Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiply malware including one that redirects web content


  • This topic is locked This topic is locked
42 replies to this topic

#1 llaffer

llaffer

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 21 November 2014 - 09:39 AM

Another one that I get frequently is "FlashUpdate_xxxxxxx.exe" wants to run, do you want it to?  And I keep saying no, and it just continually pops up until it gets to the point where it loses focus and I just leave it sitting there until I can get to do a reboot.

 

I've also noticed that out of 4gig RAM, a clean boot will have more than 3gig used, even though Task Manager Processes tab shows no program is using more than 100meg immediately after system comes up.  So at least 2gig of memory is being used but not reported by Task Manager.  I don't know if this is malware related or not, just something that I've noticed as of late.  As a result, an increased number of swaps to virtual memory, which further slows the machine down.

 

I've run MalwareBytes and Microsoft Security Essentials before to try to clean it, but it always comes back.

 

I've run the DDS program and here are the logs below.  Thanks for any help you can offer in getting this system back to normal.

 

---- DDS.txt ---

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.51.2
Run by Jesse at 8:28:16 on 2014-11-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4087.1092 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\System32\snmp.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AirPrint\airprint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PCMeter\PCMeterV0.4.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
G:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Program Files (x86)\GOG.com\GOG.com Downloader.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
G:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Users\Jesse\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Origin\Origin.exe
G:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Users\Jesse\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
G:\Program Files\Steam\bin\steamwebhelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
C:\Windows\V0220Mon.exe
C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
G:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
G:\Program Files\Agent\agent.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
G:\Program Files\Unicode by Name\uibn.exe
C:\Windows\SysWOW64\Adobe\Director\SwDnld.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "G:\Program Files\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Google Update] "C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AnyDVD] "G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
uRun: [GOG.com Downloader] C:\Program Files (x86)\GOG.com\GOG.com Downloader.exe
uRun: [uTorrent] "C:\Users\Jesse\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
uRun: [Amazon Cloud Player] "C:\Users\Jesse\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ALconnect] "C:\Users\Jesse\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" /showminimized
uRun: [Otvlics] regsvr32.exe C:\Users\Jesse\AppData\Local\Otvlics\ASMoper216A.dll
uRun: [Exthtion] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jesse\AppData\Local\Ejshtion\CNBP_153.DLL
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [V0220Mon.exe] C:\Windows\V0220Mon.exe
mRun: [V0220Cfg.exe] V0220Cfg.exe /d:7
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
StartupFolder: C:\Users\Jesse\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jesse\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\Users\Jesse\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - G:\Program Files\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Jesse\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\UIBN-S~1.LNK - G:\Program Files\Unicode by Name\uibn.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{8C6CBA27-85CA-494F-8FD0-CBF5CA5E30C3} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{8C6CBA27-85CA-494F-8FD0-CBF5CA5E30C3} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{BE934C29-DEA5-420A-B41B-433C47F4D0B1} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC280278-0AA1-4EA8-8E9D-4F3C791692CA} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
Handler-: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler-: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 192.95.55.228 www.google-analytics.com.
Hosts: 192.95.55.228 google-analytics.com.
Hosts: 192.95.55.228 connect.facebook.net.
Hosts: 85.25.107.66 www.google-analytics.com.
Hosts: 85.25.107.66 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=kwd&n=77de8542&searchfor=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jesse\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Jesse\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jesse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
FF - plugin: g:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: g:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - ExtSQL: !HIDDEN! 1970-05-30 01:01; {2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}; -
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-1-5 132704]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-9-27 31136]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s --> C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-6-16 219360]
R2 EventService;MR APP Event Service;C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [2012-10-3 30208]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2012-5-18 7680]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 125584]
R2 NoIPDUCService3;No-IP DUC Service;C:\Program Files (x86)\No-IP\DUC30.exe -service --> C:\Program Files (x86)\No-IP\DUC30.exe -service [?]
R2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2011-6-16 88064]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TransferService;MR APP Transfer Service;C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [2012-10-3 33280]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-3-21 270336]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-16 176640]
R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2011-6-16 17392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-16 239616]
R3 V0220Dev;Live! Cam Video IM;C:\Windows\System32\drivers\V0220Dev.sys [2012-2-24 194592]
R3 V0220Vfx;V0220Vfx;C:\Windows\System32\drivers\V0220Vfx.sys [2012-2-24 10752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2012-4-15 1071032]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-9-11 21712]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-8-7 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-8-7 9800]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-8-6 23040]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-2-23 1900400]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2010-2-19 20024]
S3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\System32\drivers\PPortJoy64.sys [2010-2-19 39992]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-4-24 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-4-24 9584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-7 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-5 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-12-18 113936]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-7-22 89232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-16 1255736]
S4 minecraft;Minecraft Server;"java.exe" "-classpath" "G:\Program Files\Minecraft Server\yajsw\wrapper.jar" "-Xrs" "-Dwrapper.service=true" "-Djna.tmpdir=G:\Program Files\Minecraft Server\yajsw\bat\/../tmp" "-Dwrapper_home=G:\Program Files\Minecraft Server\yajsw\bat\/.." "-Dwrapper.config=G:\Program Files\Minecraft Server\yajsw\conf\wrapper.conf" "-Dwrapper.additional.1x=-Xrs" "-Djna.tmpdir=G:\Program Files\Minecraft Server\yajsw\bat\..\tmp" "org.rzo.yajsw.boot.WrapperServiceBooter"  --> java.exe [?]
.
=============== Created Last 30 ================
.
2014-11-21 09:39:40    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6BD7299D-6846-4C78-8D8F-4377BF7E2C6E}\gapaengine.dll
2014-11-21 09:39:20    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F25EF113-5BB4-43CB-98AC-F5D8DE086A1C}\mpengine.dll
2014-11-21 01:54:38    --------    d-----w-    C:\Users\Jesse\AppData\Local\GamParse
2014-11-20 08:30:28    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47DD6505-0254-42B3-850D-6259A7F531FB}\gapaengine.dll
2014-11-20 08:29:38    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-20 02:27:32    --------    d-----w-    C:\Users\Jesse\AppData\Roaming\Owzyix
2014-11-19 22:30:28    877056    ----a-w-    C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB439.exe
2014-11-19 09:53:27    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-19 09:53:27    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-19 09:53:27    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-19 09:53:24    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-19 00:54:15    562368    ----a-w-    C:\Windows\System32\RAMMap.exe
2014-11-15 15:45:43    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-15 15:45:15    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-15 15:45:15    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-15 15:45:15    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-15 15:45:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-11-15 15:45:14    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-14 16:26:14    --------    d-----w-    C:\Crash
2014-11-14 15:13:13    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 15:13:13    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-12 17:15:00    --------    d-sh--w-    C:\Users\Jesse\AppData\Local\EmieBrowserModeList
2014-11-12 15:28:43    --------    d-----w-    C:\Users\Jesse\AppData\Local\Acelogix
2014-11-12 15:00:11    --------    d-----w-    C:\Program Files\Ace Utilities
2014-11-12 08:57:10    4918960    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-12 03:58:29    304640    ----a-w-    C:\Windows\System32\generaltel.dll
2014-11-12 03:58:29    228864    ----a-w-    C:\Windows\System32\aepdu.dll
2014-11-12 03:58:28    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-11-12 03:58:10    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-11-12 03:58:09    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 03:58:08    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-11-12 03:58:08    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-11-12 03:58:08    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-11-12 03:58:07    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-11-12 03:58:07    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-11-12 03:58:07    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-11-12 03:58:07    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-11-12 03:53:49    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-11-12 03:51:55    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-11-12 03:51:55    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-11-12 03:51:50    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-12 03:51:43    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-12 03:51:42    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-12 03:49:50    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-12 03:49:50    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-09 21:52:11    --------    d-----w-    C:\Users\Jesse\AppData\Local\Otvlics
2014-11-09 21:51:56    --------    d-----w-    C:\Users\Jesse\AppData\Local\Ejshtion
2014-11-09 21:50:07    2863616    ----a-w-    C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-28 22:50:37    --------    d-----w-    C:\Program Files\iPod
2014-10-28 22:50:34    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 22:50:34    --------    d-----w-    C:\Program Files\iTunes
2014-10-28 22:50:34    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-10-28 22:47:33    --------    d-----w-    C:\Program Files\Bonjour
2014-10-28 22:47:33    --------    d-----w-    C:\Program Files (x86)\Bonjour
2014-10-27 03:32:04    --------    d-----w-    C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2014-10-27 02:50:52    --------    dc-h--w-    C:\Users\Jesse\AppData\Local\{DB57B733-5615-4B98-BB38-D909F548D288}
.
==================== Find3M  ====================
.
2014-11-06 04:04:03    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57    6040064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-06 03:20:18    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-06 03:13:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25    2124288    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49    4298240    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24    2365440    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-06 01:52:35    1892864    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-24 10:22:22    33840    ----a-w-    C:\Windows\SysWow64\RGBAcodec.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\Windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-09-18 02:01:03    98304    ----a-w-    C:\Windows\System32\wudriver.dll
2014-09-18 02:01:03    2631680    ----a-w-    C:\Windows\System32\wucltux.dll
2014-09-18 02:01:03    191488    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-09-18 02:00:34    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-09-18 01:33:16    92672    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2014-09-18 01:33:16    173056    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2014-09-18 01:32:41    33792    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2011-07-18 14:43:03    161744    ----a-w-    C:\Program Files (x86)\u4res.dll
.
============= FINISH:  8:33:06.97 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 22 November 2014 - 11:29 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 22 November 2014 - 12:36 PM

