Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UpdateFlashPlayer_xxxxxxxx.exe infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 karenbc

karenbc

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 20 September 2014 - 08:30 PM

Every few hours or so, a User Account Control message pops up asking permission for UpdateFlashPlayer to make changes to the computer. Ran MBAM which detected and cleaned some malware, but the issue with UpdateFlashPayer persists.

 

Help in eradicating this problem would be incredibly appreciated!

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by msjeanig at 21:03:16 on 2014-09-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6088.4085 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe
C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [hwrtpnkl] "C:\Users\msjeanig\AppData\Local\vtohrmxd.exe"
uRun: [hanfrsfm] "C:\Users\msjeanig\AppData\Local\ofufgnvh.exe"
uRun: [oeprohrr] "C:\Users\msjeanig\AppData\Local\irdqrrpk.exe"
uRun: [qtpiltlc] "C:\Users\msjeanig\AppData\Local\mcwpglek.exe"
uRun: [mnujtxmp] "C:\Users\msjeanig\AppData\Local\caqoufvs.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HelpDesk] C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
StartupFolder: C:\Users\msjeanig\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\msjeanig\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
StartupFolder: C:\Users\msjeanig\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ITOKBA~1.LNK - C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{40D6EFDB-380C-454E-89A3-978776AF369F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768}\14454593931313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768}\4497E65687 : DHCPNameServer = 192.168.2.1 205.152.37.23 205.152.150.23
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768}\4656661657C647 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768}\63034343 : DHCPNameServer = 192.168.0.2
TCP: Interfaces\{E524F5C5-F362-46B0-99EE-2933D55ED768}\74F6F6467796E6D275966496 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\s812n29t.default-1404073545831\
FF - prefs.js: browser.search.selectedEngine - Ask Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-4-14 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-4-14 39008]
R0 TMEBC;TMEBC;C:\windows\System32\drivers\TMEBC64.sys [2014-8-28 50976]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-4-14 13408]
R1 ITOKFilter;ITOKFilter;C:\windows\System32\drivers\ITOK.sys [2014-8-28 67808]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2014-8-28 85936]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2014-8-28 305760]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-14 13336]
R2 ITOKbackup;iTOK Backup Backup Service;C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe [2014-1-9 24912]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2013-9-7 72216]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-20 4799760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-14 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-3-12 266240]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-4-14 349224]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-4-14 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-4-14 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-4-14 76912]
S2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [2014-7-17 51016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-9-15 111616]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-4-14 299520]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ssmirrdr;ssmirrdr;C:\windows\System32\drivers\ssmirrdr.sys [2012-7-23 10112]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-20 20:53:41    --------    d-----w-    C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 20:53:36    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2014-09-20 20:53:14    187392    ----a-w-    C:\Users\msjeanig\AppData\Local\caqoufvs.exe
2014-09-20 03:42:53    --------    d-----w-    C:\FRST
2014-09-20 02:41:45    122584    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-20 02:41:24    91352    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-09-20 02:41:24    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-09-20 02:41:24    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-09-20 02:41:23    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 20:45:31    186368    ----a-w-    C:\Users\msjeanig\AppData\Local\mcwpglek.exe
2014-09-19 15:20:13    21528    ----a-w-    C:\windows\DCEBoot64.exe
2014-09-17 20:58:42    186368    ----a-w-    C:\Users\msjeanig\AppData\Local\irdqrrpk.exe
2014-09-15 19:27:10    171008    ----a-w-    C:\Users\msjeanig\AppData\Local\ofufgnvh.exe
2014-09-15 16:13:38    171008    ----a-w-    C:\Users\msjeanig\AppData\Local\vtohrmxd.exe
2014-09-15 16:07:25    2777088    ----a-w-    C:\windows\System32\msmpeg2vdec.dll
2014-09-15 16:07:25    2285056    ----a-w-    C:\windows\SysWow64\msmpeg2vdec.dll
2014-09-14 02:19:30    578048    ----a-w-    C:\windows\System32\aepdu.dll
2014-09-14 02:19:30    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-09-11 19:16:50    793600    ----a-w-    C:\windows\SysWow64\TSWorkspace.dll
2014-09-11 19:16:50    1031168    ----a-w-    C:\windows\System32\TSWorkspace.dll
2014-09-11 19:14:53    2565120    ----a-w-    C:\windows\System32\d3d10warp.dll
2014-09-11 19:14:52    1987584    ----a-w-    C:\windows\SysWow64\d3d10warp.dll
2014-09-11 19:14:41    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-09-11 19:14:41    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-09-11 19:14:41    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-09-11 19:14:40    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-09-11 19:14:40    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-09-03 17:52:59    231960    ----a-w-    C:\windows\RegBootClean64.exe
2014-08-28 22:38:56    --------    d--h--w-    C:\TMRescueDisk
2014-08-28 22:34:51    --------    d-----w-    C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 22:34:20    105744    ----a-w-    C:\windows\System32\drivers\tmtdi.sys
2014-08-28 22:34:16    85936    ----a-w-    C:\windows\System32\drivers\tmevtmgr.sys
2014-08-28 22:34:16    283160    ----a-w-    C:\windows\System32\drivers\tmcomm.sys
2014-08-28 22:34:16    117312    ----a-w-    C:\windows\System32\drivers\tmactmon.sys
2014-08-28 22:34:13    50976    ----a-w-    C:\windows\System32\drivers\TMEBC64.sys
2014-08-28 22:33:26    59    ----a-w-    C:\windows\System32\SupportTool.exe.bat
2014-08-28 22:32:57    --------    d-----w-    C:\Program Files\Trend Micro
2014-08-28 22:32:42    --------    d-----w-    C:\ProgramData\Trend Micro
2014-08-28 22:14:56    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-28 22:14:52    11319192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26F0FBEB-8DE8-4E90-9E7E-0378F69D4BFB}\mpengine.dll
2014-08-28 21:53:12    --------    d-----w-    C:\Program Files\CCleaner
2014-08-28 21:41:43    --------    d-----w-    C:\ProgramData\Trend Micro Installer
2014-08-28 21:23:28    67808    ----a-w-    C:\windows\System32\drivers\ITOK.sys
2014-08-28 21:23:26    --------    d-----w-    C:\Program Files\iTOK
2014-08-28 21:17:22    --------    d-----w-    C:\Program Files (x86)\iTOK
2014-08-28 20:59:20    --------    d-----w-    C:\Documents
2014-08-28 20:59:02    --------    d-----w-    C:\itok
2014-08-28 15:52:12    404480    ----a-w-    C:\windows\System32\gdi32.dll
2014-08-28 15:52:12    3163648    ----a-w-    C:\windows\System32\win32k.sys
2014-08-28 15:52:12    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
.
==================== Find3M  ====================
.
2014-08-18 22:29:49    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-08-05 13:20:00    270496    ------w-    C:\windows\System32\MpSigStub.exe
2014-07-25 06:35:46    875688    ----a-w-    C:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06    869544    ----a-w-    C:\windows\System32\msvcr120_clr0400.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\windows\SysWow64\rpcrt4.dll
2014-07-09 16:22:26    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:22:26    699056    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23    7168    ----a-w-    C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24:50    8856    ----a-w-    C:\windows\System32\icardres.dll
2014-06-30 22:14:53    8856    ----a-w-    C:\windows\SysWow64\icardres.dll
.
============= FINISH: 21:03:42.76 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 21 September 2014 - 01:56 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi karenbc,

I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 21 September 2014 - 11:21 PM

Hello Toffee. Thank you very much for your assistance. I'll run the Farbar tool and post the logs. I expect to be able to do that tomorrow evening or Tuesday morning.

 

Thanks again!

