d35bdb49cfc188f4109e62], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\log.log, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Linkey.A, C:\Users\epeterman\AppData\Local\Linkey\Helper.dll, , [07d3aa1eafcc64d20a10b29916ee01ff], 
PUP.Optional.Datamngr.A, C:\Users\epeterman\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, , [5d7d01c781fa76c043b6dce5887a18e8], 
PUP.Optional.StormAlerts.A, C:\Users\epeterman\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_a3es1riizt0hiyppzbnm3ys4gjuy1rhs\1.6.0.0\user.config, , [a337b513dba086b0e55e55827191d32d], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\favicon.ico, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Helper.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Internet Explorer Settings.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfbho.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr_u.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\smdmfmgrc2.cfg, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\tbicon.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\Uninstall.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\Internet Explorer Settings.exe, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmf.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfldr_u.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll, , [ffdbdeea5f1ca1950bf9e8f00bf7bb45], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-838180318-3242947858-2930357393-1117.cfg, , [9b3f2b9db9c294a208af5e7fee14cc34], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF.xpt, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
PUP.Optional.SettingsManager.A, C:\Users\epeterman\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, , [3b9ff8d0bac18aacf6c2a23bbc4652ae], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Eset Log

 

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe probably a variant of Win32/Systweak potentially unwanted application
C:\Windows\Installer\508b5700.msi probably a variant of Win32/Systweak potentially unwanted application
C:\Windows\Installer\fa3e526.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
 

 

Look forward to hearing from you ... many thanks!



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 28 August 2014 - 10:02 PM

Did you allow adwCleaner and MBAM to clean those detections they are picking up?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 04 September 2014 - 10:04 AM

Yes, I believe so ...



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 04 September 2014 - 12:52 PM

How is your computer running now?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 09 September 2014 - 08:49 PM

Seems to be much better!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users