Thanks.  Here are the requested files:

 

--- FRST.TXT ---

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 01
Ran by Jesse (administrator) on DALE on 22-11-2014 11:30:32
Running from G:\Video Workspace
Loaded Profile: Jesse (Available profiles: Jesse)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(FileZilla Project) G:\Program Files\FileZilla Server\FileZilla Server.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files (x86)\No-IP\DUC30.exe
(AddGadgets) C:\Program Files\PCMeter\PCMeterV0.4.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Valve Corporation) G:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alexander Nikiforov) C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Phase Five Systems) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
(GOG.com) C:\Program Files (x86)\GOG.com\GOG.com Downloader.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(SlySoft, Inc.) G:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Users\Jesse\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
() G:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Koninklijke Philips N.V.) C:\Users\Jesse\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Valve Corporation) G:\Program Files\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
(Creative Technology Ltd.) C:\Windows\V0220Mon.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(MagicISO, Inc.) G:\Program Files\MagicDisc\MagicDisc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Forte Internet Software Inc.) G:\Program Files\Agent\agent.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
() G:\Video Workspace\unicode-input-by-name\uibn.exe
(Mozilla Corporation) G:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
() C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2337.exe
(Mozilla Corporation) G:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [346320 2009-08-04] (DeviceVM, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [V0220Mon.exe] => C:\Windows\V0220Mon.exe [32768 2006-06-29] (Creative Technology Ltd.)
HKLM-x32\...\Run: [V0220Cfg.exe] => V0220Cfg.exe /d:7
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Steam] => G:\Program Files\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [MP3 Skype Recorder] => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Google Update] => C:\Users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-11] (Google Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Facebook Update] => C:\Users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [AnyDVD] => G:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Jump Desktop] => C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [424040 2012-05-18] (Phase Five Systems)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [GOG.com Downloader] => C:\Program Files (x86)\GOG.com\GOG.com Downloader.exe [496440 2013-10-22] (GOG.com)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [uTorrent] => C:\Users\Jesse\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-27] (BitTorrent Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Amazon Cloud Player] => C:\Users\Jesse\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-08] (Electronic Arts)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [ALconnect] => C:\Users\Jesse\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [1399320 2014-10-09] (Koninklijke Philips N.V.)
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Otvlics] => regsvr32.exe C:\Users\Jesse\AppData\Local\Otvlics\ASMoper216A.dll <===== ATTENTION
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Exthtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jesse\AppData\Local\Ejshtion\CNBP_153.DLL
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\MountPoints2: {52652f47-b459-11e3-af4b-00158315a310} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.exe
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\MountPoints2: {c4cb8021-c86c-11e2-bc2a-00158315a310} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.exe
HKU\S-1-5-18\...\Run: [MP3 Skype Recorder] => C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-17] (Alexander Nikiforov)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> G:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uibn - Shortcut.lnk
ShortcutTarget: uibn - Shortcut.lnk -> G:\Program Files\Unicode by Name\uibn.exe ()
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41C6566B672CCC01
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM-x32 -> {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=sb&n=77de8542&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 -> DefaultScope {8E85BC49-581E-48f9-BD7B-E36EF397B624} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 -> {5D1A4046-1829-4c49-8BF4-83120C985BC1} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 -> {8E85BC49-581E-48f9-BD7B-E36EF397B624} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 -> {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL =
BHO: Privacy Safeguard BHO -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Privacy Safeguard BHO -> {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} -> C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8C6CBA27-85CA-494F-8FD0-CBF5CA5E30C3}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BE934C29-DEA5-420A-B41B-433C47F4D0B1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EC280278-0AA1-4EA8-8E9D-4F3C791692CA}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default
FF SelectedSearchEngine: My Way
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=kwd&n=77de8542&searchfor=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> g:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> g:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jesse\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @talk.google.com/O1DPlugin -> C:\Users\Jesse\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jesse\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jesse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3722519254-1352899033-3042310236-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jesse\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\searchplugins\Guffins.xml
FF Extension: Sync Setup Folder - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\Extensions\{2E98A9CB-D47B-B054-EF4E-26606BBBC8F8} [2014-11-09]
FF Extension: EPUBReader - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-27]
FF Extension: MEGA EXTENSION - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2013-04-12]
FF Extension: Save Images - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\Extensions\[email protected][2013-05-31]
FF Extension: VideoGet FireFox extension - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\Extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi [2012-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - g:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - g:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-19]
FF StartMenuInternet: FIREFOX.EXE - g:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (YouTube) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Privacy SafeGuard) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh [2012-12-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-10-17]
CHR Extension: (Gmail) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - g:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2012-11-13] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [30208 2012-10-03] () [File not signed]
R2 FileZilla Server; G:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JumpDesktop; C:\Program Files (x86)\Jump Desktop\JumpService.exe [7680 2012-05-18] (Phase Five Systems) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NoIPDUCService3; C:\Program Files (x86)\No-IP\DUC30.exe [1423520 2010-06-18] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-08] (Electronic Arts)
S2 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [88064 2009-10-22] () [File not signed]
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [33280 2012-10-03] (Microsoft) [File not signed]
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S4 minecraft; "java.exe" "-classpath" "G:\Program Files\Minecraft Server\yajsw\wrapper.jar" "-Xrs" "-Dwrapper.service=true" "-Djna.tmpdir=G:\Program Files\Minecraft Server\yajsw\bat\/../tmp" "-Dwrapper_home=G:\Program Files\Minecraft Server\yajsw\bat\/.." "-Dwrapper.config=G:\Program Files\Minecraft Server\yajsw\conf\wrapper.conf" "-Dwrapper.additional.1x=-Xrs" "-Djna.tmpdir=G:\Program Files\Minecraft Server\yajsw\bat\..\tmp" "org.rzo.yajsw.boot.WrapperServiceBooter"