 

Karen



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 22 September 2014 - 10:22 AM

Hi karenbc,

 

Okay, thank you for letting me know :)

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 September 2014 - 09:59 AM

Logs you requested:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by msjeanig (administrator) on MSJEANIG-PC on 23-09-2014 10:49:13
Running from C:\Users\msjeanig\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe
(Dropbox, Inc.) C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(iTOK LLC) C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-04-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-14] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HelpDesk] => C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe [206848 2010-11-10] (iTOK LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hwrtpnkl] => C:\Users\msjeanig\AppData\Local\vtohrmxd.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hanfrsfm] => C:\Users\msjeanig\AppData\Local\ofufgnvh.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [oeprohrr] => C:\Users\msjeanig\AppData\Local\irdqrrpk.exe [186368 2014-09-17] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [mpfppkgv] => C:\Users\msjeanig\AppData\Local\ksitevhv.exe [187392 2014-09-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iTOK Backup Status.lnk
ShortcutTarget: iTOK Backup Status.lnk -> C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe (iTOK)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Quick Send Widget.lnk
ShortcutTarget: Jacquie Lawson Quick Send Widget.lnk -> C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe ()
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ITOK -> {119c49f2-2464-08f3-d1f1-10a44b7155d7} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK2 -> {60847b5b-77fd-f619-8d75-e4954d1dd5ae} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK3 -> {178324b1-a7b6-cf85-046c-c8fe8dad6a7f} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B607C63C-4127-4349-8345-17F5FA377DB9}&mid=83fb3c16d50647d1aa36d1502058a881-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B607C63C-4127-4349-8345-17F5FA377DB9}&mid=83fb3c16d50647d1aa36d1502058a881-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {BEDF120B-0B84-4688-9A22-75B7EADC78DD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&iwk=247&lng=en
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\s812n29t.default-1404073545831
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&doSSL=1&siteState=ver%3a4%7crt%3aSTANDARD%7cat%3aSNS%7cld%3amail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aANGELIA%7csnt%3aScreenName%7csid%3a2b5a8f85-18d6-4a25-98cf-0690a7ba33c5&offerId=newmail-en-us-v2&seamless=novl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3Ac1cd3635-e5c4-4b8d-b2ee-f40a8a75544a&locale=us"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchProvider: Default -> McAfee
CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-27]
CHR Extension: (Google Maps) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-09-13]
CHR Extension: (Google Wallet) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 ITOKbackup; C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe [24912 2014-01-09] (iTOK)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ITOKFilter; C:\Windows\System32\DRIVERS\ITOK.sys [67808 2014-01-09] (Mozy, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800576 2010-03-15] (Sonix Technology Co., Ltd.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-07-23] (support.com, Inc)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
U3 tmeevw; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 10:49 - 2014-09-23 10:50 - 00023648 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-23 10:49 - 2014-09-23 10:49 - 00003062 _____ () C:\windows\RegBootClean64.CFG
2014-09-23 10:43 - 2014-09-23 10:43 - 02105856 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-21 22:19 - 2014-09-21 22:19 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\qwfaowdi.exe
2014-09-21 17:42 - 2014-09-21 17:42 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\tbnmxonb.exe
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-19 23:42 - 2014-09-23 10:49 - 00000000 ____D () C:\FRST
2014-09-19 22:41 - 2014-09-20 15:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-19 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-19 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 14:22 - 2014-09-19 21:40 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 14:02 - 2014-09-20 21:35 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-19 11:23 - 2014-09-19 16:38 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:20 - 2014-09-19 11:24 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-17 16:58 - 2014-09-17 16:58 - 00186368 _____ () C:\Users\msjeanig\AppData\Local\irdqrrpk.exe
2014-09-15 16:14 - 2014-09-22 10:39 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-15 15:27 - 2014-09-15 15:27 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\ofufgnvh.exe
2014-09-15 12:19 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 12:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 12:19 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-15 12:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 12:19 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 12:19 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-15 12:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-15 12:19 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 12:19 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 12:19 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 12:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 12:19 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 12:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-15 12:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-15 12:13 - 2014-09-15 12:13 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\vtohrmxd.exe
2014-09-15 12:07 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 12:07 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 22:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-13 22:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 15:16 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 15:16 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 15:14 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 15:14 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 15:14 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-03 13:52 - 2014-09-23 10:49 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-08-29 10:49 - 2014-09-23 09:55 - 00005892 _____ () C:\windows\setupact.log
2014-08-29 10:49 - 2014-09-20 15:01 - 00023122 _____ () C:\windows\PFRO.log
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:34 - 2013-12-03 04:57 - 00283160 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00117312 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00085936 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2014-08-28 18:34 - 2013-07-01 09:08 - 00050976 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
2014-08-28 18:34 - 2011-08-22 11:33 - 00105744 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmtdi.sys
2014-08-28 18:33 - 2014-09-21 22:13 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:32 - 2014-09-03 13:53 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 18:32 - 2014-08-28 18:33 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:23 - 2014-01-09 08:52 - 00067808 _____ (Mozy, Inc.) C:\windows\system32\Drivers\ITOK.sys
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 16:59 - 2014-08-28 18:03 - 00000000 ____D () C:\itok
2014-08-28 11:52 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 11:52 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 11:52 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 10:50 - 2014-09-23 10:49 - 00023648 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-23 10:49 - 2014-09-23 10:49 - 00003062 _____ () C:\windows\RegBootClean64.CFG
2014-09-23 10:49 - 2014-09-19 23:42 - 00000000 ____D () C:\FRST
2014-09-23 10:49 - 2014-09-03 13:52 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-09-23 10:43 - 2014-09-23 10:43 - 02105856 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-23 10:33 - 2012-04-14 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 10:02 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:02 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 10:01 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-23 09:59 - 2012-04-14 16:46 - 01919168 _____ () C:\windows\WindowsUpdate.log
2014-09-23 09:55 - 2014-08-29 10:49 - 00005892 _____ () C:\windows\setupact.log
2014-09-23 09:55 - 2012-09-12 20:32 - 00000000 ___RD () C:\Users\msjeanig\Dropbox
2014-09-23 09:55 - 2012-09-12 20:29 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Dropbox
2014-09-23 09:55 - 2012-08-10 03:51 - 02404245 _____ () C:\FaceProv.log
2014-09-23 09:55 - 2012-04-14 17:22 - 00138129 _____ () C:\windows\system32\fastboot.set
2014-09-23 09:55 - 2012-04-14 17:21 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 09:55 - 2012-04-14 17:15 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-23 09:55 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 10:39 - 2014-09-15 16:14 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-21 22:19 - 2014-09-21 22:19 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\qwfaowdi.exe
2014-09-21 22:13 - 2014-08-28 18:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-21 17:42 - 2014-09-21 17:42 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\tbnmxonb.exe
2014-09-20 23:59 - 2014-08-16 12:37 - 00000000 ____D () C:\Users\msjeanig\Desktop\Siins of Scripture
2014-09-20 21:35 - 2014-09-19 14:02 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-20 18:01 - 2012-08-10 03:55 - 00112592 _____ () C:\Users\msjeanig\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 18:00 - 2009-07-14 00:45 - 00413840 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-20 16:40 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-20 15:14 - 2014-09-19 22:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 15:01 - 2014-08-29 10:49 - 00023122 _____ () C:\windows\PFRO.log
2014-09-20 15:01 - 2013-07-23 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:58 - 2014-01-09 08:52 - 00004774 _____ () C:\windows\ITOK.blk
2014-09-19 21:58 - 2014-01-09 08:52 - 00000208 _____ () C:\windows\ITOK.flt
2014-09-19 21:46 - 2013-12-27 14:41 - 00000000 ____D () C:\Users\msjeanig\Desktop\save for now
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 21:40 - 2014-09-19 14:22 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 16:38 - 2014-09-19 11:23 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:24 - 2014-09-19 11:20 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-19 11:19 - 2013-03-24 10:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 20:53 - 2012-09-12 20:30 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 16:58 - 2014-09-17 16:58 - 00186368 _____ () C:\Users\msjeanig\AppData\Local\irdqrrpk.exe
2014-09-15 17:37 - 2012-04-14 17:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 15:27 - 2014-09-15 15:27 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\ofufgnvh.exe
2014-09-15 12:18 - 2012-08-10 05:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 12:16 - 2014-02-27 16:23 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-15 12:16 - 2013-08-26 15:07 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 12:13 - 2014-09-15 12:13 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\vtohrmxd.exe
2014-09-15 12:09 - 2012-08-29 06:29 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-15 12:07 - 2014-04-30 00:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 10:58 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-08 18:49 - 2013-07-05 18:23 - 00000000 ____D () C:\windows\Minidump
2014-09-08 14:23 - 2014-07-04 16:51 - 00000000 ____D () C:\Users\msjeanig\Desktop\Small group
2014-09-04 22:10 - 2014-09-13 22:19 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-03 14:30 - 2012-02-04 18:06 - 00000000 ____D () C:\Users\msjeanig\Desktop\History of Bible
2014-09-03 13:53 - 2014-08-28 18:32 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:33 - 2014-08-28 18:32 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:33 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 18:05 - 2013-09-07 11:09 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-28 18:03 - 2014-08-28 16:59 - 00000000 ____D () C:\itok
2014-08-28 17:57 - 2013-09-07 18:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-28 17:56 - 2012-08-28 03:42 - 00000000 ___DC () C:\Users\msjeanig\AppData\Local\MigWiz
2014-08-28 17:56 - 2011-02-22 07:19 - 00000000 ____D () C:\windows\Panther
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:53 - 2013-03-23 18:48 - 00000000 __SHD () C:\Users\msjeanig\UserData
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 17:02 - 2013-09-07 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