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-09-27] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20024 2010-02-19] (Deon van der Westhuysen)
S3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39992 2010-02-19] (Deon van der Westhuysen)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2009-07-14] (Windows ® Codename Longhorn DDK provider)
R3 V0220Dev; C:\Windows\System32\DRIVERS\V0220Dev.sys [194592 2006-06-29] (Creative Technology Ltd.)
R3 V0220Vfx; C:\Windows\System32\DRIVERS\V0220Vfx.sys [10752 2006-06-08] (EyePower Games Pte. Ltd.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S4 ALSysIO; \??\C:\Users\Jesse\AppData\Local\Temp\ALSysIO64.sys [X]
S4 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S4 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S4 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S4 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S1 llsiuqcg; \??\C:\Windows\system32\drivers\llsiuqcg.sys [X]
S4 slb; \??\G:\Games\ScarletBlade\avital\scarlb64.sys [X]
S4 vmci; system32\DRIVERS\vmci.sys [X]
S4 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Jesse\AppData\Local\Temp\tmp4628.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 11:30 - 2014-11-22 11:30 - 00000000 ____D () C:\FRST
2014-11-21 08:33 - 2014-11-21 08:33 - 00033845 _____ () C:\Users\Jesse\Desktop\dds.txt
2014-11-21 08:33 - 2014-11-21 08:33 - 00029111 _____ () C:\Users\Jesse\Desktop\attach.txt
2014-11-21 08:18 - 2014-11-21 08:18 - 00688992 ____R (Swearware) C:\Users\Jesse\Downloads\dds.com
2014-11-20 20:35 - 2014-11-20 20:35 - 00001021 _____ () C:\Users\Jesse\Desktop\SupRip.lnk
2014-11-20 19:54 - 2014-11-20 19:54 - 00000000 ____D () C:\Users\Jesse\AppData\Local\GamParse
2014-11-20 19:53 - 2014-11-20 19:53 - 00597504 _____ () C:\Users\Jesse\Downloads\GamParse-1.0.5-Test.exe
2014-11-19 20:27 - 2014-11-19 20:27 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Owzyix
2014-11-19 03:53 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 03:53 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 03:53 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 03:53 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:54 - 2013-10-31 15:18 - 00562368 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\RAMMap.exe
2014-11-15 09:45 - 2014-11-18 18:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-15 09:45 - 2014-11-15 09:45 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 09:45 - 2014-11-15 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-15 09:45 - 2014-11-15 09:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-15 09:45 - 2014-11-15 09:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 09:45 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-15 09:45 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-15 09:45 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-15 09:44 - 2014-11-15 09:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jesse\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-14 11:54 - 2014-11-19 18:59 - 00007916 _____ () C:\Windows\PFRO.log
2014-11-14 10:26 - 2014-11-14 10:26 - 00000000 ____D () C:\Crash
2014-11-14 09:13 - 2014-11-22 10:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 09:13 - 2014-11-14 09:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 09:13 - 2014-11-14 09:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 09:13 - 2014-11-14 09:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-13 22:34 - 2014-11-13 22:34 - 00000000 _____ () C:\autoexec.bat
2014-11-13 22:32 - 2014-11-13 22:32 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Jesse\Downloads\SpyHunter-Installer.exe
2014-11-13 13:20 - 2014-11-13 13:20 - 00000022 _____ () C:\Users\Jesse\Documents\activelink shipping.txt
2014-11-12 11:15 - 2014-11-12 11:15 - 00000000 __SHD () C:\Users\Jesse\AppData\Local\EmieBrowserModeList
2014-11-12 10:04 - 2014-11-20 03:26 - 00000616 _____ () C:\Windows\setupact.log
2014-11-12 10:04 - 2014-11-12 10:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 09:28 - 2014-11-12 09:28 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Acelogix
2014-11-12 09:00 - 2014-11-15 13:24 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-12 09:00 - 2014-11-12 09:00 - 00003092 _____ () C:\Windows\System32\Tasks\AceUtilsSkipUAC
2014-11-12 09:00 - 2014-11-12 09:00 - 00002051 _____ () C:\Users\Jesse\Desktop\Ace Utilities.lnk
2014-11-12 09:00 - 2014-11-12 09:00 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2014-11-12 09:00 - 2014-11-12 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities
2014-11-12 09:00 - 2014-11-12 09:00 - 00000000 ____D () C:\Program Files\Ace Utilities
2014-11-12 08:59 - 2014-11-12 08:59 - 08974824 _____ (Acelogix Software) C:\Users\Jesse\Downloads\aceutils.exe
2014-11-12 02:57 - 2014-11-12 02:57 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-11 21:58 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:58 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:58 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:58 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:58 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:58 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:58 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:58 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:58 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:58 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:58 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:58 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:56 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:56 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:56 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:56 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:56 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:56 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:56 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:56 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:56 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:56 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:56 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:56 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:56 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:56 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:56 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:56 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:56 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:56 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:56 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:56 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:56 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:56 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:56 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:56 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:56 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:56 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:56 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:56 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:56 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:56 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:56 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:56 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:56 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:56 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:56 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:56 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:56 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:56 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:56 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:56 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:56 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:56 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:56 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:56 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:56 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:56 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:56 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:56 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:56 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:56 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:56 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:56 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:56 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:56 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:56 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:56 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:53 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:53 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:53 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:53 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:53 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:53 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:53 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:53 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:53 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:53 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 21:53 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:53 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:53 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:53 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:53 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:53 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:51 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:51 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:51 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:51 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:51 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:49 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:49 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 19:43 - 2014-11-11 19:43 - 00004894 _____ () C:\Users\Jesse\Downloads\Game_Theory_Intro_Science_Blaster_Chiptune_Tuesday_For_Clarinet.mxl
2014-11-11 14:13 - 2014-11-11 14:13 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2014-11-09 16:05 - 2014-11-11 16:13 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-09 15:52 - 2014-11-09 15:52 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Otvlics
2014-11-09 15:51 - 2014-11-18 18:34 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Ejshtion
2014-11-08 20:21 - 2014-11-08 20:21 - 00001548 _____ () C:\Users\Public\Desktop\Crusader No Remorse.lnk
2014-11-08 20:21 - 2014-11-08 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader No Remorse
2014-10-28 16:53 - 2014-10-28 16:53 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-28 16:53 - 2014-10-28 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-28 16:50 - 2014-10-28 16:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 16:50 - 2014-10-28 16:53 - 00000000 ____D () C:\Program Files\iTunes
2014-10-28 16:50 - 2014-10-28 16:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-28 16:50 - 2014-10-28 16:50 - 00000000 ____D () C:\Program Files\iPod
2014-10-28 16:48 - 2014-10-28 16:48 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-28 16:48 - 2014-10-28 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-28 16:48 - 2014-10-28 16:48 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-28 16:47 - 2014-10-28 16:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-28 16:47 - 2014-10-28 16:47 - 00000000 ____D () C:\Program Files\Bonjour
2014-10-28 16:47 - 2014-10-28 16:47 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-10-26 20:59 - 2014-10-26 20:59 - 00000000 ____D () C:\Windows\System32\Tasks\PCMeter
2014-10-26 20:50 - 2014-10-26 20:50 - 00000000 __HDC () C:\Users\Jesse\AppData\Local\{DB57B733-5615-4B98-BB38-D909F548D288}
2014-10-26 20:50 - 2014-10-26 20:50 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ActiveLink Connect
2014-10-26 09:34 - 2014-10-26 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-25 19:28 - 2014-10-25 19:28 - 00000000 ____D () C:\Users\Jesse\Documents\Full Bore

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 11:32 - 2011-06-16 20:30 - 00000000 ____D () C:\Users\Jesse\Documents\Outlook Files
2014-11-22 11:08 - 2012-07-22 20:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000UA.job
2014-11-22 10:59 - 2011-10-08 18:48 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000UA.job
2014-11-22 10:38 - 2011-07-25 23:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 10:27 - 2011-06-16 16:22 - 01616610 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 09:46 - 2011-06-16 14:53 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0E59B33-4D0D-4166-8B1B-54D6218EB73D}
2014-11-21 19:38 - 2011-07-25 23:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 19:13 - 2012-02-14 14:43 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CrashDumps
2014-11-21 18:53 - 2011-06-16 18:46 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\HandBrake
2014-11-21 16:59 - 2011-10-08 18:48 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000Core.job
2014-11-21 13:08 - 2012-07-22 20:49 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000Core.job
2014-11-21 12:51 - 2014-10-02 08:54 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\unicode-input-by-name
2014-11-21 08:40 - 2014-03-13 21:03 - 00000419 _____ () C:\Windows\BRWMARK.INI
2014-11-21 08:20 - 2014-04-03 12:25 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Skype
2014-11-21 07:49 - 2011-06-16 10:21 - 00000000 ____D () C:\Users\Jesse\Documents\MetaX
2014-11-21 07:48 - 2014-01-31 17:20 - 00002585 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaX.lnk
2014-11-21 07:48 - 2014-01-31 17:20 - 00002573 _____ () C:\Users\Public\Desktop\MetaX.lnk
2014-11-21 07:48 - 2014-01-31 17:20 - 00000000 ____D () C:\Program Files (x86)\MetaX
2014-11-20 23:21 - 2012-04-16 09:22 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\X-Chat 2
2014-11-20 19:57 - 2011-07-08 17:03 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Deployment
2014-11-20 16:18 - 2011-06-16 18:52 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\uTorrent
2014-11-20 15:02 - 2014-07-04 12:31 - 00000000 ____D () C:\Users\Jesse\Documents\Visual Studio 2013
2014-11-20 14:32 - 2011-06-18 21:28 - 00016238 _____ () C:\Users\Jesse\_viminfo
2014-11-20 14:32 - 2011-06-16 14:42 - 00000000 ____D () C:\Users\Jesse
2014-11-20 08:15 - 2011-06-29 19:30 - 00000000 ___RD () C:\Users\Jesse\Dropbox
2014-11-20 08:15 - 2011-06-29 19:27 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Dropbox
2014-11-20 08:11 - 2013-04-25 10:11 - 00654923 _____ () C:\Users\Jesse\Network_Meter_Data.js
2014-11-20 08:11 - 2012-06-20 19:26 - 00000000 ___RD () C:\Users\Jesse\Google Drive
2014-11-20 08:09 - 2014-02-23 19:44 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-20 08:09 - 2011-07-08 17:04 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Apps\2.0
2014-11-20 03:35 - 2009-07-13 22:45 - 00023408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 03:35 - 2009-07-13 22:45 - 00023408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 03:26 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 03:21 - 2013-04-25 10:13 - 00000030 _____ () C:\Users\Jesse\AppData\Roaming\Network Meter_Usage.ini
2014-11-19 20:04 - 2011-07-16 12:29 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\FileZilla
2014-11-19 19:08 - 2014-01-07 14:16 - 00007158 _____ () C:\Users\Jesse\IP_Log_Data.js
2014-11-19 16:14 - 2011-07-25 23:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-19 14:57 - 2011-06-18 22:31 - 00000000 ____D () C:\Users\Jesse\AppData\Local\QuickPar
2014-11-18 21:11 - 2012-05-22 19:41 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\TS3Client
2014-11-18 18:01 - 2014-02-23 19:45 - 00000000 ____D () C:\ProgramData\Origin
2014-11-18 13:12 - 2014-03-21 16:48 - 00000349 _____ () C:\Windows\BRRBCOM.INI
2014-11-17 13:49 - 2012-01-23 07:31 - 00000000 ____D () C:\Users\Jesse\Documents\Visual Studio 2008
2014-11-14 19:43 - 2011-06-29 19:30 - 00001013 _____ () C:\Users\Jesse\Desktop\Dropbox.lnk
2014-11-14 19:43 - 2011-06-29 19:28 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 09:12 - 2014-08-22 10:57 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Adobe
2014-11-14 08:49 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 19:33 - 2011-07-25 23:38 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 19:33 - 2011-07-25 23:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 13:03 - 2012-07-22 20:49 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000UA
2014-11-12 13:03 - 2012-07-22 20:49 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000Core
2014-11-12 12:04 - 2014-05-28 10:36 - 00000000 ____D () C:\Users\Jesse\work
2014-11-12 10:26 - 2011-06-16 14:59 - 00002722 _____ () C:\Windows\System32\Tasks\Core Temp Autostart
2014-11-12 10:23 - 2014-01-10 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-11-12 10:23 - 2014-01-04 02:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
2014-11-12 10:23 - 2013-10-15 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-11-12 10:23 - 2013-06-01 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-11-12 10:23 - 2013-02-04 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageBreeze
2014-11-12 10:23 - 2012-10-31 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Able MIDI Editor 1.32
2014-11-12 10:23 - 2012-07-31 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-11-12 10:23 - 2012-07-22 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2014-11-12 10:23 - 2012-05-20 16:13 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-11-12 10:23 - 2011-07-05 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
2014-11-12 10:23 - 2011-06-17 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GiftBoxPlus
2014-11-12 10:13 - 2009-07-13 23:13 - 00853806 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 09:30 - 2011-06-16 17:17 - 00000000 ____D () C:\Windows\Panther
2014-11-12 09:18 - 2013-02-04 14:52 - 00000000 ____D () C:\Program Files (x86)\PageBreeze
2014-11-12 09:18 - 2012-09-04 00:57 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 09:18 - 2012-01-09 21:38 - 00000000 ____D () C:\Users\Jesse\AppData\Local\CutePDF Writer
2014-11-12 07:54 - 2011-06-16 14:52 - 00139952 _____ () C:\Users\Jesse\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 04:50 - 2011-06-16 22:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:51 - 2009-07-13 22:45 - 05035000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:43 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:25 - 2011-06-16 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:19 - 2013-07-29 15:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:04 - 2011-06-16 17:01 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 19:45 - 2012-02-15 16:28 - 00000000 ____D () C:\Users\Jesse\Documents\Finale Files
2014-11-11 17:00 - 2012-04-18 08:58 - 00000000 ____D () C:\Users\Jesse\Documents\Quicken
2014-11-11 14:13 - 2012-03-04 00:55 - 00000690 _____ () C:\Users\Jesse\Desktop\Handbrake.lnk
2014-11-08 20:38 - 2011-06-30 08:04 - 00000768 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-11-08 20:21 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-08 20:19 - 2014-02-23 19:48 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-06 16:52 - 2011-07-04 14:46 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Audacity
2014-11-05 16:33 - 2012-06-20 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 00:02 - 2011-07-11 20:06 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Mozilla
2014-10-31 20:39 - 2012-02-09 21:11 - 00000000 ____D () C:\temp
2014-10-30 05:25 - 2011-06-16 15:51 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 16:46 - 2011-06-17 10:18 - 00000000 ____D () C:\ProgramData\Apple
2014-10-28 16:27 - 2011-06-17 10:36 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Apple Computer
2014-10-28 16:26 - 2012-10-08 09:21 - 00000000 ____D () C:\Program Files\PCMeter
2014-10-28 16:04 - 2014-10-15 08:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-28 14:50 - 2012-09-22 08:50 - 00000000 ____D () C:\Users\Jesse\AppData\Local\8ECBDEFE-74A7-4FA4-9BA8-B492B9D425CC.aplzod
2014-10-27 13:22 - 2012-12-12 19:11 - 00000000 ____D () C:\GOG Games
2014-10-27 13:22 - 2012-12-12 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-10-27 13:18 - 2014-04-15 10:16 - 00000000 ____D () C:\scan
2014-10-26 20:56 - 2012-10-08 09:20 - 00000624 _____ () C:\Users\Jesse\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-26 20:45 - 2014-09-28 08:45 - 00000000 __HDC () C:\Users\Jesse\AppData\Local\~0
2014-10-26 09:34 - 2014-07-21 07:44 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-26 09:34 - 2014-07-21 07:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-26 09:34 - 2011-06-16 21:09 - 00000000 ____D () C:\ProgramData\Skype
2014-10-25 08:48 - 2014-10-14 22:12 - 00000000 ____D () C:\Users\Public\Documents\Lightworks