Some content of TEMP:
====================
C:\Users\msjeanig\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjivxts.dll
C:\Users\msjeanig\AppData\Local\Temp\iTOK_HelpDesk-4.1.1.0.exe
C:\Users\msjeanig\AppData\Local\Temp\Upd6BBD_FlashPlayer.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_06d4b26d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_09d17e19.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_0f976d76.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_13a20e0a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_174629f7.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19b89d85.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19c88f36.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_1d7240c0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_25de2140.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_29759abd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2e7ff7e2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_35e6b13c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_38467d60.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_3b099d9f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_461d130f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_491910dd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4aecbfa5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4c1f3fdf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5964e077.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5a8b89d5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5bcdb5e5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c438c2c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c4efd90.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5d121069.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f76fb3b.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6175bb35.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_62d632f2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6cc7539c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6e2cf252.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6f65b733.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_710fc5a0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7d899090.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7e3d86ba.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7ed236da.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_83bcc11d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_86590115.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8796c939.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_898e1d7e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8bd047f3.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_91b1254f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_92c382de.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_95ca48e0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_a4a77eaf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ae52555a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b5e3f1fa.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b691702f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_bc133db5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_be146bd2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c15c5c50.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c1e8b276.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c35c726f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d2363dec.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d5bbe362.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e17e3e4a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e2634a9c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eb784b75.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eca950ce.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ed6f5fbc.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ef752fd8.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f18d2e8d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f3079f4e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ffee3748.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 18:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by msjeanig at 2014-09-23 10:50:29
Running from C:\Users\msjeanig\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{7D2C319D-3907-472D-9B55-EC1F240962FC}) (Version: 37.0.2062.28 - Google Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTOK Backup (HKLM\...\{26A82665-DE52-AA0F-0724-6B39E5B35F3A}) (Version: 2.24.2.360 - iTOK)
iTOK HelpDesk (HKLM-x32\...\iTOK HelpDesk) (Version: 4.1.1.0 - iTOK LLC)
Jacquie Lawson Quick Send Widget (HKLM-x32\...\JLQuickSendWidget) (Version: 1.0.4 - MicroCourt Limited)
Jacquie Lawson Quick Send Widget (x32 Version: 1.0.4 - MicroCourt Limited) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7400 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{AD40A06A-77AB-4E2E-B2AA-FDE106A9977A}) (Version: 5.8.56000.8 - Suyin Optronics Corp.)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3212 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3212 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1217720241-2428502982-640143140-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-08-2014 17:14:07 Windows Update
28-08-2014 21:22:56 Installed iTOK Backup
28-08-2014 21:30:52 Pre-PCC
28-08-2014 22:19:00 Pre-PCC
11-09-2014 19:41:16 Windows Update
15-09-2014 16:06:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {37594AE3-C893-43DA-9613-C58AF6147B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14] (Google Inc.)
Task: {93DCADC2-7E43-4604-9CA8-A7E18B0BDB14} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {CBA7E2B1-C4A9-4326-BD51-AD08B6CC7714} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {EC378BED-4317-4178-B962-835CAA13CB8F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {ED8063F1-BB02-41FD-9899-C5F16792332B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-28 18:33 - 2013-01-15 22:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-08-28 18:33 - 2013-04-02 00:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-08-28 18:33 - 2013-01-15 22:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-08-28 18:33 - 2012-12-18 16:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-08-28 18:33 - 2013-01-15 22:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-08-28 18:30 - 2013-07-23 11:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2013-03-12 16:55 - 2005-04-22 00:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2012-04-14 17:15 - 2012-04-14 17:15 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-04-14 17:15 - 2012-04-14 17:15 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2012-04-14 16:50 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-19 23:20 - 2012-04-14 17:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2012-04-14 17:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-08-28 18:55 - 2013-12-18 09:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2010-12-14 14:05 - 2010-12-14 14:05 - 00173856 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2014-02-06 12:32 - 2014-02-06 12:32 - 00142336 _____ () C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
2014-09-23 09:55 - 2014-09-23 09:55 - 00043008 _____ () c:\users\msjeanig\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjivxts.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\libcef.dll
2012-04-14 17:15 - 2012-04-14 17:15 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-03-12 16:54 - 2009-02-27 19:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-11-10 14:46 - 2010-11-10 14:46 - 00097280 _____ () C:\Program Files (x86)\iTOK\Customer\pixolut.itoknet.ClientLibs.dll
2010-11-10 14:46 - 2010-11-10 14:46 - 00049664 _____ () C:\Program Files (x86)\iTOK\Customer\CustomerClientWS.dll
2010-11-10 14:46 - 2010-11-10 14:46 - 00091136 _____ () C:\Program Files (x86)\iTOK\Customer\MenrvaClient.dll
2014-09-19 11:46 - 2014-09-19 11:46 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0c4b6ee55651bc9b7e92acc78a250540\IsdiInterop.ni.dll
2012-04-14 16:50 - 2011-02-18 04:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-28 18:30 - 2013-07-23 11:28 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2014-08-28 18:30 - 2013-07-23 11:28 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\msjeanig\Desktop\owl.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 09:56:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 09:41:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 08:56:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 08:06:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 05:44:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 01:00:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 10:38:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 00:07:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2014 10:15:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/23/2014 09:55:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 09:40:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 08:55:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 08:07:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (09/22/2014 08:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 07:08:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 05:42:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 00:59:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 10:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/22/2014 00:05:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (09/23/2014 09:56:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 09:41:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 08:56:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 08:06:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 05:44:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 01:00:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 10:38:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 00:07:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2014 10:15:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 6087.86 MB
Available physical RAM: 4136.93 MB
Total Pagefile: 12173.9 MB
Available Pagefile: 10022.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:367.34 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AC638FE9)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 23 September 2014 - 12:09 PM