Files to move or delete:
====================
C:\Users\Jesse\IP_Log_Data.js
C:\Users\Jesse\jagex_cl_speccollect_LIVE.dat
C:\Users\Jesse\Network_Meter_Data.js
C:\Users\Jesse\random.dat
C:\Users\Jesse\reg.reg

Some content of TEMP:
====================
C:\Users\Jesse\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_eaz8s.dll
C:\Users\Jesse\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Jesse\AppData\Local\Temp\UpdateFlashPlayer_6935a665.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 00:01

==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 22 November 2014 - 01:08 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

Hosts:
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Otvlics] => regsvr32.exe C:\Users\Jesse\AppData\Local\Otvlics\ASMoper216A.dll <===== ATTENTION
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Exthtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jesse\AppData\Local\Ejshtion\CNBP_153.DLL
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 llsiuqcg; \??\C:\Windows\system32\drivers\llsiuqcg.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Jesse\AppData\Local\Temp\tmp4628.tmp [X]
2014-11-19 20:27 - 2014-11-19 20:27 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Owzyix
2014-11-09 15:52 - 2014-11-09 15:52 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Otvlics
2014-11-09 15:51 - 2014-11-18 18:34 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Ejshtion
CustomCLSID: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D030000000300000018B1828CA09A000CC67F88ED2A2A9672CB414E79AC0E9BFAE9ABDB880360 (the data entry has 8 more characters).
AlternateDataStreams: C:\ProgramData\TEMP:E965A533
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 22 November 2014 - 03:00 PM

After rebooting, here is the requested file:

 

--- FIXLOG.TXT ---

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by Jesse at 2014-11-22 13:27:35 Run:1
Running from G:\Video Workspace\malware bleep
Loaded Profile: Jesse (Available profiles: Jesse)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Hosts:
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Otvlics] => regsvr32.exe C:\Users\Jesse\AppData\Local\Otvlics\ASMoper216A.dll <===== ATTENTION
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\...\Run: [Exthtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jesse\AppData\Local\Ejshtion\CNBP_153.DLL
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 llsiuqcg; \??\C:\Windows\system32\drivers\llsiuqcg.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Jesse\AppData\Local\Temp\tmp4628.tmp [X]
2014-11-19 20:27 - 2014-11-19 20:27 - 00000000 ____D () C:\Users\Jesse\AppData\Roaming\Owzyix
2014-11-09 15:52 - 2014-11-09 15:52 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Otvlics
2014-11-09 15:51 - 2014-11-18 18:34 - 00000000 ____D () C:\Users\Jesse\AppData\Local\Ejshtion
CustomCLSID: HKU\S-1-5-21-3722519254-1352899033-3042310236-1000_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D030000000300000018B1828CA09A000CC67F88ED2A2A9672CB414E79AC0E9BFAE9ABDB880360 (the data entry has 8 more characters).
AlternateDataStreams: C:\ProgramData\TEMP:E965A533
EmptyTemp:
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Otvlics => value deleted successfully.
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Exthtion => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
llsiuqcg => Service deleted successfully.
WinRing0_1_2_0 => Unable to stop service
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Jesse\AppData\Roaming\Owzyix => Moved successfully.
C:\Users\Jesse\AppData\Local\Otvlics => Moved successfully.
C:\Users\Jesse\AppData\Local\Ejshtion => Moved successfully.
"HKU\S-1-5-21-3722519254-1352899033-3042310236-1000_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}" => Key deleted successfully.
C:\ProgramData\TEMP => ":E965A533" ADS removed successfully.
EmptyTemp: => Removed 3.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 22 November 2014 - 03:35 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 22 November 2014 - 05:40 PM

Here are the results from ComboFix:

 

----------

 