Hi karenbc,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hwrtpnkl] => C:\Users\msjeanig\AppData\Local\vtohrmxd.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hanfrsfm] => C:\Users\msjeanig\AppData\Local\ofufgnvh.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [oeprohrr] => C:\Users\msjeanig\AppData\Local\irdqrrpk.exe [186368 2014-09-17] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [mpfppkgv] => C:\Users\msjeanig\AppData\Local\ksitevhv.exe [187392 2014-09-21] ()
2014-09-21 22:19 - 2014-09-21 22:19 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\qwfaowdi.exe
2014-09-21 17:42 - 2014-09-21 17:42 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\tbnmxonb.exe
2014-09-17 16:58 - 2014-09-17 16:58 - 00186368 _____ () C:\Users\msjeanig\AppData\Local\irdqrrpk.exe
2014-09-15 15:27 - 2014-09-15 15:27 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\ofufgnvh.exe
2014-09-15 12:13 - 2014-09-15 12:13 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\vtohrmxd.exe
C:\Users\msjeanig\AppData\Local\ksitevhv.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_06d4b26d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_09d17e19.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_0f976d76.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_13a20e0a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_174629f7.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19b89d85.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19c88f36.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_1d7240c0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_25de2140.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_29759abd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2e7ff7e2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_35e6b13c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_38467d60.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_3b099d9f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_461d130f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_491910dd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4aecbfa5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4c1f3fdf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5964e077.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5a8b89d5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5bcdb5e5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c438c2c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c4efd90.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5d121069.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f76fb3b.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6175bb35.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_62d632f2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6cc7539c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6e2cf252.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6f65b733.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_710fc5a0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7d899090.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7e3d86ba.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7ed236da.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_83bcc11d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_86590115.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8796c939.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_898e1d7e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8bd047f3.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_91b1254f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_92c382de.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_95ca48e0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_a4a77eaf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ae52555a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b5e3f1fa.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b691702f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_bc133db5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_be146bd2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c15c5c50.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c1e8b276.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c35c726f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d2363dec.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d5bbe362.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e17e3e4a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e2634a9c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eb784b75.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eca950ce.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ed6f5fbc.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ef752fd8.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f18d2e8d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f3079f4e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ffee3748.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • New FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 September 2014 - 02:10 PM

Here's the new logs:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by msjeanig at 2014-09-23 15:01:58 Run:1
Running from C:\Users\msjeanig\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hwrtpnkl] => C:\Users\msjeanig\AppData\Local\vtohrmxd.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [hanfrsfm] => C:\Users\msjeanig\AppData\Local\ofufgnvh.exe [171008 2014-09-15] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [oeprohrr] => C:\Users\msjeanig\AppData\Local\irdqrrpk.exe [186368 2014-09-17] ()
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [mpfppkgv] => C:\Users\msjeanig\AppData\Local\ksitevhv.exe [187392 2014-09-21] ()
2014-09-21 22:19 - 2014-09-21 22:19 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\qwfaowdi.exe
2014-09-21 17:42 - 2014-09-21 17:42 - 00103424 _____ () C:\Users\msjeanig\AppData\Local\tbnmxonb.exe
2014-09-17 16:58 - 2014-09-17 16:58 - 00186368 _____ () C:\Users\msjeanig\AppData\Local\irdqrrpk.exe
2014-09-15 15:27 - 2014-09-15 15:27 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\ofufgnvh.exe
2014-09-15 12:13 - 2014-09-15 12:13 - 00171008 _____ () C:\Users\msjeanig\AppData\Local\vtohrmxd.exe
C:\Users\msjeanig\AppData\Local\ksitevhv.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_06d4b26d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_09d17e19.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_0f976d76.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_13a20e0a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_174629f7.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19b89d85.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19c88f36.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_1d7240c0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_25de2140.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_29759abd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2e7ff7e2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_35e6b13c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_38467d60.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_3b099d9f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_461d130f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_491910dd.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4aecbfa5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4c1f3fdf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5964e077.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5a8b89d5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5bcdb5e5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c438c2c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c4efd90.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5d121069.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f76fb3b.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6175bb35.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_62d632f2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6cc7539c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6e2cf252.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6f65b733.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_710fc5a0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7d899090.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7e3d86ba.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7ed236da.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_83bcc11d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_86590115.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8796c939.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_898e1d7e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8bd047f3.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_91b1254f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_92c382de.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_95ca48e0.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_a4a77eaf.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ae52555a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b5e3f1fa.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b691702f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_bc133db5.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_be146bd2.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c15c5c50.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c1e8b276.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c35c726f.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d2363dec.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d5bbe362.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e17e3e4a.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e2634a9c.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eb784b75.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eca950ce.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ed6f5fbc.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ef752fd8.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f18d2e8d.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f3079f4e.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ffee3748.exe
*****************

HKU\S-1-5-21-1217720241-2428502982-640143140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hwrtpnkl => value deleted successfully.
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hanfrsfm => value deleted successfully.
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\oeprohrr => value deleted successfully.
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mpfppkgv => Value not found.
C:\Users\msjeanig\AppData\Local\qwfaowdi.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\tbnmxonb.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\irdqrrpk.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\ofufgnvh.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\vtohrmxd.exe => Moved successfully.
"C:\Users\msjeanig\AppData\Local\ksitevhv.exe" => File/Directory not found.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_06d4b26d.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_09d17e19.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_0f976d76.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_13a20e0a.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_174629f7.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19b89d85.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_19c88f36.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_1d7240c0.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_25de2140.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_29759abd.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2e7ff7e2.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_35e6b13c.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_38467d60.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_3b099d9f.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_461d130f.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_491910dd.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4aecbfa5.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4c1f3fdf.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5964e077.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5a8b89d5.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5bcdb5e5.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c438c2c.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5c4efd90.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5d121069.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f76fb3b.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6175bb35.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_62d632f2.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6cc7539c.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6e2cf252.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6f65b733.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_710fc5a0.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7d899090.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7e3d86ba.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_7ed236da.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_83bcc11d.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_86590115.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8796c939.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_898e1d7e.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_8bd047f3.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_91b1254f.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_92c382de.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_95ca48e0.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_a4a77eaf.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ae52555a.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b5e3f1fa.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b691702f.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_bc133db5.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_be146bd2.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c15c5c50.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c1e8b276.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_c35c726f.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d2363dec.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_d5bbe362.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e17e3e4a.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_e2634a9c.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eb784b75.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_eca950ce.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ed6f5fbc.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ef752fd8.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f18d2e8d.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_f3079f4e.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_ffee3748.exe => Moved successfully.