ComboFix 14-11-18.01 - Jesse 11/22/2014  15:50:52.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4087.1114 [GMT -6:00]
Running from: g:\video workspace\malware bleep\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\GuffinsEI
c:\program files\PrivacySafeGuard\PrIVacysafeguard-x64.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_ctypes.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_elementtree.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_hashlib.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_multiprocessing.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_socket.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\_ssl.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\hashobjs_ext.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\pyexpat.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\pysqlite2._sqlite.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\python27.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\pythoncom27.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\PyWinTypes27.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\select.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\unicodedata.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32api.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32com.shell.shell.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32crypt.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32event.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32file.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32gui.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32inet.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32pdh.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32pipe.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32process.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32profile.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32security.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\win32ts.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\windows._lib_cacheinvalidation.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._animate.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._controls_.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._core_.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._gdi_.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._html2.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._misc_.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._windows_.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wx._wizard.pyd
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxbase294u_net_vc90.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxbase294u_vc90.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxmsw294u_adv_vc90.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxmsw294u_core_vc90.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxmsw294u_html_vc90.dll
c:\users\Jesse\AppData\Local\Temp\_MEI36042\wxmsw294u_webview_vc90.dll
c:\users\Jesse\AppData\Roaming\Love
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-1.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-2.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-3.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\1-4.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\icon.png
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\settings.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\dlc_scienceandstuff\version.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\mappacks\smb\1-1.txt
c:\users\Jesse\AppData\Roaming\Love\mari0\options.txt
c:\users\Jesse\AppData\Roaming\poclbm
c:\users\Jesse\AppData\Roaming\poclbm\poclbm.ini
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
G:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-22 to 2014-11-22  )))))))))))))))))))))))))))))))
.
.
2014-11-22 22:12 . 2014-11-22 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-22 17:30 . 2014-11-22 19:33 -------- d-----w- C:\FRST
2014-11-22 09:38 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA75D255-ACD3-49F1-A4BE-363159E72D23}\mpengine.dll
2014-11-22 01:28 . 2014-11-22 01:28 160120 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp2337.exe
2014-11-21 22:43 . 2014-11-21 22:43 915456 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmpEB90.exe
2014-11-21 09:39 . 2014-09-17 09:03 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BD7299D-6846-4C78-8D8F-4377BF7E2C6E}\gapaengine.dll
2014-11-21 09:39 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-21 01:54 . 2014-11-21 01:54 -------- d-----w- c:\users\Jesse\AppData\Local\GamParse
2014-11-19 22:30 . 2014-11-19 22:30 877056 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmpB439.exe
2014-11-19 09:53 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 09:53 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 09:53 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 09:53 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 00:54 . 2013-10-31 21:18 562368 ----a-w- c:\windows\system32\RAMMap.exe
2014-11-15 15:45 . 2014-11-19 00:01 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-15 15:45 . 2014-10-01 17:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-15 15:45 . 2014-10-01 17:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-15 15:45 . 2014-10-01 17:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-15 15:45 . 2014-11-15 15:45 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-15 15:45 . 2014-11-15 15:45 -------- d-----w- c:\programdata\Malwarebytes
2014-11-14 16:26 . 2014-11-14 16:26 -------- d-----w- C:\Crash
2014-11-14 15:13 . 2014-11-14 15:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 15:13 . 2014-11-14 15:13 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 17:15 . 2014-11-12 17:15 -------- d-sh--w- c:\users\Jesse\AppData\Local\EmieBrowserModeList
2014-11-12 15:28 . 2014-11-12 15:28 -------- d-----w- c:\users\Jesse\AppData\Local\Acelogix
2014-11-12 15:00 . 2014-11-12 15:00 -------- d-----w- c:\program files\Ace Utilities
2014-11-12 08:57 . 2014-11-12 08:57 4918960 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-12 03:58 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 03:58 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 03:58 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 03:58 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 03:58 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 03:58 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 03:58 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 03:58 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 03:58 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 03:58 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 03:58 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 03:58 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-12 03:53 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 03:51 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 03:51 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 03:51 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 03:51 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 03:51 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 03:49 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 03:49 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-09 21:50 . 2014-11-09 21:50 2863616 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-28 22:50 . 2014-10-28 22:50 -------- d-----w- c:\program files\iPod
2014-10-28 22:50 . 2014-10-28 22:53 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-28 22:50 . 2014-10-28 22:53 -------- d-----w- c:\program files\iTunes
2014-10-28 22:50 . 2014-10-28 22:53 -------- d-----w- c:\program files (x86)\iTunes
2014-10-28 22:48 . 2014-10-28 22:48 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-10-28 22:47 . 2014-10-28 22:50 -------- d-----w- c:\program files\Common Files\Apple
2014-10-28 22:47 . 2014-10-28 22:47 -------- d-----w- c:\program files\Bonjour
2014-10-28 22:47 . 2014-10-28 22:47 -------- d-----w- c:\program files (x86)\Bonjour
2014-10-27 03:32 . 2014-10-27 03:32 -------- d-----w- c:\windows\system32\wbem\Framework\root\OpenHardwareMonitor
2014-10-27 02:50 . 2014-10-27 02:50 -------- dc-h--w- c:\users\Jesse\AppData\Local\{DB57B733-5615-4B98-BB38-D909F548D288}
2014-10-26 15:34 . 2014-10-26 15:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-22 22:00 . 2013-04-25 16:11 655053 ----a-w- c:\users\Jesse\Network_Meter_Data.js
2014-11-22 19:48 . 2014-01-07 20:16 7249 ----a-w- c:\users\Jesse\IP_Log_Data.js
2014-11-12 09:04 . 2011-06-16 23:01 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2011-06-16 21:51 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-14 08:02 . 2014-07-04 18:32 1125760 ----a-w- c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2014-09-25 02:08 . 2014-09-30 19:18 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 19:18 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 10:22 . 2014-09-24 10:22 33840 ----a-w- c:\windows\SysWow64\RGBAcodec.dll
2014-09-18 02:01 . 2014-10-02 04:02 37376 ----a-w- c:\windows\system32\wups2.dll
2014-09-18 02:01 . 2014-10-02 04:02 35328 ----a-w- c:\windows\system32\wups.dll
2014-09-18 02:01 . 2014-10-02 04:02 98304 ----a-w- c:\windows\system32\wudriver.dll
2014-09-18 02:01 . 2014-10-02 04:02 694784 ----a-w- c:\windows\system32\wuapi.dll
2014-09-18 02:01 . 2014-10-02 04:02 2631680 ----a-w- c:\windows\system32\wucltux.dll
2014-09-18 02:01 . 2014-10-02 04:02 191488 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-18 02:01 . 2014-10-02 04:02 2527232 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-18 02:00 . 2014-10-02 04:02 51200 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-18 02:00 . 2014-10-02 04:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-09-18 01:33 . 2014-10-02 04:02 28672 ----a-w- c:\windows\SysWow64\wups.dll
2014-09-18 01:33 . 2014-10-02 04:02 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-09-18 01:33 . 2014-10-02 04:02 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-09-18 01:33 . 2014-10-02 04:02 565760 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-09-18 01:32 . 2014-10-02 04:02 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-09-17 09:03 . 2011-08-12 03:27 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 13:47 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 00:06 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 00:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-15 00:50 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-15 00:50 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-15 00:50 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 00:50 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 00:51 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2011-07-18 14:43 . 2011-11-08 00:19 161744 ----a-w- c:\program files (x86)\u4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}]
2012-08-08 05:07 88576 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\program files\Steam\Steam.exe" [2014-11-18 1940160]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"AnyDVD"="g:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2014-11-08 109480]
"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]
"uTorrent"="c:\users\Jesse\AppData\Roaming\uTorrent\uTorrent.exe" [2014-10-28 1385808]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2012-08-29 95744]
"Amazon Cloud Player"="c:\users\Jesse\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-01-14 3140608]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-11-09 3618648]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22066272]
"ALconnect"="c:\users\Jesse\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2014-10-09 1399320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe" [2014-03-06 2086568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-29 32768]
"V0220Cfg.exe"="V0220Cfg.exe" [2006-04-14 20480]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-31 766208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2014-06-16 139776]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-07-31 3084288]
"EaseUS EPM Tray Agent"="c:\program files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe" [2014-02-13 254024]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
.
c:\users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jesse\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2012-8-29 656896]
MagicDisc.lnk - g:\program files\MagicDisc\MagicDisc.exe [2011-6-19 576000]
uibn - Shortcut.lnk - g:\program files\Unicode by Name\uibn.exe [2014-10-2 47616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2014-3-4 3576440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys;c:\windows\SYSNATIVE\DRIVERS\PPJoyBus64.sys [x]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys;c:\windows\SYSNATIVE\DRIVERS\PPortJoy64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ALSysIO;ALSysIO;c:\users\Jesse\AppData\Local\Temp\ALSysIO64.sys;c:\users\Jesse\AppData\Local\Temp\ALSysIO64.sys [x]
R4 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R4 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R4 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R4 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R4 minecraft;Minecraft Server;java.exe -classpath g:\program files\Minecraft Server\yajsw\wrapper.jar;java.exe -classpath g:\program files\Minecraft Server\yajsw\wrapper.jar [x]
R4 slb;slb;g:\games\ScarletBlade\avital\scarlb64.sys;g:\games\ScarletBlade\avital\scarlb64.sys [x]
R4 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AirPrint;AirPrint;c:\program files (x86)\AirPrint\airprint.exe;c:\program files (x86)\AirPrint\airprint.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 EventService;MR APP Event Service;c:\program files (x86)\MR APP\MRAPP.Event.Service.exe;c:\program files (x86)\MR APP\MRAPP.Event.Service.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]
S2 NoIPDUCService3;No-IP DUC Service;c:\program files (x86)\No-IP\DUC30.exe;c:\program files (x86)\No-IP\DUC30.exe [x]
S2 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 TransferService;MR APP Transfer Service;c:\program files (x86)\MR APP\MRAPP.Transfer.Service.exe;c:\program files (x86)\MR APP\MRAPP.Transfer.Service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys;c:\windows\SYSNATIVE\DRIVERS\V0220Dev.sys [x]
S3 V0220Vfx;V0220Vfx;c:\windows\system32\DRIVERS\V0220Vfx.sys;c:\windows\SYSNATIVE\DRIVERS\V0220Vfx.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Jesse\AppData\Local\Temp\tmp1718.tmp;c:\users\Jesse\AppData\Local\Temp\tmp1718.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTKIO
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-19 21:40 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14 15:13]
.
2014-11-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000Core.job
- c:\users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-09 21:54]
.
2014-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000UA.job
- c:\users\Jesse\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-09 21:54]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 23:27]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 23:27]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000Core.job
- c:\users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 18:11]
.
2014-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3722519254-1352899033-3042310236-1000UA.job
- c:\users\Jesse\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-11-09 21:50 3855872 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Jesse\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{8C6CBA27-85CA-494F-8FD0-CBF5CA5E30C3}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{BE934C29-DEA5-420A-B41B-433C47F4D0B1}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EC280278-0AA1-4EA8-8E9D-4F3C791692CA}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=kwd&n=77de8542&searchfor=
FF - ExtSQL: !HIDDEN! 1970-05-30 01:01; {2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}; -
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
Wow6432Node-HKCU-Run-GOG.com Downloader - c:\program files (x86)\GOG.com\GOG.com
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SpyHunter - c:\users\Jesse\AppData\Roaming\Enigma Software Group\sh_installer.exe
AddRemove-FlowLayoutDemo - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Jesse\AppData\Local\Temp\tmp1718.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3722519254-1352899033-3042310236-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CBD91CA-9A34-4734-9B84-9EC9059E7356}*result ]
@Allowed: (Read) (RestrictedCode)
"AppName"="Roblox.exe"
"Policy"=dword:00000003
"AppPath"="c:\\Users\\Jesse\\AppData\\Local\\Roblox\\Versions\\version-09a201d8e5f247c7\\"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
g:\program files\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2014-11-22  16:33:26 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-22 22:33
.
Pre-Run: 89,680,838,656 bytes free
Post-Run: 88,954,683,392 bytes free
.
- - End Of File - - 5208ECC22F35D4D726D77DA477C81698
A36C5E4F47E84449FF07ED3517B43A31
 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 22 November 2014 - 07:49 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 23 November 2014 - 12:52 AM

There is nothing in the adwCleaner report that I need saved. 

 

Here are the log files:

 

--- AdwCleaner[R0] ---

 

# AdwCleaner v4.101 - Report created 22/11/2014 at 23:07:53
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jesse - DALE
# Running from : G:\Video Workspace\malware bleep\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BCUService

***** [ Files / Folders ] *****

File Found : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\user.js
Folder Found : C:\Program Files (x86)\DeviceVM
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\Jesse\AppData\Local\~0
Folder Found : C:\Users\Jesse\AppData\Local\eSupport.com
Folder Found : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Folder Found : C:\Users\Jesse\AppData\Local\PackageAware
Folder Found : C:\Users\Jesse\AppData\Roaming\NCH Software
Folder Found : C:\Users\Jesse\AppData\Roaming\Strongvault

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\usyndication.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DeviceVM
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{224469FC-D32A-423E-90C3-0F69EF5724B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006BFF73-D6B8-4CC0-A982-1E041D625B08}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v7.0.1 (en-US)

[0e1f69dh.default] - Line Found : user_pref("extensions.Guffins.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&ind=2011071810&osp=mws&ptnrS=YJyyyyyy[...]
[0e1f69dh.default] - Line Found : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=kwd&n=77de8542&s[...]

-\\ Google Chrome v39.0.2171.65

[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [13133 octets] - [22/11/2014 23:07:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13194 octets] ##########
 

 

--- MBAM ---

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/22/2014
Scan Time: 11:14:22 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.23.03
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jesse

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 400234
Time Elapsed: 19 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.PrivacySafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}, Quarantined, [dd525ae5ceaef2440b266b90cf334cb4],
PUP.Optional.PrivacySafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}, Quarantined, [dd525ae5ceaef2440b266b90cf334cb4],
PUP.Optional.PrivacySafeGuard.A, HKU\S-1-5-21-3722519254-1352899033-3042310236-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}, Quarantined, [dd525ae5ceaef2440b266b90cf334cb4],
PUP.Optional.PrivacySafeGuard.A, HKU\S-1-5-21-3722519254-1352899033-3042310236-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}, Quarantined, [dd525ae5ceaef2440b266b90cf334cb4],
PUP.Optional.PrivacySafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1036AD63-AEAC-460B-9060-C96005D4DC86}, Quarantined, [2609ee51cab26bcb89a796652ad808f8],
PUP.Optional.PrivacySafeGuard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0, Quarantined, [09266cd36319e155c449c17962a154ac],

Files: 21
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll, Quarantined, [dd525ae5ceaef2440b266b90cf334cb4],
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\unins000.exe, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\enablebho.exe, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\Install.Stats.Ping.exe, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\pschrome_bunndle-cb_1_1.crx, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Program Files\PrivacySafeGuard\unins000.dat, Quarantined, [65ca87b886f63bfba35a3c7b16ee0df3],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\bg.html, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\bg.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\constants.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\date.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\e.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\icon-128.png, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\icon-256.png, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\icon-26.png, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\jquery-1.5.2.min.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\manifest.json, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\parse_url.js, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\popup.html, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\rr.html, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\rrbullet.png, Quarantined, [09266cd36319e155c449c17962a154ac],
PUP.Optional.PrivacySafeGuard.A, C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\str_replace.js, Quarantined, [09266cd36319e155c449c17962a154ac],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 23 November 2014 - 10:12 AM

How is your computer running now?  Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version and remove any older, insecure versions.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 23 November 2014 - 09:48 PM

I was going to say that I've not yet seen the UpdateFlash thing pop up since we started this, but it popped up again just as I started typing this.  But overall, I think booting time has decrased, it's not using 3gig of RAM on boot anymore (it is down to around 2 to 2.5 gig), and I've not seen any redirects on links either.

 

So we're not 100% yet, but I think things are improving.

 

I have your two log files that you requested, updated to Java 8 update 2x, and uninstalled java 7.

 

It took 10 hours to run that ESET scan ...  whew!

 

Here are the log files

 

--- AdwCleaner[S0] ---

 

# AdwCleaner v4.101 - Report created 23/11/2014 at 10:06:41
# Updated 09/11/2014 by Xplode
# Database : 2014-11-23.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jesse - DALE
# Running from : G:\Video Workspace\malware bleep\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Jesse\AppData\Local\~0
Folder Deleted : C:\Users\Jesse\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Jesse\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jesse\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Jesse\AppData\Roaming\Strongvault
File Deleted : C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\user.js
File Deleted : C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{224469FC-D32A-423E-90C3-0F69EF5724B8}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006BFF73-D6B8-4CC0-A982-1E041D625B08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v7.0.1 (en-US)

[0e1f69dh.default\prefs.js] - Line Deleted : user_pref("extensions.Guffins.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&ind=2011071810&osp=mws&ptnrS=YJyyyyyy[...]
[0e1f69dh.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJyyyyyyB1us&ptb=97500D76-07D2-4CF4-8450-B5A42172D518&psa=&ind=2011071810&ptnrS=YJyyyyyyB1us&si=&st=kwd&n=77de8542&s[...]