==== End of Fixlog ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by msjeanig (administrator) on MSJEANIG-PC on 23-09-2014 15:03:10
Running from C:\Users\msjeanig\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(iTOK LLC) C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-04-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-14] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HelpDesk] => C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe [206848 2010-11-10] (iTOK LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [vbuqvunw] => C:\Users\msjeanig\AppData\Local\isxrllmd.exe [187392 2014-09-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iTOK Backup Status.lnk
ShortcutTarget: iTOK Backup Status.lnk -> C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe (iTOK)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Quick Send Widget.lnk
ShortcutTarget: Jacquie Lawson Quick Send Widget.lnk -> C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe ()
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ITOK -> {119c49f2-2464-08f3-d1f1-10a44b7155d7} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK2 -> {60847b5b-77fd-f619-8d75-e4954d1dd5ae} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK3 -> {178324b1-a7b6-cf85-046c-c8fe8dad6a7f} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B607C63C-4127-4349-8345-17F5FA377DB9}&mid=83fb3c16d50647d1aa36d1502058a881-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B607C63C-4127-4349-8345-17F5FA377DB9}&mid=83fb3c16d50647d1aa36d1502058a881-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {BEDF120B-0B84-4688-9A22-75B7EADC78DD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&iwk=247&lng=en
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\s812n29t.default-1404073545831
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF Homepage: https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&doSSL=1&siteState=ver%3a4%7crt%3aSTANDARD%7cat%3aSNS%7cld%3amail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aANGELIA%7csnt%3aScreenName%7csid%3a2b5a8f85-18d6-4a25-98cf-0690a7ba33c5&offerId=newmail-en-us-v2&seamless=novl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3Ac1cd3635-e5c4-4b8d-b2ee-f40a8a75544a&locale=us"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchProvider: Default -> McAfee
CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-27]
CHR Extension: (Google Maps) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-09-13]
CHR Extension: (Google Wallet) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 ITOKbackup; C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe [24912 2014-01-09] (iTOK)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ITOKFilter; C:\Windows\System32\DRIVERS\ITOK.sys [67808 2014-01-09] (Mozy, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800576 2010-03-15] (Sonix Technology Co., Ltd.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-07-23] (support.com, Inc)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
U3 tmeevw; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 15:03 - 2014-09-23 15:03 - 00023160 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-23 15:01 - 2014-09-23 15:01 - 00000000 ____D () C:\Users\msjeanig\Desktop\FRST-OlderVersion
2014-09-23 10:55 - 2014-09-23 10:55 - 00187392 _____ () C:\Users\msjeanig\AppData\Local\isxrllmd.exe
2014-09-23 10:43 - 2014-09-23 15:01 - 02106368 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-19 23:42 - 2014-09-23 15:03 - 00000000 ____D () C:\FRST
2014-09-19 22:41 - 2014-09-20 15:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-19 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-19 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 14:22 - 2014-09-19 21:40 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 14:02 - 2014-09-20 21:35 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-19 11:23 - 2014-09-19 16:38 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:20 - 2014-09-19 11:24 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-15 16:14 - 2014-09-22 10:39 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-15 12:19 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 12:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 12:19 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-15 12:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 12:19 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 12:19 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-15 12:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-15 12:19 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 12:19 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 12:19 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 12:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 12:19 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 12:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-15 12:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-15 12:07 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 12:07 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 22:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-13 22:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 15:16 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 15:16 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 15:14 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 15:14 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 15:14 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-03 13:52 - 2014-09-23 10:53 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-08-29 10:49 - 2014-09-23 14:42 - 00005948 _____ () C:\windows\setupact.log
2014-08-29 10:49 - 2014-09-20 15:01 - 00023122 _____ () C:\windows\PFRO.log
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:34 - 2013-12-03 04:57 - 00283160 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00117312 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00085936 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2014-08-28 18:34 - 2013-07-01 09:08 - 00050976 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
2014-08-28 18:34 - 2011-08-22 11:33 - 00105744 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmtdi.sys
2014-08-28 18:33 - 2014-09-21 22:13 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:32 - 2014-09-03 13:53 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 18:32 - 2014-08-28 18:33 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:23 - 2014-01-09 08:52 - 00067808 _____ (Mozy, Inc.) C:\windows\system32\Drivers\ITOK.sys
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 16:59 - 2014-08-28 18:03 - 00000000 ____D () C:\itok
2014-08-28 11:52 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 11:52 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 11:52 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 15:03 - 2014-09-23 15:03 - 00023160 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-23 15:03 - 2014-09-19 23:42 - 00000000 ____D () C:\FRST
2014-09-23 15:01 - 2014-09-23 15:01 - 00000000 ____D () C:\Users\msjeanig\Desktop\FRST-OlderVersion
2014-09-23 15:01 - 2014-09-23 10:43 - 02106368 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-23 14:51 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 14:51 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 14:49 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-23 14:44 - 2012-09-12 20:32 - 00000000 ___RD () C:\Users\msjeanig\Dropbox
2014-09-23 14:44 - 2012-09-12 20:29 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Dropbox
2014-09-23 14:43 - 2012-08-10 03:51 - 02409521 _____ () C:\FaceProv.log
2014-09-23 14:43 - 2012-04-14 17:22 - 00135963 _____ () C:\windows\system32\fastboot.set
2014-09-23 14:43 - 2012-04-14 17:21 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 14:43 - 2012-04-14 17:15 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-23 14:42 - 2014-08-29 10:49 - 00005948 _____ () C:\windows\setupact.log
2014-09-23 14:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-23 13:13 - 2012-04-14 16:46 - 01923588 _____ () C:\windows\WindowsUpdate.log
2014-09-23 12:57 - 2012-04-14 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 10:55 - 2014-09-23 10:55 - 00187392 _____ () C:\Users\msjeanig\AppData\Local\isxrllmd.exe
2014-09-23 10:53 - 2014-09-03 13:52 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-09-22 10:39 - 2014-09-15 16:14 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-21 22:13 - 2014-08-28 18:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-20 23:59 - 2014-08-16 12:37 - 00000000 ____D () C:\Users\msjeanig\Desktop\Siins of Scripture
2014-09-20 21:35 - 2014-09-19 14:02 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-20 18:01 - 2012-08-10 03:55 - 00112592 _____ () C:\Users\msjeanig\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 18:00 - 2009-07-14 00:45 - 00413840 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-20 16:40 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-20 15:14 - 2014-09-19 22:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 15:01 - 2014-08-29 10:49 - 00023122 _____ () C:\windows\PFRO.log
2014-09-20 15:01 - 2013-07-23 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:58 - 2014-01-09 08:52 - 00004774 _____ () C:\windows\ITOK.blk
2014-09-19 21:58 - 2014-01-09 08:52 - 00000208 _____ () C:\windows\ITOK.flt
2014-09-19 21:46 - 2013-12-27 14:41 - 00000000 ____D () C:\Users\msjeanig\Desktop\save for now
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 21:40 - 2014-09-19 14:22 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 16:38 - 2014-09-19 11:23 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:24 - 2014-09-19 11:20 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-19 11:19 - 2013-03-24 10:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 20:53 - 2012-09-12 20:30 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 17:37 - 2012-04-14 17:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 12:18 - 2012-08-10 05:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 12:16 - 2014-02-27 16:23 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-15 12:16 - 2013-08-26 15:07 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 12:09 - 2012-08-29 06:29 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-15 12:07 - 2014-04-30 00:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 10:58 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-08 18:49 - 2013-07-05 18:23 - 00000000 ____D () C:\windows\Minidump
2014-09-08 14:23 - 2014-07-04 16:51 - 00000000 ____D () C:\Users\msjeanig\Desktop\Small group
2014-09-04 22:10 - 2014-09-13 22:19 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-03 14:30 - 2012-02-04 18:06 - 00000000 ____D () C:\Users\msjeanig\Desktop\History of Bible
2014-09-03 13:53 - 2014-08-28 18:32 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:33 - 2014-08-28 18:32 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:33 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 18:05 - 2013-09-07 11:09 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-28 18:03 - 2014-08-28 16:59 - 00000000 ____D () C:\itok
2014-08-28 17:57 - 2013-09-07 18:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-28 17:56 - 2012-08-28 03:42 - 00000000 ___DC () C:\Users\msjeanig\AppData\Local\MigWiz
2014-08-28 17:56 - 2011-02-22 07:19 - 00000000 ____D () C:\windows\Panther
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:53 - 2013-03-23 18:48 - 00000000 __SHD () C:\Users\msjeanig\UserData
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 17:02 - 2013-09-07 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

Some content of TEMP:
====================
C:\Users\msjeanig\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuocpsx.dll
C:\Users\msjeanig\AppData\Local\Temp\iTOK_HelpDesk-4.1.1.0.exe
C:\Users\msjeanig\AppData\Local\Temp\Upd6BBD_FlashPlayer.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_11ea7ead.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2163fbeb.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f5a4148.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6fdac65c.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 18:29

==================== End Of Log ============================



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 23 September 2014 - 02:40 PM

Hi karenbc,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [vbuqvunw] => C:\Users\msjeanig\AppData\Local\isxrllmd.exe [187392 2014-09-23] ()
2014-09-23 10:55 - 2014-09-23 10:55 - 00187392 _____ () C:\Users\msjeanig\AppData\Local\isxrllmd.exe
S4 LMIRfsClientNP; No ImagePath
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
U3 tmeevw; No ImagePath
C:\Users\msjeanig\AppData\Local\Temp\Upd6BBD_FlashPlayer.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_11ea7ead.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2163fbeb.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f5a4148.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6fdac65c.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • AdwCleaner clean log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 September 2014 - 04:15 PM

Hi Toffee,

 

Here's the new logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by msjeanig at 2014-09-23 16:53:36 Run:2
Running from C:\Users\msjeanig\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [vbuqvunw] => C:\Users\msjeanig\AppData\Local\isxrllmd.exe [187392 2014-09-23] ()
2014-09-23 10:55 - 2014-09-23 10:55 - 00187392 _____ () C:\Users\msjeanig\AppData\Local\isxrllmd.exe
S4 LMIRfsClientNP; No ImagePath
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
U3 tmeevw; No ImagePath
C:\Users\msjeanig\AppData\Local\Temp\Upd6BBD_FlashPlayer.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_11ea7ead.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2163fbeb.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f5a4148.exe
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6fdac65c.exe
*****************

HKU\S-1-5-21-1217720241-2428502982-640143140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\vbuqvunw => value deleted successfully.
C:\Users\msjeanig\AppData\Local\isxrllmd.exe => Moved successfully.
LMIRfsClientNP => Service deleted successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
nvUpdatusService => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
Stereo Service => Service deleted successfully.
tmeevw => Service deleted successfully.
C:\Users\msjeanig\AppData\Local\Temp\Upd6BBD_FlashPlayer.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_11ea7ead.exe => Moved successfully.
"C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2163fbeb.exe" => File/Directory not found.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_5f5a4148.exe => Moved successfully.
C:\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6fdac65c.exe => Moved successfully.