-\\ Google Chrome v39.0.2171.65

[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [13503 octets] - [22/11/2014 23:07:53]
AdwCleaner[R1].txt - [13744 octets] - [23/11/2014 09:20:20]
AdwCleaner[S0].txt - [13544 octets] - [23/11/2014 10:06:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13605 octets] ##########
 

 

--- ESET ---

 

C:\AI_RecycleBin\{8AB9A120-A0D4-4F9A-886E-B9C885803000}\3\Strongvault\StrongVaultApp.exe    MSIL/Adware.StrongVault.A application
C:\FRST\Quarantine\C\Users\Jesse\AppData\Local\Ejshtion\CNBP_153.DLL    a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Jesse\AppData\Local\Otvlics\ASMoper216A.dll    a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Jesse\AppData\Roaming\Owzyix\ixame.exe    a variant of Win32/Kryptik.CQTB trojan
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2337.exe    Win32/Boaxxe.BR trojan
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB439.exe    Win32/Simda.B trojan
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEB90.exe    a variant of Win32/Kryptik.CQXB trojan
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmp2337.exe    Win32/Boaxxe.BR trojan
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB439.exe    Win32/Simda.B trojan
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpEB90.exe    a variant of Win32/Kryptik.CQXB trojan
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\extensions\{2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}\components\SyncSetupFolder.js    Win32/Boaxxe.BU trojan
C:\Users\Jesse\Downloads\avc-free.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Jesse\Downloads\cbsidlm-tr1_14-sp30467exe-ORG-111865.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Jesse\Downloads\cdbxp_setup_4.5.1.4003.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Jesse\Downloads\kbsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\Jesse\Downloads\switchsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Jesse\Dropbox\GameCube SD Card\casper-hackmii-fix.zip    probably unknown NewHeur_PE virus
C:\Users\Jesse\Dropbox\GameCube SD Card\Wilbrand GUI.exe    probably unknown NewHeur_PE virus
C:\Users\Jesse\Dropbox\GameCube SD Card\casper\Wilbrand GUI.exe    probably unknown NewHeur_PE virus
C:\Users\Jesse\Dropbox\Installers\winzip160.exe    a variant of Win32/Systweak.L potentially unwanted application
G:\Emulators\Nintendo\8-bit\Zelda Hack\ZeldaC.exe    Win32/HackTool.Patcher.BN potentially unsafe application
G:\Emulators\Sony\Playstation 3\PSeMu3.exe    a variant of MSIL/Hoax.Agent.NAP application
G:\Files\Dreamweaver CS5 Portable\Dreamweaver CS5 Portable.rar    Win32/Boberog.AQ worm
G:\Program Files\RipBot\Tools\Process\Process.exe    Win32/PrcView potentially unsafe application
Operating memory    a variant of Win32/Packed.Themida potentially unwanted application
 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 23 November 2014 - 11:14 PM

How is your computer running now?  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2337.exe    
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB439.exe    
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEB90.exe    
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmp2337.exe    
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB439.exe    
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpEB90.exe    
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\extensions\{2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}\components\SyncSetupFolder.js
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:
  • Fixlog.txt report
  • MBAR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 23 November 2014 - 11:45 PM

I have that scan running and will post the logs when it's done, but while that's going on I have a question.

 

Something new started to happen and I'd like to know if it may be something related to our "fixes" or if something else may be going on.

 

I've had my outlook set up by default to not download embedded images in e-mails.  There are certain e-mails that I get that I trust the images so have them flagged to display right away.  Starting yesterday morning, those e-mails are no longer showing images.  I'm also seeing RSS feeds failing to get updates, as if something may be blocking port 80 in the attempts to receive the image and the feeds.

 

Any ideas?  Thanks.

 

Other than that, I think my system is running better. I didn't look at the memory usage on my last reboot, but next time I do reboot it I'll have a look before launching other applications.

 

EDIT: After the first run of MAR and the reboot, my mail all started working again. Images showed up and my RSS feeds all started working again, so, never mind that :)  MAR is running its second time now and once it comes up with nothing to report, I'll post the logs.  Thanks again.


Edited by llaffer, 24 November 2014 - 09:40 AM.


#14 llaffer

llaffer
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 24 November 2014 - 10:06 AM

OK. Here are the logs from the new set of scans:

 

--- FixLog.txt ---

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01
Ran by Jesse at 2014-11-23 22:32:36 Run:2
Running from G:\Video Workspace\malware bleep
Loaded Profile: Jesse (Available profiles: Jesse)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2337.exe   
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB439.exe   
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEB90.exe   
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmp2337.exe   
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB439.exe   
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpEB90.exe   
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\extensions\{2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}\components\SyncSetupFolder.js
*****************

C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2337.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB439.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEB90.exe => Moved successfully.
"C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll" => File/Directory not found.
"C:\Users\All Users\Microsoft\Secure\Icons\temp\tmp2337.exe" => File/Directory not found.
"C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpB439.exe" => File/Directory not found.
"C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpEB90.exe" => File/Directory not found.
C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0e1f69dh.default\extensions\{2E98A9CB-D47B-B054-EF4E-26606BBBC8F8}\components\SyncSetupFolder.js => Moved successfully.

==== End of Fixlog ====

 

--- MBAR Scan 1 ---

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Jesse :: DALE [administrator]

11/23/2014 10:36:05 PM
mbar-log-2014-11-23 (22-36-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 405785
Time elapsed: 36 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\Users\Jesse\AppData\Local\Ejshtion\tmp1436.exe (Spyware.Zbot.ED) -> 5720 -> Delete on reboot. [3a58f9462854f73f7f71d9ac4abb39c7]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-21-3722519254-1352899033-3042310236-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ejshtion (Spyware.Zbot.ED) -> Data: C:\Users\Jesse\AppData\Local\Ejshtion\tmp1436.exe -> Delete on reboot. [3a58f9462854f73f7f71d9ac4abb39c7]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Jesse\AppData\Local\Ejshtion\tmp1436.exe (Spyware.Zbot.ED) -> Delete on reboot. [3a58f9462854f73f7f71d9ac4abb39c7]
C:\Users\Jesse\AppData\Local\Temp\UpdateFlashPlayer_1a20ad19.exe (Trojan.Zemot) -> Delete on reboot. [e6ac57e8bdbf23135d499e4a29d87888]
C:\Users\Jesse\AppData\Local\Temp\UpdateFlashPlayer_aa30ad37.exe (Trojan.GIFFU.ED) -> Delete on reboot. [bad8fb444339e25493d5876223de57a9]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

--- MBAR Scan 2 ---

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17420
Jesse :: DALE [administrator]

11/24/2014 8:23:18 AM
mbar-log-2014-11-24 (08-23-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 405152
Time elapsed: 40 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 24 November 2014 - 12:28 PM

ComboFix restores quite a few settings to their defaults, so that may be what happened with Outlook and your RSS feeds. Please run another FRST scan for me and post the log so I can make sure nothing else is going on.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users