==== End of Fixlog ====



# AdwCleaner v3.310 - Report created 23/09/2014 at 17:02:46
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : msjeanig - MSJEANIG-PC
# Running from : C:\Users\msjeanig\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\msjeanig\AppData\LocalLow\Inbox Toolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\moof5vji.default-1395372706321\prefs.js ]


[ File : C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\s812n29t.default-1404073545831\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Ask Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask Web Search");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=BD1D372A-6905-4F51-A03C-4516AD2C1473&n=780c76f3&ind=2014082803&p2=^Y6^xdm003^S10745^us&si=CNGKn-[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.BUTTON_STRUCTURE", "[{\"b\":222194458,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":222194459,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.defaultenginename.prev", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.selectedEngine.prev", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.homepage.prev", "aol.com");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.firstKnownVersion", "6.72.4.55209");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=BD645D0E-3BE3-43A0-BAC5-4B432FCA2D36&n=780c982f&p2=^YK^xdm396^S10503^us&si=b1b");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.guardType", "HPR");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.hp.user.defined", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.installDate", "2014091311");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerId", "^YK^xdm396^S10503^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.partnerSubId", "b1b");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.pixelUrl", "hxxp://totalrecipesearch.dl.tb.ask.com/install_pixels.jhtml?partner=^YK^xdm396^S10503^us&coId=dff58149d7754f428851d7f03392a[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.installation.toolbarId", "BD645D0E-3BE3-43A0-BAC5-4B432FCA2D36");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastActivePing", "1411177738841");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.lastKnownVersion", "6.72.4.55209");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.successUrl", "hxxp://download.totalrecipesearch.com/installComplete.jhtml");
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._14Members_.weather.location", "30622");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.BUTTON_STRUCTURE", "[{\"b\":222262923,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":222262924,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.prev", "hxxp://webmail1.mail.aol.com/38602-111/aol-6/en-us/Suite.aspx");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.firstKnownVersion", "6.66.4.44581");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=BD1D372A-6905-4F51-A03C-4516AD2C1473&n=780c76f3&p2=^Y6^xdm003^S10745^us&si=CNGKn-DWtsACFaVZ7Aodfi[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.guardType", "HPR");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installKeysSource", "Cookies");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2014082803");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm003^S10745^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "CNGKn-DWtsACFaVZ7AodfikAVA");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.pixelUrl", "hxxp://download.fromdoctopdf.com/install_pixels.jhtml?partner=^Y6^xdm003^S10745^us&coId=7a775a5ef95b44f783a0f77734532be6");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "BD1D372A-6905-4F51-A03C-4516AD2C1473");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1409253679099");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastKnownVersion", "6.66.4.44581");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "Lyrics of He Touched Me||Lyrics to He Touched Me||AOL");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.successUrl", "hxxp://download.fromdoctopdf.com/installComplete.jhtml");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "30635");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "totalrecipesearch@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={3FF67791-D250-49AB-B6E2-1B60C199CEC3}&mid=fef6d97eea8747d18517d16b19965a7b-04fed9e49c54cc24ea859d27aecdf88525b757dd&lang=us&ds=AVG&pr=fr&d=2012-03-11 15:56:07&v=10.2.0.3&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://images.google.com/search?hl=en&site=&tbm=isch&source=hp&biw=1600&bih=775&q={searchTerms}&btnG=Search+by+image&oq=Beside+the+Waters+of+Babylon+you-tube&gs_l=img.12...6401.23553.0.26564.40.15.1.24.24.0.159.1841.3j12.15.0...0.0...1ac.1.7.img.7Dnc8lbnt8Q
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12517 octets] - [23/09/2014 17:00:02]
AdwCleaner[S0].txt - [12286 octets] - [23/09/2014 17:02:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12347 octets] ##########
 



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 24 September 2014 - 11:11 AM

Hi karenbc,
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 24 September 2014 - 12:26 PM

Hello Toffee,

Here's the new FRST log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by msjeanig (administrator) on MSJEANIG-PC on 24-09-2014 13:23:02
Running from C:\Users\msjeanig\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe
(Dropbox, Inc.) C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(iTOK LLC) C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(iTOK) C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-04-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-04-14] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HelpDesk] => C:\Program Files (x86)\iTOK\Customer\CustomerClient.exe [206848 2010-11-10] (iTOK LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1217720241-2428502982-640143140-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iTOK Backup Status.lnk
ShortcutTarget: iTOK Backup Status.lnk -> C:\Program Files\iTOK\iTOK Backup\ITOKstat.exe (iTOK)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\msjeanig\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Quick Send Widget.lnk
ShortcutTarget: Jacquie Lawson Quick Send Widget.lnk -> C:\Program Files (x86)\Jacquie Lawson Quick Send Widget\Jacquie Lawson Quick Send Widget.exe ()
Startup: C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ITOK -> {119c49f2-2464-08f3-d1f1-10a44b7155d7} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK2 -> {60847b5b-77fd-f619-8d75-e4954d1dd5ae} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: ITOK3 -> {178324b1-a7b6-cf85-046c-c8fe8dad6a7f} => C:\Program Files\iTOK\iTOK Backup\ITOKshell.dll (iTOK)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKCU - {BEDF120B-0B84-4688-9A22-75B7EADC78DD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\msjeanig\AppData\Roaming\Mozilla\Firefox\Profiles\s812n29t.default-1404073545831
FF Homepage: https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&doSSL=1&siteState=ver%3a4%7crt%3aSTANDARD%7cat%3aSNS%7cld%3amail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aANGELIA%7csnt%3aScreenName%7csid%3a2b5a8f85-18d6-4a25-98cf-0690a7ba33c5&offerId=newmail-en-us-v2&seamless=novl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-08-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3Ac1cd3635-e5c4-4b8d-b2ee-f40a8a75544a&locale=us"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchProvider: Default -> McAfee
CHR DefaultSearchURL: Default -> http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Profile: C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-01-27]
CHR Extension: (Google Maps) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-09-13]
CHR Extension: (Google Wallet) - C:\Users\msjeanig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 ITOKbackup; C:\Program Files\iTOK\iTOK Backup\ITOKbackup.exe [24912 2014-01-09] (iTOK)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ITOKFilter; C:\Windows\System32\DRIVERS\ITOK.sys [67808 2014-01-09] (Mozy, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800576 2010-03-15] (Sonix Technology Co., Ltd.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-07-23] (support.com, Inc)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 13:23 - 2014-09-24 13:23 - 00021229 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-23 17:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-23 16:59 - 2014-09-23 17:02 - 00000000 ____D () C:\AdwCleaner
2014-09-23 16:57 - 2014-09-23 16:57 - 01373475 _____ () C:\Users\msjeanig\Desktop\AdwCleaner.exe
2014-09-23 15:03 - 2014-09-23 15:03 - 00046812 _____ () C:\Users\msjeanig\Desktop\old1-FRST.txt
2014-09-23 15:01 - 2014-09-24 13:22 - 00000000 ____D () C:\Users\msjeanig\Desktop\FRST-OlderVersion
2014-09-23 10:43 - 2014-09-24 13:22 - 02106880 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-20 16:53 - 2014-09-23 15:52 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-19 23:42 - 2014-09-24 13:23 - 00000000 ____D () C:\FRST
2014-09-19 22:41 - 2014-09-20 15:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-19 22:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-19 22:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 14:22 - 2014-09-19 21:40 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 14:02 - 2014-09-20 21:35 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-19 11:23 - 2014-09-19 16:38 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:20 - 2014-09-19 11:24 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-15 16:14 - 2014-09-22 10:39 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-15 12:19 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 12:19 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 12:19 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-15 12:19 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 12:19 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 12:19 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 12:19 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 12:19 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-15 12:19 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 12:19 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-15 12:19 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-15 12:19 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-15 12:19 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 12:19 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 12:19 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 12:19 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 12:19 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-15 12:19 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-15 12:19 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 12:19 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 12:19 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 12:19 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 12:19 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 12:19 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 12:19 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 12:19 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 12:19 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-15 12:19 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 12:19 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-15 12:19 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-15 12:07 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 12:07 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 22:19 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-13 22:19 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 15:16 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 15:16 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 15:14 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 15:14 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 15:14 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 15:14 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 15:14 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-03 13:52 - 2014-09-23 10:53 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-08-29 10:49 - 2014-09-23 17:03 - 00023432 _____ () C:\windows\PFRO.log
2014-08-29 10:49 - 2014-09-23 17:03 - 00006060 _____ () C:\windows\setupact.log
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:34 - 2013-12-03 04:57 - 00283160 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00117312 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmactmon.sys
2014-08-28 18:34 - 2013-12-03 04:57 - 00085936 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmevtmgr.sys
2014-08-28 18:34 - 2013-07-01 09:08 - 00050976 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\TMEBC64.sys
2014-08-28 18:34 - 2011-08-22 11:33 - 00105744 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmtdi.sys
2014-08-28 18:33 - 2014-09-21 22:13 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:32 - 2014-09-03 13:53 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-28 18:32 - 2014-08-28 18:33 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:23 - 2014-01-09 08:52 - 00067808 _____ (Mozy, Inc.) C:\windows\system32\Drivers\ITOK.sys
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 16:59 - 2014-08-28 18:03 - 00000000 ____D () C:\itok
2014-08-28 11:52 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 11:52 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 11:52 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 13:23 - 2014-09-24 13:23 - 00021229 _____ () C:\Users\msjeanig\Desktop\FRST.txt
2014-09-24 13:23 - 2014-09-19 23:42 - 00000000 ____D () C:\FRST
2014-09-24 13:22 - 2014-09-23 15:01 - 00000000 ____D () C:\Users\msjeanig\Desktop\FRST-OlderVersion
2014-09-24 13:22 - 2014-09-23 10:43 - 02106880 _____ (Farbar) C:\Users\msjeanig\Desktop\FRST64.exe
2014-09-24 12:33 - 2012-04-14 17:21 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 11:50 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-24 11:48 - 2012-08-10 03:51 - 02424359 _____ () C:\FaceProv.log
2014-09-24 11:48 - 2012-04-14 17:15 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-23 17:11 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:11 - 2009-07-14 00:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:08 - 2012-04-14 16:46 - 01964076 _____ () C:\windows\WindowsUpdate.log
2014-09-23 17:04 - 2012-09-12 20:32 - 00000000 ___RD () C:\Users\msjeanig\Dropbox
2014-09-23 17:04 - 2012-09-12 20:29 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Dropbox
2014-09-23 17:04 - 2012-04-14 17:22 - 00133833 _____ () C:\windows\system32\fastboot.set
2014-09-23 17:04 - 2012-04-14 17:21 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 17:03 - 2014-08-29 10:49 - 00023432 _____ () C:\windows\PFRO.log
2014-09-23 17:03 - 2014-08-29 10:49 - 00006060 _____ () C:\windows\setupact.log
2014-09-23 17:03 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-23 17:02 - 2014-09-23 16:59 - 00000000 ____D () C:\AdwCleaner
2014-09-23 16:57 - 2014-09-23 16:57 - 01373475 _____ () C:\Users\msjeanig\Desktop\AdwCleaner.exe
2014-09-23 15:52 - 2014-09-20 16:53 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\TeamViewer
2014-09-23 15:03 - 2014-09-23 15:03 - 00046812 _____ () C:\Users\msjeanig\Desktop\old1-FRST.txt
2014-09-23 10:53 - 2014-09-03 13:52 - 00231960 _____ () C:\windows\RegBootClean64.exe
2014-09-22 10:39 - 2014-09-15 16:14 - 00000000 ____D () C:\Users\msjeanig\Desktop\Performers
2014-09-21 22:13 - 2014-08-28 18:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-20 23:59 - 2014-08-16 12:37 - 00000000 ____D () C:\Users\msjeanig\Desktop\Siins of Scripture
2014-09-20 21:35 - 2014-09-19 14:02 - 00000000 ____D () C:\Users\msjeanig\Desktop\refurbish
2014-09-20 18:01 - 2012-08-10 03:55 - 00112592 _____ () C:\Users\msjeanig\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 18:00 - 2009-07-14 00:45 - 00413840 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-20 16:53 - 2014-09-20 16:53 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-20 16:53 - 2014-09-20 16:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-20 16:40 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-09-20 15:14 - 2014-09-19 22:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 15:01 - 2013-07-23 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 22:41 - 2014-09-19 22:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 22:41 - 2014-09-19 22:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 22:03 - 2014-09-19 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 21:58 - 2014-01-09 08:52 - 00004774 _____ () C:\windows\ITOK.blk
2014-09-19 21:58 - 2014-01-09 08:52 - 00000208 _____ () C:\windows\ITOK.flt
2014-09-19 21:46 - 2013-12-27 14:41 - 00000000 ____D () C:\Users\msjeanig\Desktop\save for now
2014-09-19 21:42 - 2014-09-19 21:42 - 00001564 _____ () C:\Users\msjeanig\Desktop\Institute.lnk
2014-09-19 21:40 - 2014-09-19 14:22 - 00000000 ____D () C:\Users\msjeanig\Desktop\November Second Sunday
2014-09-19 17:43 - 2014-09-19 17:43 - 00001447 _____ () C:\Users\msjeanig\Desktop\previous Second Sundays.lnk
2014-09-19 16:38 - 2014-09-19 11:23 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-09-19 11:24 - 2014-09-19 11:20 - 00021528 _____ () C:\windows\DCEBoot64.exe
2014-09-19 11:19 - 2013-03-24 10:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 20:53 - 2012-09-12 20:30 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 17:37 - 2012-04-14 17:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-15 12:18 - 2012-08-10 05:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 12:16 - 2014-02-27 16:23 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-15 12:16 - 2013-08-26 15:07 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 12:09 - 2012-08-29 06:29 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-15 12:07 - 2014-04-30 00:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 10:58 - 2009-07-14 01:08 - 00032594 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-08 18:49 - 2014-09-08 18:49 - 488922776 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:49 - 2014-09-08 18:49 - 00262144 _____ () C:\windows\Minidump\090814-20404-01.dmp
2014-09-08 18:49 - 2013-07-05 18:23 - 00000000 ____D () C:\windows\Minidump
2014-09-08 14:23 - 2014-07-04 16:51 - 00000000 ____D () C:\Users\msjeanig\Desktop\Small group
2014-09-04 22:10 - 2014-09-13 22:19 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-03 14:30 - 2012-02-04 18:06 - 00000000 ____D () C:\Users\msjeanig\Desktop\History of Bible
2014-09-03 13:53 - 2014-08-28 18:32 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-08-29 10:49 - 2014-08-29 10:49 - 00000000 _____ () C:\windows\setuperr.log
2014-08-28 18:38 - 2014-08-28 18:38 - 00000000 ___HD () C:\TMRescueDisk
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-08-28 18:34 - 2014-08-28 18:34 - 00000000 ____D () C:\Users\msjeanig\AppData\Local\Trend Micro
2014-08-28 18:33 - 2014-08-28 18:33 - 00003280 _____ () C:\windows\System32\Tasks\Titanium BTC
2014-08-28 18:33 - 2014-08-28 18:33 - 00000059 _____ () C:\windows\system32\SupportTool.exe.bat
2014-08-28 18:33 - 2014-08-28 18:32 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-28 18:33 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-08-28 18:31 - 2014-08-28 18:31 - 00000036 _____ () C:\Users\msjeanig\AppData\Local\housecall.guid.cache
2014-08-28 18:05 - 2013-09-07 11:09 - 00001945 _____ () C:\windows\epplauncher.mif
2014-08-28 18:03 - 2014-08-28 16:59 - 00000000 ____D () C:\itok
2014-08-28 17:57 - 2013-09-07 18:54 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-28 17:56 - 2012-08-28 03:42 - 00000000 ___DC () C:\Users\msjeanig\AppData\Local\MigWiz
2014-08-28 17:56 - 2011-02-22 07:19 - 00000000 ____D () C:\windows\Panther
2014-08-28 17:53 - 2014-08-28 17:53 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 17:53 - 2014-08-28 17:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 17:53 - 2013-03-23 18:48 - 00000000 __SHD () C:\Users\msjeanig\UserData
2014-08-28 17:31 - 2014-08-28 17:31 - 00000218 _____ () C:\Users\msjeanig\Desktop\AOL - News, Sports, Weather, Entertainment, Local & Lifestyle.URL
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK Backup
2014-08-28 17:23 - 2014-08-28 17:23 - 00000000 ____D () C:\Program Files\iTOK
2014-08-28 17:18 - 2014-08-28 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTOK HelpDesk
2014-08-28 17:17 - 2014-08-28 17:17 - 00000000 ____D () C:\Program Files (x86)\iTOK
2014-08-28 17:02 - 2013-09-07 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

Some content of TEMP:
====================
C:\Users\msjeanig\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpullfce.dll
C:\Users\msjeanig\AppData\Local\Temp\iTOK_HelpDesk-4.1.1.0.exe
C:\Users\msjeanig\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-19 18:29

==================== End Of Log ============================



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 25 September 2014 - 10:53 AM

Hi karenbc,
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------

This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 26 September 2014 - 06:53 PM

Hi Toffee,

When I ran the Emisoft scan, it found 28 items, about half of which were items that were quarantined by FRST, and the others all showed a Risk Level of "no risk". Since none of the items appeared to be active threats, I didn't quarantine any of them. I'm not sure if that was the right decision, but I figured I could always go back and run it again if you need me to.

Here are the logs from Emisoft and ESET that you requested:

Emsisoft Emergency Kit - Version 9.0
Last update: 9/26/2014 10:50:41 AM
User account: msjeanig-PC\msjeanig

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/26/2014 10:52:37 AM
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\irdqrrpk.exe.xBAD     detected: Trojan.GenericKD.1868981 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\ofufgnvh.exe.xBAD     detected: Gen:Variant.Kazy.455812 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\qwfaowdi.exe.xBAD     detected: Trojan.GenericKD.1875778 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\tbnmxonb.exe.xBAD     detected: Trojan.GenericKDZ.25978 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe.xBAD     detected: Trojan.GenericKD.1876142 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe.xBAD     detected: Trojan.GenericKD.1876142 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe.xBAD     detected: Trojan.GenericKD.1876757 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe.xBAD     detected: Trojan.GenericKD.1876623 (B)
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\vtohrmxd.exe.xBAD     detected: Gen:Variant.Kazy.455812 (B)
C:\itok\passrec.zip -> mspass.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> dialupass.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> mailpv.exe     detected: Gen:Application.Heur.gq1@kacXtUjO (B)
C:\itok\passrec.zip -> netpass.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> astlog.exe     detected: Application.Nirsoft.AsteriskLogger.A (B)
C:\itok\passrec.zip -> rdpv.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> iepv.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> PstPassword.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> PasswordFox.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> ChromePass.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> WirelessKeyView.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec.zip -> VNCPassView.exe     detected: Gen:Application.Heur.dq0@kyQo7tdO (B)
C:\itok\passrec.zip -> OperaPassView.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec\ChromePass.exe     detected: Riskware.Win32.PSWTool.ChromePass (A)
C:\itok\passrec\mailpv.exe     detected: Gen:Application.Heur.gq1@kacXtUjO (B)
C:\itok\passrec\netpass.exe     detected: Riskware.Win32.NetPass (A)
C:\itok\passrec\PasswordFox.exe     detected: Application.Nirsoft.K (B)
C:\itok\passrec\pspv.exe     detected: Riskware.Win32.PSWTool (A)
C:\itok\passrec\WirelessKeyView.exe     detected: Application.Nirsoft.K (B)

Scanned    238710
Found    28

Scan end:    9/26/2014 12:41:59 PM
Scan time:    1:49:22

ESET scan log:

C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\ofufgnvh.exe.xBAD    Win32/TrojanDownloader.Zortob.F trojan   
C:\$Recycle.Bin\S-1-5-21-1217720241-2428502982-640143140-1001\$RTUYBUF\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\irdqrrpk.exe.xBAD    a variant of Win32/Kryptik.CLYM trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\qwfaowdi.exe.xBAD    a variant of Win32/Injector.BMFX trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\tbnmxonb.exe.xBAD    a variant of Win32/Injector.BMFX trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\vtohrmxd.exe.xBAD    Win32/TrojanDownloader.Zortob.F trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_2465a9db.exe.xBAD    a variant of Win32/Injector.BMIZ trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_4e6b1e5d.exe.xBAD    a variant of Win32/Injector.BMIZ trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_6befe492.exe.xBAD    a variant of Win32/Injector.BMIJ trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\msjeanig\AppData\Local\Temp\UpdateFlashPlayer_b09172df.exe.xBAD    a variant of Win32/Injector.BMIZ trojan    cleaned by deleting - quarantined
C:\itok\passrec.zip    Win32/MPass.A potentially unsafe application    deleted - quarantined
C:\itok\passrec\ChromePass.exe    Win32/PSWTool.ChromePass.A potentially unsafe application    deleted - quarantined
C:\itok\passrec\mailpv.exe    a variant of Win32/PSWTool.MailPassView.E potentially unsafe application    deleted - quarantined
C:\itok\passrec\netpass.exe    a variant of Win32/NetPass.AA potentially unsafe application    deleted - quarantined
C:\itok\passrec\PasswordFox.exe    Win32/PSWTool.PassFox.D potentially unsafe application    deleted - quarantined
C:\itok\passrec\pspv.exe    Win32/PassView.163 potentially unsafe application    deleted - quarantined
C:\itok\passrec\RouterPassView.exe    a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application    deleted - quarantined
C:\itok\passrec\WebBrowserPassView.exe    a variant of Win32/PSWTool.WebBrowserPassView.B potentially unsafe application    deleted - quarantined
C:\itok\passrec\WirelessKeyView.exe    a variant of Win32/WirelessKeyView.A potentially unsafe application    deleted - quarantined
C:\Users\msjeanig\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AMMYY_Admin.exe    a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application    deleted - quarantined
C:\Users\msjeanig\Desktop\refurbish\cleaning\Firefox_Setup.exe    a variant of Win32/InstallCore.QC potentially unwanted application    deleted - quarantined
C:\Users\msjeanig\Videos\MailNotifier.exe    Win32/Toolbar.Crawler.B potentially unwanted application    deleted - quarantined

 



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:03 AM

Posted 27 September 2014 - 11:42 AM

Hi karenbc,
 
That looks good.
 
How is your computer running now?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 karenbc

karenbc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 27 September 2014 - 04:30 PM

Hi Toffee,

 

I don't seem to be having the problem with the UpdateFlashPlayer thing wanting to make changes to the computer, and I haven't noticed any other odd behavior. Do you think we've rooted out all the nastiness?

 

Thanks,

Karen






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users